admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-26T21:00:25.506229+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-26 21:00:29 +00:00
parent 07b2224d5b
commit 9b4d259f07
125 changed files with 913 additions and 310 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2012/CVE-2012-100xx/CVE-2012-10017.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2012-10017",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-26T10:15:07.483",
"lastModified": "2023-12-26T10:15:07.483",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to address this issue. The patch is named 68af950330c3202a706f0ae9bbb52ceaa17dda9d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248955."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en BestWebSoft Portfolio Plugin hasta 2.04 en WordPress. Ha sido clasificada como problem\u00e1tica. Esto afecta a una parte desconocida. La manipulaci\u00f3n conduce a cross-site request forgery. Es posible iniciar el ataque de forma remota. La actualizaci\u00f3n a la versi\u00f3n 2.06 puede solucionar este problema. El parche se llama 68af950330c3202a706f0ae9bbb52ceaa17dda9d. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-248955."
}
],
"metrics": {

4
CVE-2014/CVE-2014-1251xx/CVE-2014-125109.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2014-125109",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-26T15:15:08.010",
"lastModified": "2023-12-26T15:15:08.010",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2015/CVE-2015-101xx/CVE-2015-10127.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-10127",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-26T17:15:07.923",
"lastModified": "2023-12-26T17:15:07.923",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

6
CVE-2016/CVE-2016-108xx/CVE-2016-10890.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2016-10890",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-08-21T19:15:12.340",
"lastModified": "2019-08-22T18:30:11.313",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:activity_log_project:activity_log:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:pojo:activity_log:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.3.2",
"matchCriteriaId": "BAF29181-D6BC-4EF5-B88A-D94FCD5E1589"
"matchCriteriaId": "B5F3A5EB-032F-4CEE-8011-BEBD4E5921B7"
}
]
}

6
CVE-2016/CVE-2016-108xx/CVE-2016-10891.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2016-10891",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-08-21T19:15:12.403",
"lastModified": "2019-08-22T18:30:26.830",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:activity_log_project:activity_log:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:pojo:activity_log:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.3.3",
"matchCriteriaId": "984EC9CF-049B-4E26-8EAC-75B6217B5607"
"matchCriteriaId": "A87B55B8-2D37-4A3C-9B59-529EFD0EC923"
}
]
}

6
CVE-2018/CVE-2018-87xx/CVE-2018-8729.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-8729",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-03-15T17:29:00.210",
"lastModified": "2019-02-28T13:25:58.307",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:activity_log_project:activity_log:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:pojo:activity_log:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.4.1",
"matchCriteriaId": "DEC9B0E5-48E9-47E4-8A8E-452B771F507C"
"matchCriteriaId": "315028FB-E4B7-4F9F-A37A-85B7C0314EDC"
}
]
}

26
CVE-2020/CVE-2020-71xx/CVE-2020-7121.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-7121",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2020-09-23T13:15:16.030",
"lastModified": "2021-07-21T11:39:23.747",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,9 +85,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:aruba:cx_6200f_firmware:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:arubanetworks:cx_6200f_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.04.3021",
"matchCriteriaId": "10FA7A45-DCD7-4FD6-AF8F-3F673E14F504"
"matchCriteriaId": "A77C7E5B-3EAB-4A52-99CF-D2C07B1EA823"
}
]
},
@ -113,9 +113,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:aruba:cx_6300_firmware:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:arubanetworks:cx_6300_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.04.3021",
"matchCriteriaId": "BAF1CE95-3E01-47F6-9784-F0F14758862E"
"matchCriteriaId": "81F5C8F4-D85F-42C9-96F7-CD91DAA94FF0"
}
]
},
@ -141,9 +141,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:aruba:cx_6400_firmware:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:arubanetworks:cx_6400_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.04.3021",
"matchCriteriaId": "12A59D68-3905-4ECB-9C9D-F8B53B6C58C3"
"matchCriteriaId": "C4BC17A7-2155-4A01-837B-05992EABD0D1"
}
]
},
@ -169,9 +169,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:aruba:cx_8320_firmware:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:arubanetworks:cx_8320_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.04.3021",
"matchCriteriaId": "D17E4F12-F8AF-4257-A66F-3D637FD778A4"
"matchCriteriaId": "0123075E-D9A9-46F4-B857-A05ABBED38B5"
}
]
},
@ -197,9 +197,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:aruba:cx_8325_firmware:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:arubanetworks:cx_8325_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.04.3021",
"matchCriteriaId": "60913FA8-2459-4531-9BDA-23CBBD35FF4C"
"matchCriteriaId": "D88D164C-70ED-48F4-BF0D-595A27F81B12"
}
]
},
@ -225,9 +225,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:aruba:cx_8400_firmware:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:arubanetworks:cx_8400_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.04.3021",
"matchCriteriaId": "F25AA559-8957-4A91-9B66-8AEEFE99B9BD"
"matchCriteriaId": "0504A5A3-A49A-4DEA-9B26-85CD6545932B"
}
]
},

