From a78fd27c47a6b36052d66a183dc45df22280439c Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 30 Jan 2024 15:00:29 +0000 Subject: [PATCH] Auto-Update: 2024-01-30T15:00:25.970047+00:00 --- CVE-2021/CVE-2021-421xx/CVE-2021-42141.json | 76 +++- CVE-2023/CVE-2023-228xx/CVE-2023-22836.json | 8 +- CVE-2023/CVE-2023-287xx/CVE-2023-28722.json | 99 ++++- CVE-2023/CVE-2023-309xx/CVE-2023-30970.json | 8 +- CVE-2023/CVE-2023-332xx/CVE-2023-33295.json | 69 +++- CVE-2023/CVE-2023-362xx/CVE-2023-36259.json | 4 +- CVE-2023/CVE-2023-362xx/CVE-2023-36260.json | 4 +- CVE-2023/CVE-2023-375xx/CVE-2023-37571.json | 8 +- CVE-2023/CVE-2023-37xx/CVE-2023-3771.json | 69 +++- CVE-2023/CVE-2023-385xx/CVE-2023-38541.json | 61 ++- CVE-2023/CVE-2023-385xx/CVE-2023-38587.json | 396 +++++++++++++++++++- CVE-2023/CVE-2023-424xx/CVE-2023-42429.json | 207 +++++++++- CVE-2023/CVE-2023-427xx/CVE-2023-42766.json | 99 ++++- CVE-2023/CVE-2023-45xx/CVE-2023-4550.json | 8 +- CVE-2023/CVE-2023-45xx/CVE-2023-4551.json | 8 +- CVE-2023/CVE-2023-45xx/CVE-2023-4552.json | 8 +- CVE-2023/CVE-2023-45xx/CVE-2023-4553.json | 8 +- CVE-2023/CVE-2023-45xx/CVE-2023-4554.json | 8 +- CVE-2023/CVE-2023-470xx/CVE-2023-47035.json | 73 +++- CVE-2023/CVE-2023-490xx/CVE-2023-49038.json | 8 +- CVE-2023/CVE-2023-493xx/CVE-2023-49351.json | 79 +++- CVE-2023/CVE-2023-517xx/CVE-2023-51764.json | 6 +- CVE-2023/CVE-2023-518xx/CVE-2023-51813.json | 8 +- CVE-2023/CVE-2023-518xx/CVE-2023-51837.json | 8 +- CVE-2023/CVE-2023-518xx/CVE-2023-51839.json | 8 +- CVE-2023/CVE-2023-518xx/CVE-2023-51840.json | 8 +- CVE-2023/CVE-2023-518xx/CVE-2023-51842.json | 8 +- CVE-2023/CVE-2023-518xx/CVE-2023-51843.json | 8 +- CVE-2023/CVE-2023-519xx/CVE-2023-51982.json | 8 +- CVE-2023/CVE-2023-520xx/CVE-2023-52071.json | 4 +- CVE-2023/CVE-2023-53xx/CVE-2023-5372.json | 8 +- CVE-2023/CVE-2023-63xx/CVE-2023-6374.json | 4 +- CVE-2023/CVE-2023-67xx/CVE-2023-6747.json | 12 +- CVE-2023/CVE-2023-69xx/CVE-2023-6942.json | 4 +- CVE-2023/CVE-2023-69xx/CVE-2023-6943.json | 4 +- CVE-2023/CVE-2023-71xx/CVE-2023-7192.json | 12 +- CVE-2023/CVE-2023-72xx/CVE-2023-7225.json | 8 +- CVE-2023/CVE-2023-72xx/CVE-2023-7238.json | 57 ++- CVE-2024/CVE-2024-06xx/CVE-2024-0674.json | 55 +++ CVE-2024/CVE-2024-06xx/CVE-2024-0675.json | 55 +++ CVE-2024/CVE-2024-06xx/CVE-2024-0676.json | 55 +++ CVE-2024/CVE-2024-07xx/CVE-2024-0778.json | 84 ++++- CVE-2024/CVE-2024-10xx/CVE-2024-1016.json | 8 +- CVE-2024/CVE-2024-10xx/CVE-2024-1017.json | 8 +- CVE-2024/CVE-2024-10xx/CVE-2024-1018.json | 8 +- CVE-2024/CVE-2024-10xx/CVE-2024-1020.json | 8 +- CVE-2024/CVE-2024-10xx/CVE-2024-1021.json | 8 +- CVE-2024/CVE-2024-10xx/CVE-2024-1022.json | 8 +- CVE-2024/CVE-2024-10xx/CVE-2024-1024.json | 8 +- CVE-2024/CVE-2024-10xx/CVE-2024-1026.json | 8 +- CVE-2024/CVE-2024-10xx/CVE-2024-1027.json | 8 +- CVE-2024/CVE-2024-10xx/CVE-2024-1028.json | 8 +- CVE-2024/CVE-2024-10xx/CVE-2024-1029.json | 8 +- CVE-2024/CVE-2024-10xx/CVE-2024-1030.json | 8 +- CVE-2024/CVE-2024-10xx/CVE-2024-1031.json | 88 +++++ CVE-2024/CVE-2024-10xx/CVE-2024-1032.json | 88 +++++ CVE-2024/CVE-2024-10xx/CVE-2024-1033.json | 88 +++++ CVE-2024/CVE-2024-10xx/CVE-2024-1061.json | 4 +- CVE-2024/CVE-2024-10xx/CVE-2024-1063.json | 8 +- CVE-2024/CVE-2024-214xx/CVE-2024-21488.json | 8 +- CVE-2024/CVE-2024-218xx/CVE-2024-21803.json | 8 +- CVE-2024/CVE-2024-218xx/CVE-2024-21840.json | 8 +- CVE-2024/CVE-2024-225xx/CVE-2024-22523.json | 4 +- CVE-2024/CVE-2024-225xx/CVE-2024-22570.json | 8 +- CVE-2024/CVE-2024-226xx/CVE-2024-22643.json | 4 +- CVE-2024/CVE-2024-226xx/CVE-2024-22646.json | 4 +- CVE-2024/CVE-2024-226xx/CVE-2024-22647.json | 4 +- CVE-2024/CVE-2024-226xx/CVE-2024-22648.json | 4 +- CVE-2024/CVE-2024-226xx/CVE-2024-22682.json | 8 +- CVE-2024/CVE-2024-228xx/CVE-2024-22894.json | 8 +- CVE-2024/CVE-2024-229xx/CVE-2024-22938.json | 8 +- CVE-2024/CVE-2024-232xx/CVE-2024-23219.json | 76 +++- CVE-2024/CVE-2024-232xx/CVE-2024-23222.json | 191 +++++++++- CVE-2024/CVE-2024-233xx/CVE-2024-23334.json | 8 +- CVE-2024/CVE-2024-233xx/CVE-2024-23339.json | 53 ++- CVE-2024/CVE-2024-233xx/CVE-2024-23340.json | 59 ++- CVE-2024/CVE-2024-238xx/CVE-2024-23829.json | 8 +- CVE-2024/CVE-2024-239xx/CVE-2024-23940.json | 8 +- CVE-2024/CVE-2024-241xx/CVE-2024-24134.json | 8 +- CVE-2024/CVE-2024-241xx/CVE-2024-24135.json | 8 +- CVE-2024/CVE-2024-241xx/CVE-2024-24136.json | 8 +- CVE-2024/CVE-2024-241xx/CVE-2024-24139.json | 8 +- CVE-2024/CVE-2024-241xx/CVE-2024-24140.json | 8 +- CVE-2024/CVE-2024-241xx/CVE-2024-24141.json | 8 +- README.md | 53 ++- 85 files changed, 2462 insertions(+), 222 deletions(-) create mode 100644 CVE-2024/CVE-2024-06xx/CVE-2024-0674.json create mode 100644 CVE-2024/CVE-2024-06xx/CVE-2024-0675.json create mode 100644 CVE-2024/CVE-2024-06xx/CVE-2024-0676.json create mode 100644 CVE-2024/CVE-2024-10xx/CVE-2024-1031.json create mode 100644 CVE-2024/CVE-2024-10xx/CVE-2024-1032.json create mode 100644 CVE-2024/CVE-2024-10xx/CVE-2024-1033.json diff --git a/CVE-2021/CVE-2021-421xx/CVE-2021-42141.json b/CVE-2021/CVE-2021-421xx/CVE-2021-42141.json index 8576efd9ca6..3951e55a366 100644 --- a/CVE-2021/CVE-2021-421xx/CVE-2021-42141.json +++ b/CVE-2021/CVE-2021-421xx/CVE-2021-42141.json @@ -2,8 +2,8 @@ "id": "CVE-2021-42141", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-22T23:15:08.120", - "lastModified": "2024-01-23T13:44:14.167", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T14:30:05.467", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,83 @@ "value": "Se descubri\u00f3 un problema en Contiki-NG tinyDTLS hasta el 30 de agosto de 2018. Un protocolo de enlace incorrecto podr\u00eda completarse con diferentes n\u00fameros de \u00e9poca en los paquetes Client_Hello, Client_key_exchange y Change_cipher_spec, lo que puede provocar una denegaci\u00f3n de servicio." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:contiki-ng:tinydtls:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2018-08-30", + "matchCriteriaId": "E938DF84-2663-4516-87E3-B7E46789F6A1" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176625/Contiki-NG-tinyDTLS-Denial-Of-Service.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/contiki-ng/tinydtls/issues/27", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://seclists.org/fulldisclosure/2024/Jan/14", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-228xx/CVE-2023-22836.json b/CVE-2023/CVE-2023-228xx/CVE-2023-22836.json index 93bc16d985c..f9a11bdcb7b 100644 --- a/CVE-2023/CVE-2023-228xx/CVE-2023-22836.json +++ b/CVE-2023/CVE-2023-228xx/CVE-2023-22836.json @@ -2,12 +2,16 @@ "id": "CVE-2023-22836", "sourceIdentifier": "cve-coordination@palantir.com", "published": "2024-01-29T19:15:08.100", - "lastModified": "2024-01-29T19:15:08.100", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In cases where a multi-tenant stack user is operating Foundry\u2019s Linter service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack\u2019s tenants." + }, + { + "lang": "es", + "value": "En los casos en que un usuario de pila multi-tenant est\u00e9 operando el servicio Foundry\u2019s Linter y el usuario cambie el nombre de un grupo del valor predeterminado, el valor renombrado puede ser visible para el resto de los inquilinos de la pila." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28722.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28722.json index 472ae5907ef..6d0d460eddc 100644 --- a/CVE-2023/CVE-2023-287xx/CVE-2023-28722.json +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28722.json @@ -2,16 +2,40 @@ "id": "CVE-2023-28722", "sourceIdentifier": "secure@intel.com", "published": "2024-01-19T20:15:09.107", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T14:47:58.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper buffer restrictions for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access." + }, + { + "lang": "es", + "value": "Las restricciones inadecuadas del b\u00fafer para algunos firmware de BIOS Intel NUC anteriores a la versi\u00f3n IN0048 pueden permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,69 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_8_mainstream-g_kit_nuc8i5inh_firmware:inwhl357.0049:*:*:*:*:*:*:*", + "matchCriteriaId": "CB60CA15-6E8D-422A-B1A1-9681EA052639" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_8_mainstream-g_kit_nuc8i5inh:-:*:*:*:*:*:*:*", + "matchCriteriaId": "18330FCA-FFDE-4B0E-8703-1DAE0633C053" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_8_mainstream-g_kit_nuc8i7inh_firmware:inwhl357.0049:*:*:*:*:*:*:*", + "matchCriteriaId": "95125F4B-3DFF-4F40-8F6C-BE8587C255B3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_8_mainstream-g_kit_nuc8i7inh:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE7FB4D7-3AED-4BBD-9655-6C300FC08218" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30970.