26
CVE-2020/CVE-2020-71xx/CVE-2020-7122.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-7122",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2020-09-23T13:15:16.093",
"lastModified": "2021-07-21T11:39:23.747",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,9 +85,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:aruba:cx_6200f_firmware:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:arubanetworks:cx_6200f_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.04.1000",
"matchCriteriaId": "8AAAB31C-A0A1-4D15-841C-05FC8B990DC3"
"matchCriteriaId": "A132767A-E9B9-477E-BAAF-A831694F1FC4"
}
]
},
@ -113,9 +113,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:aruba:cx_6300_firmware:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:arubanetworks:cx_6300_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.04.1000",
"matchCriteriaId": "0B235A1B-2E4D-4E53-BFC2-4837E47F2D50"
"matchCriteriaId": "36CB053C-FA12-4065-BC40-FFE6E0B25B00"
}
]
},
@ -141,9 +141,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:aruba:cx_6400_firmware:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:arubanetworks:cx_6400_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.04.1000",
"matchCriteriaId": "13DEA0B1-4F1E-4CE4-8E9E-30ABE93FDD78"
"matchCriteriaId": "270EC51F-3CEC-45C1-9E0F-5D38EB550106"
}
]
},
@ -169,9 +169,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:aruba:cx_8320_firmware:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:arubanetworks:cx_8320_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.04.1000",
"matchCriteriaId": "5F999F3F-596E-4C70-9CC6-757870D1C42A"
"matchCriteriaId": "CE87AAEE-644E-4699-B639-B4CE94D503A5"
}
]
},
@ -197,9 +197,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:aruba:cx_8325_firmware:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:arubanetworks:cx_8325_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.04.1000",
"matchCriteriaId": "07866896-5774-489B-9760-7E0BA19BE2B8"
"matchCriteriaId": "9A5483EC-74BF-4C0D-A751-23C9ED42E29A"
}
]
},
@ -225,9 +225,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:aruba:cx_8400_firmware:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:arubanetworks:cx_8400_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.04.1000",
"matchCriteriaId": "CBB5C3C1-CEE4-4292-BD22-1F7627250057"
"matchCriteriaId": "B2BFEE7A-D4CC-45BF-B277-8C9849A7F616"
}
]
},

8
CVE-2021/CVE-2021-389xx/CVE-2021-38927.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-38927",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-25T03:15:07.943",
"lastModified": "2023-12-25T03:15:07.943",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322."
},
{
"lang": "es",
"value": "IBM Aspera Console 3.4.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 210322."
}
],
"metrics": {

8
CVE-2022/CVE-2022-342xx/CVE-2022-34267.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-34267",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.200",
"lastModified": "2023-12-25T08:15:07.200",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en RWS WorldServer antes de la versi\u00f3n 11.7.3. Agregar un par\u00e1metro de token con el valor 02 omite todos los requisitos de autenticaci\u00f3n. Se puede cargar y ejecutar c\u00f3digo Java arbitrario a trav\u00e9s de un archivo .jar en el punto final ws-api/v2/customizations/api."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-342xx/CVE-2022-34268.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-34268",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.353",
"lastModified": "2023-12-25T08:15:07.353",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en RWS WorldServer antes de la versi\u00f3n 11.7.3. /clientLogin deserializa los objetos Java sin autenticaci\u00f3n, lo que lleva a ejecuci\u00f3n de comandos en el host."
}
],
"metrics": {},

10
CVE-2022/CVE-2022-34xx/CVE-2022-3458.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3458",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-10-12T07:15:08.947",
"lastModified": "2023-11-07T03:51:16.703",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -60,7 +60,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
@ -79,8 +79,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F568F825-03F3-4EA1-8140-AD0DCA462881"
"criteria": "cpe:2.3:a:oretnom23:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB20CFC6-02D1-4450-93F7-8C2BF9847907"
}
]
}

10
CVE-2022/CVE-2022-34xx/CVE-2022-3470.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3470",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-10-13T04:15:10.663",
"lastModified": "2023-11-07T03:51:17.760",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 3.6
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -60,7 +60,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
@ -79,8 +79,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C133F-B37C-426F-AD4A-AB08AE877278"
"criteria": "cpe:2.3:a:oretnom23:human_resource_management_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81ABE38B-3546-42D5-AE86-792E08CD3472"
}
]
}

10
CVE-2022/CVE-2022-34xx/CVE-2022-3472.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3472",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-10-13T04:15:10.853",
"lastModified": "2023-11-07T03:51:18.063",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 3.6
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -60,7 +60,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
@ -79,8 +79,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C133F-B37C-426F-AD4A-AB08AE877278"
"criteria": "cpe:2.3:a:oretnom23:human_resource_management_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81ABE38B-3546-42D5-AE86-792E08CD3472"
}
]
}

10
CVE-2022/CVE-2022-34xx/CVE-2022-3473.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3473",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-10-13T04:15:10.943",
"lastModified": "2023-11-07T03:51:18.203",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 3.6
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -60,7 +60,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
@ -79,8 +79,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C133F-B37C-426F-AD4A-AB08AE877278"
"criteria": "cpe:2.3:a:oretnom23:human_resource_management_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81ABE38B-3546-42D5-AE86-792E08CD3472"
}
]
}

10
CVE-2022/CVE-2022-34xx/CVE-2022-3492.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3492",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-10-13T16:15:09.470",
"lastModified": "2023-11-07T03:51:19.453",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -60,7 +60,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
@ -79,8 +79,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F568F825-03F3-4EA1-8140-AD0DCA462881"
"criteria": "cpe:2.3:a:oretnom23:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB20CFC6-02D1-4450-93F7-8C2BF9847907"
}
]
}

10
CVE-2022/CVE-2022-34xx/CVE-2022-3493.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3493",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-10-13T16:15:09.560",
"lastModified": "2023-11-07T03:51:19.600",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 2.7
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -60,7 +60,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
@ -79,8 +79,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F568F825-03F3-4EA1-8140-AD0DCA462881"
"criteria": "cpe:2.3:a:oretnom23:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB20CFC6-02D1-4450-93F7-8C2BF9847907"
}
]
}

10
CVE-2022/CVE-2022-34xx/CVE-2022-3496.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3496",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-10-14T07:15:09.277",
"lastModified": "2023-11-07T03:51:19.863",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -70,7 +70,7 @@
]
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
@ -89,8 +89,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F568F825-03F3-4EA1-8140-AD0DCA462881"
"criteria": "cpe:2.3:a:oretnom23:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB20CFC6-02D1-4450-93F7-8C2BF9847907"
}
]
}

10
CVE-2022/CVE-2022-35xx/CVE-2022-3502.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3502",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-10-14T11:15:09.693",
"lastModified": "2023-11-07T03:51:20.303",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 2.7
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -60,7 +60,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
@ -79,8 +79,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F568F825-03F3-4EA1-8140-AD0DCA462881"
"criteria": "cpe:2.3:a:oretnom23:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB20CFC6-02D1-4450-93F7-8C2BF9847907"
}
]
}

8
CVE-2022/CVE-2022-398xx/CVE-2022-39818.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-39818",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T06:15:07.880",
"lastModified": "2023-12-25T06:15:07.880",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system."
},
{
"lang": "es",
"value": "En NOKIA NFM-T R19.9, se produce una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en /cgi-bin/R19.9/log.pl de la interfaz web de VM Manager a trav\u00e9s del par\u00e1metro cmd HTTP GET. Esto permite a los usuarios autenticados ejecutar comandos, con privilegios de root, en el sistema operativo."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-398xx/CVE-2022-39820.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-39820",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T06:15:08.013",
"lastModified": "2023-12-25T06:15:08.013",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements."
},
{
"lang": "es",
"value": "En Network Element Manager en NOKIA NFM-T R19.9, se produce una vulnerabilidad de almacenamiento de credenciales desprotegidas en /root/RestUploadManager.xml.DRC y /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. Un usuario remoto, autenticado en el sistema operativo, con privilegios de acceso al directorio /root o /DEPOT, puede leer credenciales en texto plano para acceder al portal web NFM-T y controlar todos los elementos de la red PPS."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-398xx/CVE-2022-39822.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-39822",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T06:15:08.060",
"lastModified": "2023-12-25T06:15:08.060",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation."
},
{
"lang": "es",
"value": "En NOKIA NFM-T R19.9, se produce una vulnerabilidad de inyecci\u00f3n SQL en /cgi-bin/R19.9/easy1350.pl de la interfaz web de VM Manager a trav\u00e9s del par\u00e1metro GET HTTP id o host. Se requiere un atacante autenticado para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-417xx/CVE-2022-41760.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-41760",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T06:15:08.110",
"lastModified": "2023-12-25T06:15:08.110",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en NOKIA NFM-T R19.9. El Path Traversal relativo puede ocurrir en /oms1350/data/cpb/log de Network Element Manager a trav\u00e9s del par\u00e1metro filename, lo que permite a un atacante remoto autenticado leer archivos arbitrarios."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-417xx/CVE-2022-41761.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-41761",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T06:15:08.157",
"lastModified": "2023-12-25T06:15:08.157",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en NOKIA NFM-T R19.9. Existe una vulnerabilidad Absolute Path Traversal en /cgi-bin/R19.9/viewlog.pl de VM Manager WebUI a trav\u00e9s del par\u00e1metro logfile, lo que permite a un atacante remoto autenticado leer archivos arbitrarios."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-417xx/CVE-2022-41762.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-41762",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T06:15:08.203",
"lastModified": "2023-12-25T06:15:08.203",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en NOKIA NFM-T R19.9. Existen m\u00faltiples vulnerabilidades de XSS reflejado en Network Element Manager a trav\u00e9s de cualquier par\u00e1metro de log.pl, el par\u00e1metro bench o pid de top.pl o el par\u00e1metro id de easy1350.pl."
}
],
"metrics": {},

10
CVE-2022/CVE-2022-42xx/CVE-2022-4273.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4273",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-03T09:15:10.207",
"lastModified": "2023-11-07T03:57:22.470",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Modified",
"descriptions": [
{
@ -33,7 +33,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -66,7 +66,7 @@
]
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
@ -85,8 +85,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F568F825-03F3-4EA1-8140-AD0DCA462881"
"criteria": "cpe:2.3:a:oretnom23:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB20CFC6-02D1-4450-93F7-8C2BF9847907"
}
]
}

10
CVE-2022/CVE-2022-42xx/CVE-2022-4278.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4278",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-03T18:15:10.083",
"lastModified": "2023-11-07T03:57:23.883",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Modified",
"descriptions": [
{
@ -33,7 +33,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -66,7 +66,7 @@
]
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
@ -85,8 +85,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F568F825-03F3-4EA1-8140-AD0DCA462881"
"criteria": "cpe:2.3:a:oretnom23:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB20CFC6-02D1-4450-93F7-8C2BF9847907"
}
]
}

10
CVE-2022/CVE-2022-42xx/CVE-2022-4279.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4279",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-03T18:15:10.163",
"lastModified": "2023-11-07T03:57:24.133",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Modified",
"descriptions": [
{
@ -33,7 +33,7 @@
"impactScore": 2.7
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -66,7 +66,7 @@
]
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
@ -85,8 +85,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F568F825-03F3-4EA1-8140-AD0DCA462881"
"criteria": "cpe:2.3:a:oretnom23:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB20CFC6-02D1-4450-93F7-8C2BF9847907"
}
]
}