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30970.json index a55e52e36c5..3301070c2dc 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30970.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30970.json @@ -2,12 +2,16 @@ "id": "CVE-2023-30970", "sourceIdentifier": "cve-coordination@palantir.com", "published": "2024-01-29T19:15:08.313", - "lastModified": "2024-01-29T19:15:08.313", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system.\n\n" + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que el servicio Gotham Table y Forward App eran vulnerables a un problema de path traversal que permit\u00eda a un usuario autenticado leer archivos arbitrarios en el sistema de archivos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33295.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33295.json index c76d2df8cf9..9e16536cf99 100644 --- a/CVE-2023/CVE-2023-332xx/CVE-2023-33295.json +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33295.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33295", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T20:15:10.567", - "lastModified": "2024-01-23T23:15:07.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T14:29:36.033", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Se descubri\u00f3 que Cohesity DataProtect 6.8.1 y 6.6.0d ten\u00eda una vulnerabilidad de control de acceso incorrecto debido a la falta de validaci\u00f3n del certificado TLS." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cohesity:cohesity_dataplatform:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.0.1", + "matchCriteriaId": "0CD74FC9-0166-47BD-9635-EE45422DF49B" + } + ] + } + ] + } + ], "references": [ { "url": "https://cohesity.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/cohesity/SecAdvisory/blob/master/CVE-2023-33295.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-362xx/CVE-2023-36259.json b/CVE-2023/CVE-2023-362xx/CVE-2023-36259.json index cc6e0b9c122..e689c2f33c5 100644 --- a/CVE-2023/CVE-2023-362xx/CVE-2023-36259.json +++ b/CVE-2023/CVE-2023-362xx/CVE-2023-36259.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36259", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T09:15:47.377", - "lastModified": "2024-01-30T09:15:47.377", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-362xx/CVE-2023-36260.json b/CVE-2023/CVE-2023-362xx/CVE-2023-36260.json index 1c21a5b8fde..94d9db4c5e4 100644 --- a/CVE-2023/CVE-2023-362xx/CVE-2023-36260.json +++ b/CVE-2023/CVE-2023-362xx/CVE-2023-36260.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36260", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T09:15:47.440", - "lastModified": "2024-01-30T09:15:47.440", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37571.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37571.json index 0f958a1b8fa..2dc8d16a549 100644 --- a/CVE-2023/CVE-2023-375xx/CVE-2023-37571.json +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37571.json @@ -2,12 +2,16 @@ "id": "CVE-2023-37571", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T01:15:58.803", - "lastModified": "2024-01-30T01:15:58.803", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Softing TH SCOPE through 3.70 allows XSS." + }, + { + "lang": "es", + "value": "Softing TH SCOPE hasta 3,70 permite XSS." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3771.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3771.json index 7bfdcfd0f1d..8c83c45845d 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3771.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3771.json @@ -2,19 +2,80 @@ "id": "CVE-2023-3771", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:11.480", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T14:56:48.577", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The T1 WordPress theme through 19.0 is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites." + }, + { + "lang": "es", + "value": "El tema T1 de WordPress hasta la versi\u00f3n 19.0 es vulnerable a redirecciones abiertas no autenticadas con las que cualquier atacante redirige a los usuarios a sitios web arbitrarios." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:t1_project:t1:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "19.0", + "matchCriteriaId": "B7DAB6AA-FC08-47FC-9A55-F9DD87140ACF" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/7c6fc499-de09-4874-ab96-bdc24d550cfb/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38541.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38541.json index a4f6e06810b..2b168504f96 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38541.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38541.json @@ -2,16 +2,40 @@ "id": "CVE-2023-38541", "sourceIdentifier": "secure@intel.com", "published": "2024-01-19T20:15:10.627", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T14:28:38.110", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access." + }, + { + "lang": "es", + "value": "Los permisos heredados inseguros en algunos controladores Intel HID Event Filter para Windows 10 para algunos instaladores de software de port\u00e1tiles Intel NUC anteriores a la versi\u00f3n 2.2.2.1 pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:hid_event_filter_driver:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.2.2.1", + "matchCriteriaId": "2C574C63-EA47-4E43-9E2A-5CC0C1FC377E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00964.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38587.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38587.json index 996a5e6cf93..9fd4ae1fc46 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38587.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38587.json @@ -2,16 +2,40 @@ "id": "CVE-2023-38587", "sourceIdentifier": "secure@intel.com", "published": "2024-01-19T20:15:10.813", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T14:28:54.747", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper input validation in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access." + }, + { + "lang": "es", + "value": "La validaci\u00f3n de entrada incorrecta en algunos firmware de BIOS Intel NUC puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,366 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_8_home_nuc8i3behfa_firmware:becfl357.0095:*:*:*:*:*:*:*", + "matchCriteriaId": "D7628FD5-B359-4778-9BDC-431C00A60B20" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_8_home_nuc8i3behfa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "16E6615B-4A7A-40E0-81F0-97EB50C0E244" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_8_home_nuc8i5behfa_firmware:becfl357.0095:*:*:*:*:*:*:*", + "matchCriteriaId": "334A6D25-8C5B-46DF-A646-927EFDA42E96" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_8_home_nuc8i5behfa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DBF0EDCE-3179-4DAC-9E43-FC4B917064A3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_8_home_nuc8i5bekpa_firmware:becfl357.0095:*:*:*:*:*:*:*", + "matchCriteriaId": "5012817B-F8D7-4042-8A78-3E23754C162C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_8_home_nuc8i5bekpa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CB778DD-7238-49F7-9B03-8E023FE1EA74" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_8_enthusiast_nuc8i7behga_firmware:becfl357.0095:*:*:*:*:*:*:*", + "matchCriteriaId": "E251B101-FF90-43D1-82A5-7872AE7DA19B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7behga:-:*:*:*:*:*:*:*", + "matchCriteriaId": "75554150-3969-4212-A280-526B37045258" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_8_enthusiast_nuc8i7bekqa_firmware:becfl357.0095:*:*:*:*:*:*:*", + "matchCriteriaId": "3DD15A7C-6DBE-4AA7-AA45-66650E43D3ED" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7bekqa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2BE2DC64-4764-4705-BE36-EDB822AE5BAE" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i3beh_firmware:becfl357.0095:*:*:*:*:*:*:*", + "matchCriteriaId": "C6B5CF65-8BD7-46C7-A695-2AF178974490" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