10
CVE-2022/CVE-2022-432xx/CVE-2022-43262.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-43262",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-11-16T15:15:16.440",
"lastModified": "2022-11-16T19:40:45.003",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Human Resource Management System v1.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro de contrase\u00f1a en /hrm/controller/login.php."
}
],
"metrics": {
@ -55,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F568F825-03F3-4EA1-8140-AD0DCA462881"
"criteria": "cpe:2.3:a:oretnom23:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB20CFC6-02D1-4450-93F7-8C2BF9847907"
}
]
}

10
CVE-2022/CVE-2022-433xx/CVE-2022-43317.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-43317",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-11-07T15:15:10.887",
"lastModified": "2022-11-08T16:38:18.897",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) en /hrm/index.php?msg de Human Resource Management System v1.0 permite a los atacantes ejecutar scripts web o HTML de su elecci\u00f3n a trav\u00e9s de un payload manipulado."
}
],
"metrics": {
@ -55,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F568F825-03F3-4EA1-8140-AD0DCA462881"
"criteria": "cpe:2.3:a:oretnom23:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB20CFC6-02D1-4450-93F7-8C2BF9847907"
}
]
}

10
CVE-2022/CVE-2022-433xx/CVE-2022-43318.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-43318",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-11-07T15:15:10.950",
"lastModified": "2022-11-08T16:32:43.253",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Human Resource Management System v1.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro stateedit en /hrm/state.php."
}
],
"metrics": {
@ -55,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F568F825-03F3-4EA1-8140-AD0DCA462881"
"criteria": "cpe:2.3:a:oretnom23:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB20CFC6-02D1-4450-93F7-8C2BF9847907"
}
]
}

8
CVE-2022/CVE-2022-436xx/CVE-2022-43675.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-43675",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T06:15:08.253",
"lastModified": "2023-12-25T06:15:08.253",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all parameters."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en NOKIA NFM-T R19.9. El XSS reflejado en Network Element Manager existe a trav\u00e9s de /oms1350/pages/otn/cpbLogDisplay a trav\u00e9s del par\u00e1metro filename, en /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay a trav\u00e9s del par\u00e1metro id y en /oms1350/pages/otn/mainOtn a trav\u00e9s de todos los par\u00e1metros."
}
],
"metrics": {},

10
CVE-2022/CVE-2022-452xx/CVE-2022-45218.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-45218",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-11-25T17:15:11.287",
"lastModified": "2022-11-29T22:02:25.527",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Human Resource Management System v1.0.0 conten\u00eda una vulnerabilidad de cross-site scripting (XSS). Esta vulnerabilidad se activa mediante un payload manipulado que se inyecta en un mensaje de error de autenticaci\u00f3n."
}
],
"metrics": {
@ -55,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F568F825-03F3-4EA1-8140-AD0DCA462881"
"criteria": "cpe:2.3:a:oretnom23:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB20CFC6-02D1-4450-93F7-8C2BF9847907"
}
]
}

8
CVE-2023/CVE-2023-271xx/CVE-2023-27150.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-27150",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T04:15:07.713",
"lastModified": "2023-12-26T04:15:07.713",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que openCRX 5.2.0 contiene una vulnerabilidad de cross-site scripting (XSS) a trav\u00e9s del campo Name despu\u00e9s de la creaci\u00f3n de un Tracker en Manage Activity."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-286xx/CVE-2023-28616.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-28616",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T04:15:07.790",
"lastModified": "2023-12-26T04:15:07.790",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Stormshield Network Security (SNS) anterior a 4.3.17, 4.4.x a 4.6.x anterior a 4.6.4 y 4.7.x anterior a 4.7.1. Afecta a las cuentas de usuario cuya contrase\u00f1a tiene un signo igual o un espacio. El proceso serverd registra dichas contrase\u00f1as en texto plano y potencialmente env\u00eda estos registros al componente Syslog."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-288xx/CVE-2023-28872.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-28872",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T07:15:07.893",
"lastModified": "2023-12-25T07:15:07.893",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\\Temp\\NcpSupport* location."
},
{
"lang": "es",
"value": "Support Assistant en NCP Secure Enterprise Client anterior a 13.10 permite a los atacantes ejecutar archivos DLL con privilegios de SYSTEM creando un enlace simb\u00f3lico desde una ubicaci\u00f3n %LOCALAPPDATA%\\Temp\\NcpSupport*."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-304xx/CVE-2023-30451.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-30451",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T05:15:08.553",
"lastModified": "2023-12-25T05:15:08.553",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]."
},
{
"lang": "es",
"value": "En TYPO3 11.5.24, el componente filelist permite a los atacantes (que tienen acceso al panel de administrador) leer archivos arbitrarios a trav\u00e9s del directory traversal en el campo baseuri, como lo demuestra POST /typo3/record/edit con ../../. ./ en datos[sys_file_storage]*[datos][sDEF][lDEF][basePath][vDEF]."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-312xx/CVE-2023-31224.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31224",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.430",
"lastModified": "2023-12-25T08:15:07.430",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "There is broken access control during authentication in Jamf Pro Server before 10.46.1."
},
{
"lang": "es",
"value": "Hay un control de acceso roto durante la autenticaci\u00f3n en Jamf Pro Server anterior a 10.46.1."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-312xx/CVE-2023-31289.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31289",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T06:15:08.303",
"lastModified": "2023-12-25T06:15:08.303",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort."
},
{
"lang": "es",
"value": "Pexip Infinity anterior a 31.2 tiene una validaci\u00f3n de entrada inadecuada para la se\u00f1alizaci\u00f3n, lo que permite a atacantes remotos activar un aborto."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-312xx/CVE-2023-31297.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31297",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T07:15:08.593",
"lastModified": "2023-12-25T07:15:08.593",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SESAMI planfocus CPTO (Cash Point & Transport Optimizer) 6.3.8.6 718. There is XSS via the Name field when modifying a client."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en SESAMI planfocus CPTO (Cash Point & Transport Optimizer) 6.3.8.6 718. Hay XSS a trav\u00e9s del campo Name al modificar un cliente."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-314xx/CVE-2023-31455.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-31455",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T06:15:08.350",
"lastModified": "2023-12-25T06:15:08.350",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort."
},
{
"lang": "es",
"value": "Pexip Infinity anterior a 31.2 tiene una validaci\u00f3n de entrada incorrecta para RTCP, lo que permite a atacantes remotos provocar una interrupci\u00f3n."
}
],
"metrics": {},

12
CVE-2023/CVE-2023-33xx/CVE-2023-3391.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3391",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-23T16:15:09.693",
"lastModified": "2023-11-07T04:18:40.070",
"lastModified": "2023-12-26T19:56:27.157",
"vulnStatus": "Modified",
"descriptions": [
{
@ -33,7 +33,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -55,7 +55,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -81,7 +81,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
@ -100,8 +100,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F568F825-03F3-4EA1-8140-AD0DCA462881"
"criteria": "cpe:2.3:a:oretnom23:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB20CFC6-02D1-4450-93F7-8C2BF9847907"
}
]
}

8
CVE-2023/CVE-2023-364xx/CVE-2023-36485.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36485",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.497",
"lastModified": "2023-12-25T08:15:07.497",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file."
},
{
"lang": "es",
"value": "El motor de workflow de ILIAS anterior a 7.23 y 8 anterior a 8.3 permite a usuarios remotos autenticados ejecutar comandos arbitrarios del sistema en el servidor de aplicaciones como usuario de la aplicaci\u00f3n a trav\u00e9s de un archivo de definici\u00f3n de workflow BPMN2 malicioso."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-364xx/CVE-2023-36486.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36486",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.560",
"lastModified": "2023-12-25T08:15:07.560",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename."
},
{
"lang": "es",
"value": "El motor de workflow de ILIAS anterior a 7.23 y 8 anterior a 8.3 permite a usuarios remotos autenticados ejecutar comandos arbitrarios del sistema en el servidor de aplicaciones como usuario de la aplicaci\u00f3n cargando un archivo de definici\u00f3n de workflow con un nombre de archivo malicioso."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-371xx/CVE-2023-37185.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-37185",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T07:15:08.793",
"lastModified": "2023-12-25T07:15:08.793",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at zfp/blosc2-zfp.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que C-blosc2 anterior a 2.9.3 conten\u00eda una desreferencia de puntero NULL mediante la funci\u00f3n zfp_prec_decompress en zfp/blosc2-zfp.c."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-371xx/CVE-2023-37186.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-37186",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T07:15:08.980",
"lastModified": "2023-12-25T07:15:08.980",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que C-blosc2 anterior a 2.9.3 conten\u00eda una desreferencia de puntero NULL en ndlz/ndlz8x8.c a trav\u00e9s de un puntero NULL a memset."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-371xx/CVE-2023-37187.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-37187",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T07:15:09.183",
"lastModified": "2023-12-25T07:15:09.183",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que C-blosc2 anterior a 2.9.3 conten\u00eda una desreferencia de puntero NULL mediante la funci\u00f3n zfp/blosc2-zfp.c zfp_acc_decompress."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-371xx/CVE-2023-37188.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-37188",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T07:15:09.347",
"lastModified": "2023-12-25T07:15:09.347",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que C-blosc2 anterior a 2.9.3 conten\u00eda una desreferencia de puntero NULL mediante la funci\u00f3n zfp_rate_decompress en zfp/blosc2-zfp.c."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-372xx/CVE-2023-37225.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-37225",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T06:15:08.393",
"lastModified": "2023-12-25T06:15:08.393",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links."
},
{
"lang": "es",
"value": "Pexip Infinity anterior a 32 permite Webapp1 XSS a trav\u00e9s de enlaces preconfigurados."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-383xx/CVE-2023-38321.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38321",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T09:15:07.223",
"lastModified": "2023-12-25T09:15:07.223",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token."
},
{
"lang": "es",
"value": "OpenNDS, tal como se usa en Sierra Wireless ALEOS anteriores a 4.17.0.12 y otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desreferencia de puntero NULL, ca\u00edda del daemon e interrupci\u00f3n de Captive Portal) a trav\u00e9s de una solicitud GET a /opennds_auth/ que carece de una configuraci\u00f3n personalizada. par\u00e1metro de cadena de consulta y token de cliente."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-388xx/CVE-2023-38826.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38826",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.630",
"lastModified": "2023-12-25T08:15:07.630",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability exists in Follet Learning Solutions Destiny through 20.0_1U. via the handlewpesearchform.do. searchString."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross Site Scripting (XSS) en Follet Learning Solutions Destiny hasta 20.0_1U. a trav\u00e9s de handlewpesearchform.do. searchString."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-402xx/CVE-2023-40236.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40236",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T06:15:08.440",
"lastModified": "2023-12-25T06:15:08.440",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass."
},
{
"lang": "es",
"value": "En el portal de autoservicio de Pexip VMR anterior a 3, se utiliza la misma clave de host SSH en las instalaciones de diferentes clientes, lo que permite omitir la autenticaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-424xx/CVE-2023-42436.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42436",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:09.637",
"lastModified": "2023-12-26T08:15:09.637",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross-site scripting almacenado en la funci\u00f3n de presentaci\u00f3n de las versiones de GROWI anteriores a la v3.4.0. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-430xx/CVE-2023-43064.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43064",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-25T03:15:08.210",
"lastModified": "2023-12-25T03:15:08.210",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689."
},
{
"lang": "es",
"value": "Facsimile Support para IBM i 7.2, 7.3, 7.4 y 7.5 podr\u00eda permitir que un usuario local obtenga privilegios elevados debido a una llamada de librer\u00eda no calificada. Un actor malintencionado podr\u00eda provocar que se ejecutara c\u00f3digo arbitrario con el privilegio del usuario que invoca el soporte de fax. ID de IBM X-Force: 267689."
}
],
"metrics": {