3beh:-:*:*:*:*:*:*:*", + "matchCriteriaId": "394145CF-3DDE-4C8E-92E5-79E93459044E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i3bek_firmware:becfl357.0095:*:*:*:*:*:*:*", + "matchCriteriaId": "A4EDD019-F2E8-4C96-932B-840C53BE1766" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3bek:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9C6AD0CE-D15D-410A-80A5-756D83DA973B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i5beh_firmware:becfl357.0095:*:*:*:*:*:*:*", + "matchCriteriaId": "1D132515-79D2-41AF-A7B5-BA7E63757151" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i5beh:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B980FA8-25E2-4264-B330-F7A9BA14943A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i5bek_firmware:becfl357.0095:*:*:*:*:*:*:*", + "matchCriteriaId": "9F136B17-7B29-432D-92EB-C7997FC0AA28" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i5bek:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C3F419C8-C0D0-42C7-AF8A-B8A23A215BC3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i7beh_firmware:becfl357.0095:*:*:*:*:*:*:*", + "matchCriteriaId": "6F139054-983A-4F44-B958-DE30DE788B32" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i7beh:-:*:*:*:*:*:*:*", + "matchCriteriaId": "771DCB9D-2874-447C-AE8F-0193AD0D2C17" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i3behs_firmware:becfl357.0095:*:*:*:*:*:*:*", + "matchCriteriaId": "08E116FB-2F2A-4612-9FAA-CCDB7F4200A7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i3behs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1FB12206-EA7C-4153-982F-716C96F1715A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i5behs_firmware:becfl357.0095:*:*:*:*:*:*:*", + "matchCriteriaId": "5AA35DE5-667B-4EE4-B540-DD19A7232309" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i5behs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7656721C-73F2-43F5-BB36-80789D65BBEA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i7bek_firmware:becfl357.0095:*:*:*:*:*:*:*", + "matchCriteriaId": "34326BC8-5D17-41E5-AB3C-DCFD113E75BF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i7bek:-:*:*:*:*:*:*:*", + "matchCriteriaId": "82A6A0FA-8DD5-4774-99C3-272D4CAC1C75" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42429.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42429.json index f74fdacb4d9..fbe13bde9b9 100644 --- a/CVE-2023/CVE-2023-424xx/CVE-2023-42429.json +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42429.json @@ -2,16 +2,40 @@ "id": "CVE-2023-42429", "sourceIdentifier": "secure@intel.com", "published": "2024-01-19T20:15:11.343", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T14:20:32.207", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper buffer restrictions in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access." + }, + { + "lang": "es", + "value": "Las restricciones inadecuadas del b\u00fafer en algunos firmware del BIOS Intel NUC pueden permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,177 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_7_essential_pc_nuc7cjysal_firmware:jyglkcpx.0071:*:*:*:*:*:*:*", + "matchCriteriaId": "64DF4579-6014-4B3B-9D0C-7F7B0411366C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_7_essential_nuc7cjysal:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7266102D-7B1C-403A-9E27-4E895AC6DCD5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_7_essential_nuc7cjysamn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*", + "matchCriteriaId": "AECA5B22-1E3B-491C-A626-1FF102E321DC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_7_essential_nuc7cjysamn:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5D1298E3-75D5-4ECB-B063-0F635EC0EB80" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_kit_nuc7cjyhn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*", + "matchCriteriaId": "E47D606D-E423-4B7C-9577-BB4ECE8EABA2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7cjyhn:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D1956157-B3D8-49F7-8B4D-CB188AB8F04C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_kit_nuc7cjyh_firmware:jyglkcpx.0071:*:*:*:*:*:*:*", + "matchCriteriaId": "39E3422A-1803-4C38-A657-7A1130725D04" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:*:*:*:*:*:*:*", + "matchCriteriaId": "573F0989-6A34-4595-A298-EA1B88C61BD9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_kit_nuc7pjyhn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*", + "matchCriteriaId": "AE14E375-EF46-4466-A6C5-9C2F53DF00D6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7pjyhn:-:*:*:*:*:*:*:*", + "matchCriteriaId": "75CD5445-C828-4157-BE6C-2F606338DAEA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_kit_nuc7pjyh_firmware:jyglkcpx.0071:*:*:*:*:*:*:*", + "matchCriteriaId": "B84818C5-6FD0-4CBF-AC72-53152CC6FD28" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7pjyh:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD804138-230D-48CD-9990-900DB9760142" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42766.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42766.json index e07ec87c7ea..d70cd605ad3 100644 --- a/CVE-2023/CVE-2023-427xx/CVE-2023-42766.json +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42766.json @@ -2,16 +2,40 @@ "id": "CVE-2023-42766", "sourceIdentifier": "secure@intel.com", "published": "2024-01-19T20:15:11.537", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T14:28:01.303", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper input validation in some Intel NUC 8 Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access." + }, + { + "lang": "es", + "value": "La validaci\u00f3n de entrada incorrecta en algunos firmware del BIOS Intel NUC 8 Compute Element puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,69 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_8_compute_element_cm8v5cb_firmware:cbwhlmiv.103:*:*:*:*:*:*:*", + "matchCriteriaId": "091B8649-6C7C-46A2-B015-D3781BC230C2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_8_compute_element_cm8v5cb:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C66CDF2D-D808-4FEF-B8D0-DD1117B395A3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:nuc_8_compute_element_cm8v7cb_firmware:cbwhlmiv.103:*:*:*:*:*:*:*", + "matchCriteriaId": "6E1F558B-FA4D-4962-BA45-E399A6C324C2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:nuc_8_compute_element_cm8v7cb:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EF24046F-CE1B-401D-882C-3F705AA6C481" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4550.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4550.json index 056b4bc1698..1ded812ef62 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4550.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4550.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4550", "sourceIdentifier": "security@opentext.com", "published": "2024-01-29T21:15:08.670", - "lastModified": "2024-01-29T21:15:08.670", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.\n\nAn unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. \n\n\nThis issue affects AppBuilder: from 21.2 before 23.2.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta, archivos o directorios accesibles a partes externas en OpenText AppBuilder en Windows, Linux permite sondear archivos del sistema. Un usuario autenticado o no autenticado puede abusar de una p\u00e1gina de AppBuilder para leer archivos arbitrarios en el servidor en el que est\u00e1 alojada. Este problema afecta a AppBuilder: desde 21.2 antes de 23.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4551.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4551.json index e5cb1530939..0bbc7f7d0db 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4551.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4551.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4551", "sourceIdentifier": "security@opentext.com", "published": "2024-01-29T21:15:08.880", - "lastModified": "2024-01-29T21:15:08.880", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection.\n\nThe AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process.\n\n\nThis issue affects AppBuilder: from 21.2 before 23.2.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en OpenText AppBuilder en Windows, Linux permite la inyecci\u00f3n de comandos del sistema operativo. La funcionalidad Scheduler de AppBuilder que facilita la creaci\u00f3n de tareas programadas es vulnerable a la inyecci\u00f3n de comandos. Esto permite a los usuarios autenticados inyectar comandos arbitrarios del sistema operativo en el proceso de ejecuci\u00f3n. Este problema afecta a AppBuilder: desde 21.2 antes de 23.