8
CVE-2023/CVE-2023-457xx/CVE-2023-45737.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45737",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:09.907",
"lastModified": "2023-12-26T08:15:09.907",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page and the Markdown Settings (/admin/markdown) page of GROWI versions prior to v3.5.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross-site scripting almacenado en la p\u00e1gina App Settings (/admin/app) y en la p\u00e1gina Markdown Settings (/admin/markdown) de las versiones de GROWI anteriores a la v3.5.0. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-457xx/CVE-2023-45740.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45740",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:10.010",
"lastModified": "2023-12-26T08:15:10.010",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product."
},
{
"lang": "es",
"value": "La vulnerabilidad de cross-site scripting almacenado al procesar im\u00e1genes de perfil existe en las versiones de GROWI anteriores a la v4.1.3. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-457xx/CVE-2023-45741.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45741",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:10.107",
"lastModified": "2023-12-26T08:15:10.107",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands."
},
{
"lang": "es",
"value": "Versi\u00f3n del firmware VR-S1000. 2.37 y anteriores permiten a un atacante con acceso a la p\u00e1gina de administraci\u00f3n web del producto ejecutar comandos arbitrarios del sistema operativo."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-466xx/CVE-2023-46681.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46681",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:10.247",
"lastModified": "2023-12-26T08:15:10.247",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. 2.37 and earlier allows an authenticated attacker who can access to the product's command line interface to execute an arbitrary command."
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de delimitadores de argumentos en una vulnerabilidad de comando ('Inyecci\u00f3n de argumentos') en la versi\u00f3n del firmware VR-S1000. 2.37 y anteriores permiten que un atacante autenticado que pueda acceder a la interfaz de l\u00ednea de comandos del producto ejecute un comando arbitrario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-466xx/CVE-2023-46699.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46699",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:10.407",
"lastModified": "2023-12-26T08:15:10.407",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention."
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross-site request forgery (CSRF) existe en la p\u00e1gina User settings (/me) de las versiones de GROWI anteriores a la v6.0.0. Si un usuario ve una p\u00e1gina maliciosa mientras inicia sesi\u00f3n, la configuraci\u00f3n puede cambiarse sin la intenci\u00f3n del usuario."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-467xx/CVE-2023-46711.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46711",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:10.530",
"lastModified": "2023-12-26T08:15:10.530",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user."
},
{
"lang": "es",
"value": "La versi\u00f3n del firmware VR-S1000. 2.37 y anteriores utilizan una clave criptogr\u00e1fica codificada que puede permitir a un atacante analizar la contrase\u00f1a de un usuario de producto espec\u00edfico."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-470xx/CVE-2023-47091.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47091",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T07:15:09.537",
"lastModified": "2023-12-25T07:15:09.537",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Stormshield Network Security (SNS), SNS 4.3.13 a 4.3.22 antes de 4.3.23, SNS 4.6.0 a 4.6.9 antes de 4.6.10 y SNS 4.7.0 a 4.7.1 antes de 4.7.2. . Un atacante puede sobrepasar el umbral de cookies, haciendo imposible una conexi\u00f3n IPsec."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-472xx/CVE-2023-47215.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47215",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:10.643",
"lastModified": "2023-12-26T08:15:10.643",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product."
},
{
"lang": "es",
"value": "La vulnerabilidad de cross-site scripting almacenado que explota un comportamiento del filtro XSS existe en las versiones de GROWI anteriores a la v6.0.0. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del us"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-472xx/CVE-2023-47247.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47247",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T07:15:09.683",
"lastModified": "2023-12-25T07:15:09.683",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102."
},
{
"lang": "es",
"value": "En SysAid On-Premise anterior al 23.3.34, hay un caso extremo en el que un usuario final puede eliminar un art\u00edculo de la base de conocimientos, tambi\u00e9n conocido como error 15102."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-486xx/CVE-2023-48652.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48652",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.697",
"lastModified": "2023-12-25T08:15:07.697",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated."
},
{
"lang": "es",
"value": "Concrete CMS 9 anterior a 9.2.3 es vulnerable a Cross Site Request Forgery (CSRF) a trav\u00e9s de /ccm/system/dialogs/logs/delete_all/submit. Un atacante puede obligar a un usuario administrador a eliminar los registros de informes del servidor en una aplicaci\u00f3n web en la que est\u00e1 actualmente autenticado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-486xx/CVE-2023-48654.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48654",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T06:15:08.483",
"lastModified": "2023-12-25T06:15:08.483",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the Google ReCAPTCHA section, click on the Privacy link, observe that there is a new browser window, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\\SYSTEM."
},
{
"lang": "es",
"value": "One Identity Password Manager anterior a 5.13.1 permite Kiosk Escape. Este producto permite a los usuarios restablecer sus contrase\u00f1as de Active Directory en la pantalla de inicio de sesi\u00f3n de un cliente de Windows. Inicia un navegador basado en Chromium en modo quiosco para proporcionar la funcionalidad de reinicio. La secuencia de escape es: vaya a la secci\u00f3n Google ReCAPTCHA, haga clic en el enlace Privacidad, observe que hay una nueva ventana del navegador, navegue a cualquier sitio web que ofrezca carga de archivos, navegue a cmd.exe desde la ventana del explorador de archivos e inicie cmd. .exe como NT AUTHORITY\\SYSTEM."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-491xx/CVE-2023-49117.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49117",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T06:15:07.260",
"lastModified": "2023-12-26T06:15:07.260",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability."
},
{
"lang": "es",
"value": "PowerCMS (Serie 6, Serie 5 y Serie 4) contiene una vulnerabilidad de cross-site scripting almacenado. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web de un usuario que haya iniciado sesi\u00f3n. Tenga en cuenta que todas las versiones de PowerCMS Serie 3 y anteriores que no son compatibles (End-of-Life, EOL) tambi\u00e9n se ven afectadas por esta vulnerabilidad."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-491xx/CVE-2023-49119.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49119",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:10.793",
"lastModified": "2023-12-26T08:15:10.793",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product."
},
{
"lang": "es",
"value": "La vulnerabilidad de cross-site scripting almacenado a trav\u00e9s de las etiquetas img existe en las versiones de GROWI anteriores a la v6.0.0. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-492xx/CVE-2023-49226.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49226",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.760",
"lastModified": "2023-12-25T08:15:07.760",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Peplink Balance Two antes de 8.4.0. La inyecci\u00f3n de comandos en la funci\u00f3n traceroute de la consola de administraci\u00f3n permite a los usuarios con privilegios de administrador ejecutar comandos arbitrarios como root."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-493xx/CVE-2023-49328.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49328",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T06:15:08.530",
"lastModified": "2023-12-25T06:15:08.530",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication phase, a validated system user can achieve remote code execution via Argument Injection in the server-to-server module."
},
{
"lang": "es",
"value": "En un servidor Wolters Kluwer B.POINT 23.70.00 que ejecuta Linux localmente, durante la fase de autenticaci\u00f3n, un usuario del sistema validado puede lograr la ejecuci\u00f3n remota de c\u00f3digo mediante la inyecci\u00f3n de argumentos en el m\u00f3dulo de servidor a servidor."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-495xx/CVE-2023-49598.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49598",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:10.930",
"lastModified": "2023-12-26T08:15:10.930",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross-site scripting almacenado en los controladores de eventos de las etiquetas previas en las versiones de GROWI anteriores a la v6.0.0. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-497xx/CVE-2023-49779.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49779",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:11.017",
"lastModified": "2023-12-26T08:15:11.017",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross-site scripting almacenado en la etiqueta de anclaje de las versiones de GROWI anteriores a la v6.0.0. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-498xx/CVE-2023-49807.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49807",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:11.113",
"lastModified": "2023-12-26T08:15:11.113",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product."
},
{
"lang": "es",
"value": "La vulnerabilidad de cross-site scripting almacenado al procesar MathJax existe en las versiones de GROWI anteriores a la v6.0.0. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-498xx/CVE-2023-49880.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49880",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-25T03:15:08.430",
"lastModified": "2023-12-25T03:15:08.430",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183."
},
{
"lang": "es",
"value": "En la funci\u00f3n Message Entry and Repair (MER) de IBM Financial Transaction Manager para SWIFT Services 3.2.4, se supone que la direcci\u00f3n de env\u00edo y el tipo de mensaje de los mensajes FIN son inmutables. Sin embargo, un atacante podr\u00eda modificar estos elementos de una transacci\u00f3n comercial. ID de IBM X-Force: 273183."
}
],
"metrics": {