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4552.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4552.json index a1909fbc77e..537ab9a027e 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4552.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4552.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4552", "sourceIdentifier": "security@opentext.com", "published": "2024-01-29T21:15:09.073", - "lastModified": "2024-01-29T21:15:09.073", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.\n\nAn authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system.\n\n\nThis issue affects AppBuilder: from 21.2 before 23.2.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en OpenText AppBuilder en Windows, Linux permite sondear archivos del sistema. Un usuario autenticado de AppBuilder con la capacidad de crear o administrar bases de datos existentes puede aprovecharlas para explotar el servidor de AppBuilder, incluido el acceso a su sistema de archivos local. Este problema afecta a AppBuilder: desde 21.2 antes de 23.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4553.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4553.json index 85a73d021d2..fa398869e96 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4553.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4553.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4553", "sourceIdentifier": "security@opentext.com", "published": "2024-01-29T21:15:09.263", - "lastModified": "2024-01-29T21:15:09.263", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.\n\n\nAppBuilder configuration files are viewable by unauthenticated users.\n\n\nThis issue affects AppBuilder: from 21.2 before 23.2.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en OpenText AppBuilder en Windows, Linux permite sondear archivos del sistema. Los usuarios no autenticados pueden ver los archivos de configuraci\u00f3n de AppBuilder. Este problema afecta a AppBuilder: desde 21.2 antes de 23.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4554.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4554.json index 210905fefee..5b17e4cb061 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4554.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4554.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4554", "sourceIdentifier": "security@opentext.com", "published": "2024-01-29T21:15:09.457", - "lastModified": "2024-01-29T21:15:09.457", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files.\n\nAppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them.\n\n\nThis issue affects AppBuilder: from 21.2 before 23.2.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de restricci\u00f3n inadecuada de la referencia de entidad externa XML en OpenText AppBuilder en Windows, Linux permite la server-side request forgery y sondear archivos del sistema. El procesador XML de AppBuilder es vulnerable al procesamiento de entidades externas XML (XXE), lo que permite a un usuario autenticado cargar archivos XML especialmente manipulados para inducir server-side request forgery y revelar archivos locales al servidor que los procesa. Este problema afecta a AppBuilder: desde 21.2 antes de 23.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47035.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47035.json index 20c40976ed0..9b8440a97a5 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47035.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47035.json @@ -2,23 +2,86 @@ "id": "CVE-2023-47035", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T20:15:11.820", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T14:46:19.023", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que RPTC 0x3b08c no realiza comprobaciones de estado en el par\u00e1metro tradingOpen. Esta vulnerabilidad puede permitir a los atacantes realizar operaciones de transferencia no autorizadas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:etherscan:reptilian_coin:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C8DECF94-DDCB-44E1-8E1D-981E5EF28EB0" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://etherscan.io/token/0x3b08c03fa8278cf81b9043b228183760376fcdbb", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/RikkaLzw/CVE/blob/main/CVE-2024.1.19-3.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49038.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49038.json index 826524f7fd7..6522a5ec754 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49038.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49038.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49038", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T21:15:08.620", - "lastModified": "2024-01-29T21:15:08.620", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root." + }, + { + "lang": "es", + "value": "La inyecci\u00f3n de comandos en la utilidad ping en Buffalo LS210D 1.78-0.03 permite a un atacante remoto autenticado inyectar comandos arbitrarios en el NAS como root." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49351.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49351.json index 2bdd858310c..ca5e71b63df 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49351.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49351.json @@ -2,19 +2,90 @@ "id": "CVE-2023-49351", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-16T19:15:08.120", - "lastModified": "2024-01-16T23:12:38.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T13:56:04.213", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow vulnerability in /bin/webs binary in Edimax BR6478AC V2 firmware veraion v1.23 allows attackers to overwrite other values located on the stack due to an incorrect use of the strcpy() function." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el binario /bin/webs en la versi\u00f3n v1.23 del firmware Edimax BR6478AC V2 permite a los atacantes sobrescribir otros valores ubicados en la pila debido a un uso incorrecto de la funci\u00f3n strcpy()." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:edimax:br-6478ac_firmware:1.23:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DDF2BE-95AB-41F7-AC3D-0C4681009A74" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:edimax:br-6478ac:v2:*:*:*:*:*:*:*", + "matchCriteriaId": "1C7455F9-4812-44C9-A5E2-A25077C2C9BF" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/countfatcode/temp/blob/main/formUSBAccount/formUSBAccount.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json index 2846543acb7..9149bd332ef 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json @@ -2,7 +2,7 @@ "id": "CVE-2023-51764", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-24T05:15:08.273", - "lastModified": "2024-01-22T15:15:08.320", + "lastModified": "2024-01-30T14:15:47.213", "vulnStatus": "Modified", "descriptions": [ { @@ -184,6 +184,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00020.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ5WXFCW2N6G2PH3JXDTYW5PH5EBQEGO/", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51813.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51813.json index 86572bd32bc..1e8240fc0b5 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51813.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51813.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51813", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T01:15:58.873", - "lastModified": "2024-01-30T01:15:58.873", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross Site Request Forgery (CSRF) vulnerability in Free Open-Source Inventory Management System v.1.0 allows a remote attacker to execute arbitrary code via the staff_list parameter in the index.php component." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Request Forgery (CSRF) en Free Open-Source Inventory Management System v.1.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro staff_list en el componente index.php." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51837.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51837.json index 022875e2257..7d714448ed6 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51837.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51837.