8
CVE-2023/CVE-2023-499xx/CVE-2023-49944.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49944",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.833",
"lastModified": "2023-12-25T08:15:07.833",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature."
},
{
"lang": "es",
"value": "La funci\u00f3n Challenge Response de BeyondTrust Privilege Management para Windows (PMfW) antes del 14 de julio de 2023 permite a los administradores locales omitir esta funci\u00f3n descifrando la clave compartida o localizando la clave compartida descifrada en la memoria de proceso. La amenaza se mitiga mediante la funci\u00f3n Agent Protection."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-499xx/CVE-2023-49949.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49949",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T14:15:07.277",
"lastModified": "2023-12-26T14:15:07.277",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes."
},
{
"lang": "es",
"value": "Passwork anterior a 6.2.0 permite a los usuarios autenticados remotamente omitir 2FA enviando un mill\u00f3n de c\u00f3digos de 6 d\u00edgitos posibles."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-499xx/CVE-2023-49954.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49954",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-25T08:15:07.933",
"lastModified": "2023-12-25T08:15:07.933",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address."
},
{
"lang": "es",
"value": "La integraci\u00f3n de CRM en 3CX anterior a 18.0.9.23 y 20 anterior a 20.0.0.1494 permite la inyecci\u00f3n SQL a trav\u00e9s de un nombre, cadena de b\u00fasqueda o direcci\u00f3n de correo electr\u00f3nico."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-501xx/CVE-2023-50175.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50175",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:11.290",
"lastModified": "2023-12-26T08:15:11.290",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page, the Markdown Settings (/admin/markdown) page, and the Customize (/admin/customize) page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product."
},
{
"lang": "es",
"value": "La vulnerabilidad de cross-site scripting almacenado existe en la p\u00e1gina App Settings (/admin/app), la p\u00e1gina Markdown Settings (/admin/markdown) y la p\u00e1gina Customize (/admin/customize) de las versiones de GROWI anteriores a la v6.0.0. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-502xx/CVE-2023-50294.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50294",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:11.427",
"lastModified": "2023-12-26T08:15:11.427",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page."
},
{
"lang": "es",
"value": "La p\u00e1gina App Settings (/admin/app) en las versiones de GROWI anteriores a la v6.0.6 almacena informaci\u00f3n confidencial en forma de texto plano. Como resultado, un atacante que pueda acceder a la p\u00e1gina de configuraci\u00f3n de la aplicaci\u00f3n puede obtener la clave de acceso secreta para el servicio externo."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-502xx/CVE-2023-50297.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50297",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T06:15:07.473",
"lastModified": "2023-12-26T06:15:07.473",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Series) allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability."
},
{
"lang": "es",
"value": "Vulnerabilidad de redireccionamiento abierto en PowerCMS (Series 6, 5 Series y 4 Series) permite que un atacante remoto no autenticado redirija a los usuarios a sitios web arbitrarios a trav\u00e9s de una URL especialmente manipulada. Tenga en cuenta que todas las versiones de PowerCMS Serie 3 y anteriores que no son compatibles (End-of-Life, EOL) tambi\u00e9n se ven afectadas por esta vulnerabilidad."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-503xx/CVE-2023-50332.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50332",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:11.570",
"lastModified": "2023-12-26T08:15:11.570",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. If this vulnerability is exploited, a user may delete or suspend its own account without the user's intention.\r\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de autorizaci\u00f3n incorrecta en la p\u00e1gina User Management (/admin/users) de las versiones de GROWI anteriores a la v6.0.6. Si se explota esta vulnerabilidad, un usuario puede eliminar o suspender su propia cuenta sin su intenci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-503xx/CVE-2023-50339.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50339",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:11.657",
"lastModified": "2023-12-26T08:15:11.657",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.1.11. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross-site scripting almacenado en la p\u00e1gina User Management (/admin/users) de las versiones de GROWI anteriores a la v6.1.11. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio utilizando el producto."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-509xx/CVE-2023-50968.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50968",
"sourceIdentifier": "security@apache.org",
"published": "2023-12-26T12:15:07.287",
"lastModified": "2023-12-26T15:15:08.560",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-510xx/CVE-2023-51090.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51090",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.073",
"lastModified": "2023-12-26T18:15:08.073",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-510xx/CVE-2023-51091.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51091",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.127",
"lastModified": "2023-12-26T18:15:08.127",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-510xx/CVE-2023-51092.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51092",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.173",
"lastModified": "2023-12-26T18:15:08.173",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-510xx/CVE-2023-51093.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51093",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.217",
"lastModified": "2023-12-26T18:15:08.217",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-510xx/CVE-2023-51094.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51094",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.267",
"lastModified": "2023-12-26T18:15:08.267",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-510xx/CVE-2023-51095.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51095",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T17:15:08.293",
"lastModified": "2023-12-26T17:15:08.293",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-510xx/CVE-2023-51097.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51097",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.317",
"lastModified": "2023-12-26T18:15:08.317",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-510xx/CVE-2023-51098.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51098",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.367",
"lastModified": "2023-12-26T18:15:08.367",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-510xx/CVE-2023-51099.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51099",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.413",
"lastModified": "2023-12-26T18:15:08.413",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-511xx/CVE-2023-51100.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51100",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.460",
"lastModified": "2023-12-26T18:15:08.460",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-511xx/CVE-2023-51101.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51101",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.510",
"lastModified": "2023-12-26T18:15:08.510",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-511xx/CVE-2023-51102.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51102",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T18:15:08.657",
"lastModified": "2023-12-26T18:15:08.657",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-511xx/CVE-2023-51103.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51103",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T15:15:08.630",
"lastModified": "2023-12-26T15:15:08.630",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-511xx/CVE-2023-51104.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51104",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T15:15:08.670",
"lastModified": "2023-12-26T15:15:08.670",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-511xx/CVE-2023-51105.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51105",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T15:15:08.720",
"lastModified": "2023-12-26T15:15:08.720",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-511xx/CVE-2023-51106.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51106",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T15:15:08.760",
"lastModified": "2023-12-26T15:15:08.760",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-511xx/CVE-2023-51107.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51107",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-26T15:15:08.807",
"lastModified": "2023-12-26T15:15:08.807",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-513xx/CVE-2023-51363.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51363",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-12-26T08:15:11.760",
"lastModified": "2023-12-26T08:15:11.760",
"vulnStatus": "Received",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unauthenticated attacker who can access the product's web management page to obtain sensitive information."
},
{
"lang": "es",
"value": "Versi\u00f3n del firmware VR-S1000. 2.37 y anteriores permiten que un atacante no autenticado adyacente a la red pueda acceder a la p\u00e1gina de administraci\u00f3n web del producto para obtener informaci\u00f3n confidencial."
}
],
"metrics": {},

Some files were not shown because too many files have changed in this diff Show More