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51837", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T01:15:58.920", - "lastModified": "2024-01-30T01:15:58.920", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation." + }, + { + "lang": "es", + "value": "Ylianst MeshCentral 1.1.16 es vulnerable a la falta de validaci\u00f3n del certificado SSL." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51839.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51839.json index 86436e5ccb0..1ae4def101c 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51839.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51839.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51839", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T20:15:15.047", - "lastModified": "2024-01-29T20:15:15.047", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm." + }, + { + "lang": "es", + "value": "DeviceFarmer stf v3.6.6 sufre de uso de un algoritmo criptogr\u00e1fico defectuoso o riesgoso." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51840.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51840.json index 6e9a58bbb44..9b0a7135956 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51840.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51840.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51840", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T20:15:15.100", - "lastModified": "2024-01-29T20:15:15.100", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key." + }, + { + "lang": "es", + "value": "DoraCMS 2.1.8 es vulnerable al uso de claves criptogr\u00e1ficas codificadas." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51842.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51842.json index 6e3f056b51d..af92bbc047d 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51842.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51842.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51842", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T20:15:15.150", - "lastModified": "2024-01-29T20:15:15.150", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema de degradaci\u00f3n del algoritmo en Ylianst MeshCentral 1.1.16." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51843.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51843.json index 66878b0b13d..22dcfa72862 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51843.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51843.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51843", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T01:15:58.967", - "lastModified": "2024-01-30T01:15:58.967", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "react-dashboard 1.4.0 is vulnerable to Cross Site Scripting (XSS) as httpOnly is not set." + }, + { + "lang": "es", + "value": "react-dashboard 1.4.0 es vulnerable a Cross Site Scripting (XSS) ya que httpOnly no est\u00e1 configurado." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-519xx/CVE-2023-51982.json b/CVE-2023/CVE-2023-519xx/CVE-2023-51982.json index eb5a48788e6..2dd0fe15029 100644 --- a/CVE-2023/CVE-2023-519xx/CVE-2023-51982.json +++ b/CVE-2023/CVE-2023-519xx/CVE-2023-51982.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51982", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T01:15:59.013", - "lastModified": "2024-01-30T01:15:59.013", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI directly using the default user identity.(https://github.com/crate/crate/issues/15231)" + }, + { + "lang": "es", + "value": "CrateDB 5.5.1 contiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en el componente de la interfaz de usuario de administraci\u00f3n. Despu\u00e9s de configurar la autenticaci\u00f3n de contrase\u00f1a y_ Local_ En el caso de una direcci\u00f3n, la autenticaci\u00f3n de identidad se puede omitir configurando el encabezado de solicitud de IP de X-Real en un valor espec\u00edfico y accediendo a la interfaz de usuario del administrador directamente utilizando la identidad de usuario predeterminada. (https://github. es/crate/crate/issues/15231)" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52071.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52071.json index ec0cec86b97..1d7add9128d 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52071.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52071.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52071", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T07:15:07.787", - "lastModified": "2024-01-30T07:15:07.787", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5372.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5372.json index 5a8dc361fd7..3fd50dd688d 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5372.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5372.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5372", "sourceIdentifier": "security@zyxel.com.tw", "published": "2024-01-30T01:15:59.063", - "lastModified": "2024-01-30T01:15:59.063", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands by sending a crafted query parameter attached to the URL of an affected device\u2019s web management interface." + }, + { + "lang": "es", + "value": "La vulnerabilidad de inyecci\u00f3n de comando posterior a la autenticaci\u00f3n en las versiones de firmware Zyxel NAS326 hasta V5.21(AAZF.15)C0 y NAS542 hasta V5.21(ABAG.12)C0 podr\u00eda permitir que un atacante autenticado con privilegios de administrador ejecute alg\u00fan sistema operativo ( OS) enviando un par\u00e1metro de consulta dise\u00f1ado adjunto a la URL de la interfaz de administraci\u00f3n web de un dispositivo afectado." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6374.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6374.json index cbd93accf49..bc0501bc2f9 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6374.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6374.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6374", "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "published": "2024-01-30T09:15:47.520", - "lastModified": "2024-01-30T09:15:47.520", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6747.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6747.json index a1e24375fc9..631e708b743 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6747.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6747.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6747", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-03T09:15:11.487", - "lastModified": "2024-01-10T16:44:09.000", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-30T14:15:47.380", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -96,6 +96,14 @@ "Product" ] }, + { + "url": "https://plugins.trac.wordpress.org/browser/foogallery/tags/2.4.9/includes/class-gallery-advanced-settings.php?rev=3027668#L149", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/foogallery/tags/2.4.9/includes/functions.php#L1609", + "source": "security@wordfence.com" + }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dce8ac32-cab8-4e05-bf6f-cc348d0c9472?source=cve", "source": "security@wordfence.com", diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6942.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6942.json index 0f149705b09..48749e466b4 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6942.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6942.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6942", "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "published": "2024-01-30T09:15:47.757", - "lastModified": "2024-01-30T09:15:47.757", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6943.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6943.json index 045665e42e3..787c961dd6c 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6943.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6943.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6943", "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "published": "2024-01-30T09:15:47.960", - "lastModified": "2024-01-30T09:15:47.960", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7192.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7192.json index f0c7debba8b..e30a71f176f 100644 --- a/CVE-2023/CVE-2023-71xx/CVE-2023-7192.json +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7192.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7192", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-02T19:15:11.510", - "lastModified": "2024-01-09T01:43:40.960", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-30T13:15:07.933", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -41,20 +41,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", - "confidentialityImpact": "LOW", + "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", - "baseScore": 6.1, + "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, - "impactScore": 4.2 + "impactScore": 3.6 } ] }, diff --git a/CVE-2023/CVE-2023-72xx/CVE-2023-7225.json b/CVE-2023/CVE-2023-72xx/CVE-2023-7225.json index 4c423856d55..b11e2165cbd 100644 --- a/CVE-2023/CVE-2023-72xx/CVE-2023-7225.json +++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7225.json @@ -2,12 +2,16 @@ "id": "CVE-2023-7225", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-30T08:15:40.090", - "lastModified": "2024-01-30T08:15:40.090", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento MapPress Maps for WordPress para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los par\u00e1metros de ancho y alto en todas las versiones hasta la 2.88.16 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-72xx/CVE-2023-7238.json b/CVE-2023/CVE-2023-72xx/CVE-2023-7238.json index 1c2348e80e4..033292be36d 100644 --- a/CVE-2023/CVE-2023-72xx/CVE-2023-7238.json +++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7238.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7238", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-01-23T20:15:45.413", - "lastModified": "2024-01-24T13:49:03.187", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T14:20:10.613", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:orthanc-server:osimis_web_viewer:1.4.2.0-9d9eff4:*:*:*:*:*:*:*", + "matchCriteriaId": "6B8E6B02-A66D-4084-A9C5-CAC7758A7F84" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-023-01", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0674.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0674.json new file mode 100644 index 00000000000..0e8452817ce --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0674.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-0674", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-01-30T13:15:08.330", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.4, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0675.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0675.json new file mode 100644 index 00000000000..ad7d6c323bc --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0675.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-0675", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-01-30T13:15:08.667", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of improper checking for unusual or exceptional conditions\n\nin Lamassu Bitcoin ATM Douro machines, in its 7.1 version,\n\n the exploitation of which could allow an attacker with physical access to the ATM to escape kiosk mode, access the underlying Xwindow interface and execute arbitrary commands as an unprivileged user.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.4, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0676.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0676.json new file mode 100644 index 00000000000..4605f08282b --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0676.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-0676", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-01-30T13:15:08.913", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Weak password requirement vulnerability \n\nin Lamassu Bitcoin ATM Douro machines, in its 7.1 version\n\n, which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.4, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-521" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0778.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0778.json index c04986e9d26..5c470754f47 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0778.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0778.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0778", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-22T16:15:08.320", - "lastModified": "2024-01-22T19:10:26.333", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T13:57:06.667", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced." + }, + { + "lang": "es", + "value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Una vulnerabilidad clasificada como cr\u00edtica ha sido encontrada en Uniview ISC 2500-S hasta 20210930. La funci\u00f3n setNatConfig del archivo /Interface/DevManage/VM.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento natAddress/natPort/natServerPort conduce a la inyecci\u00f3n de comandos del sistema operativo. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-251696. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante. NOTA: Se contact\u00f3 con el proveedor primeramente y se confirm\u00f3 de inmediato que el producto ha llegado al final de su vida \u00fatil. Deber\u00eda retirarse y reemplazarse." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -60,6 +84,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +105,58 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:uniview:isc_2500-s_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "20210930", + "matchCriteriaId": "665E0EC0-706A-41CA-87E0-F74C4062F14F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:uniview:isc_2500-s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6671393C-0715-4B88-B64A-5B0E6CA0657D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/dezhoutorizhao/cve/blob/main/rce.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.251696", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.251696", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1016.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1016.json index 88e317e6910..cf02beebf4f 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1016.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1016.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1016", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-29T18:15:07.800", - "lastModified": "2024-01-29T18:15:07.800", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Solar FTP Server 2.1.1/2.1.2. It has been declared as problematic. This vulnerability affects unknown code of the component PASV Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252286 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Solar FTP Server 2.1.1/2.1.2. Ha sido declarada problem\u00e1tica. C\u00f3digo desconocido del componente PASV Command Handler es afectado por esta vulnerabilidad. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. Se recomienda aplicar un parche para solucionar este problema. VDB-252286 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1017.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1017.json index 305ba3e5638..3a44c2f7115 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1017.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1017.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1017", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-29T19:15:08.637", - "lastModified": "2024-01-29T19:15:08.637", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Gabriels FTP Server 1.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument USERNAME leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-252287." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Gabriels FTP Server 1.2. Ha sido calificada como problem\u00e1tica. Este problema afecta alg\u00fan procesamiento desconocido. La manipulaci\u00f3n del argumento USERNAME conduce a la denegaci\u00f3n de servicio. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-252287." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1018.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1018.json index e8a23e5ca01..7fd5505369c 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1018.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1018.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1018", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-29T20:15:15.197", - "lastModified": "2024-01-29T20:15:15.197", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Affected is an unknown function of the file /admin.php?p=/Area/index#tab=t2. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252288." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en PbootCMS 3.2.5-20230421 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /admin.php?p=/Area/index#tab=t2 es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento name conduce a cross site scripting. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252288." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1020.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1020.json index 241fc724b15..3ac38adc56c 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1020.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1020.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1020", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-29T22:15:08.313", - "lastModified": "2024-01-29T22:15:08.313", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in Rebuild up to 3.5.5. Affected by this vulnerability is the function getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252289 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad clasificada como problem\u00e1tica fue encontrada en Rebuild hasta 3.5.5. La funci\u00f3n getStorageFile del archivo /filex/proxy-download es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento URL conduce a cross site scripting. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252289." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1021.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1021.json index 641f6a603c5..1da72dba9c8 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1021.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1021.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1021", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-29T22:15:08.553", - "lastModified": "2024-01-29T22:15:08.553", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Rebuild hasta 3.5.5 y clasificada como cr\u00edtica. La funci\u00f3n readRawText del componente HTTP Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento URL conduce a la server-side request forgery. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-252290 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1022.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1022.json index 341183fae49..060d85c5f23 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1022.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1022.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1022", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-29T23:15:08.313", - "lastModified": "2024-01-29T23:15:08.313", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in CodeAstro Simple Student Result Management System 5.6. This affects an unknown part of the file /add_classes.php of the component Add Class Page. The manipulation of the argument Class Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252291." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en CodeAstro Simple Student Result Management System 5.6 y clasificada como problem\u00e1tica. Una parte desconocida del archivo /add_classes.php del componente Add Class Page afecta a una parte desconocida. La manipulaci\u00f3n del argumento Class Name conduce a cross site scripting. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-252291." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1024.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1024.json index 6aaf2dae5ab..0074f4b112f 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1024.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1024.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1024", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-30T01:15:59.380", - "lastModified": "2024-01-30T01:15:59.380", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. This vulnerability affects unknown code of the component New Account Handler. The manipulation of the argument First Name/Last Name with the input leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252292." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en SourceCodester Facebook News Feed Like 1.0 y clasificada como problem\u00e1tica. C\u00f3digo desconocido del componente New Account Handler es afectado por esta vulnerabilidad. La manipulaci\u00f3n del argumento First Name/Last Name con la entrada conduce a cross site scripting. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252292." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1026.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1026.json index 8add28697c5..6b01c15b3f4 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1026.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1026.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1026", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-30T01:15:59.693", - "lastModified": "2024-01-30T01:15:59.693", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. This issue affects some unknown processing of the file front/admin/config.php. The manipulation of the argument id with the input %22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-252293 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Cogites eReserv 7.7.58 y clasificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo front/admin/config.php. La manipulaci\u00f3n del argumento id con la entrada %22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E conduce a cross site scripting. El ataque puede iniciarse de forma remota. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252293." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1027.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1027.json index f4abb242eb6..39cb41ea722 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1027.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1027.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1027", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-30T03:15:07.617", - "lastModified": "2024-01-30T03:15:07.617", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Affected is an unknown function of the component Post Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-252300." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en SourceCodester Facebook News Feed Like 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del componente Post Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una carga sin restricciones. Es posible lanzar el ataque de forma remota. El identificador de esta vulnerabilidad es VDB-252300." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1028.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1028.json index a536a737a2d..5fdb32eaa45 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1028.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1028.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1028", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-30T05:15:08.773", - "lastModified": "2024-01-30T05:15:08.773", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Post Handler. The manipulation of the argument Description with the input HACKED leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252301 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en SourceCodester Facebook News Feed Like 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Post Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento Description con la entrada HACKED conduce a cross site scripting. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252301." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1029.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1029.json index ae760776f01..ee363cf7dcd 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1029.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1029.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1029", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-30T06:15:45.633", - "lastModified": "2024-01-30T06:15:45.633", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. Affected by this issue is some unknown functionality of the file /front/admin/tenancyDetail.php. The manipulation of the argument Nom with the input Dreux\"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252302 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Cogites eReserv 7.7.58 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /front/admin/tenancyDetail.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento Nom con la entrada Dreux\"> conduce a cross site scripting. El ataque puede iniciarse de forma remota. La explotaci\u00f3n se ha divulgado al p\u00fablico y puede usarse VDB-252302 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1030.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1030.json index edefce5d7ca..c71d52fe7a1 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1030.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1030.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1030", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-30T10:15:08.467", - "lastModified": "2024-01-30T10:15:08.467", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Cogites eReserv 7.7.58. It has been classified as problematic. This affects an unknown part of the file /front/admin/tenancyDetail.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252303." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Cogites eReserv 7.7.58. Ha sido clasificada como problem\u00e1tica. Esto afecta a una parte desconocida del archivo /front/admin/tenancyDetail.php. La manipulaci\u00f3n del argumento id conduce a cross site scripting. Es posible iniciar el ataque de forma remota. El identificador asociado de esta vulnerabilidad es VDB-252303." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1031.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1031.json new file mode 100644 index 00000000000..6154cf79df0 --- /dev/null +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1031.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-1031", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-30T13:15:09.123", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in CodeAstro Expense Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file templates/5-Add-Expenses.php of the component Add Expenses Page. The manipulation of the argument item leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252304." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://docs.qq.com/doc/DYmhqV3piekZ5dlZi", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252304", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252304", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1032.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1032.json new file mode 100644 index 00000000000..cbcbead0cee --- /dev/null +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1032.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-1032", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-30T14:15:47.577", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in openBI up to 1.0.8. Affected by this vulnerability is the function testConnection of the file /application/index/controller/Databasesource.php of the component Test Connection Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252307." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 7.5 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://note.zhaoj.in/share/6ISYe2urjlkI", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252307", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252307", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1033.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1033.json new file mode 100644 index 00000000000..27793eefcf7 --- /dev/null +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1033.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-1033", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-30T14:15:47.853", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in openBI up to 1.0.8. Affected by this issue is the function agent of the file /application/index/controller/Datament.php. The manipulation of the argument api leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252308." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://note.zhaoj.in/share/nD654ot6zRQZ", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252308", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252308", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1061.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1061.json index 3f918b1d40c..783d184495f 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1061.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1061.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1061", "sourceIdentifier": "vulnreport@tenable.com", "published": "2024-01-30T09:15:48.367", - "lastModified": "2024-01-30T09:15:48.367", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1063.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1063.json index 9ee2e62f7e9..4cbc84523a5 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1063.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1063.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1063", "sourceIdentifier": "vulnreport@tenable.com", "published": "2024-01-30T10:15:09.267", - "lastModified": "2024-01-30T10:15:09.267", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159.\n" + }, + { + "lang": "es", + "value": "Appwrite <= v1.4.13 se ve afectada por Server-Side Request Forgery (SSRF) a trav\u00e9s del endpoint '/v1/avatars/favicon' debido a una soluci\u00f3n incompleta de CVE-2023-27159." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21488.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21488.json index 0ffffcfb983..bf5c65b29f0 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21488.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21488.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21488", "sourceIdentifier": "report@snyk.io", "published": "2024-01-30T05:15:09.277", - "lastModified": "2024-01-30T05:15:09.277", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for an attacker to execute arbitrary commands on the operating system that this package is being run on." + }, + { + "lang": "es", + "value": "Las versiones de la red de paquetes anteriores a la 0.7.0 son vulnerables a la inyecci\u00f3n de comandos arbitrarios debido al uso de la funci\u00f3n ejecutiva child_process sin sanitizaci\u00f3n de entrada. Si se proporciona entrada de usuario (controlada por el atacante) a la funci\u00f3n mac_address_for del paquete, es posible que un atacante ejecute comandos arbitrarios en el sistema operativo en el que se ejecuta este paquete." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21803.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21803.json index dd72997d591..0f020da7ae4 100644 --- a/CVE-2024/CVE-2024-218xx/CVE-2024-21803.json +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21803.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21803", "sourceIdentifier": "security@openanolis.org", "published": "2024-01-30T08:15:41.373", - "lastModified": "2024-01-30T08:15:41.373", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C.\n\nThis issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Use After Free en El kernel de Linux en Linux, x86, ARM (m\u00f3dulos bluetooth) permite la ejecuci\u00f3n local de c\u00f3digo. Esta vulnerabilidad est\u00e1 asociada con archivos de programa https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. Este problema afecta al kernel de Linux: desde v2.6.12-rc2 antes de v6.8-rc1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21840.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21840.json index 98f89591506..83a35f7c985 100644 --- a/CVE-2024/CVE-2024-218xx/CVE-2024-21840.json +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21840.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21840", "sourceIdentifier": "hirt@hitachi.co.jp", "published": "2024-01-30T03:15:07.867", - "lastModified": "2024-01-30T03:15:07.867", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows\u00a0local users to read and write specific files.\n\nThis issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de permisos predeterminados incorrectos en Hitachi Storage Plug-in para VMware vCenter permite a los usuarios locales leer y escribir archivos espec\u00edficos. Este problema afecta a Hitachi Storage Plug-in para VMware vCenter: desde 04.0.0 hasta 04.9.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22523.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22523.json index ac8c595102f..d0f76d8f28b 100644 --- a/CVE-2024/CVE-2024-225xx/CVE-2024-22523.json +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22523.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22523", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T09:15:48.573", - "lastModified": "2024-01-30T09:15:48.573", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22570.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22570.json index ea4a7cd1982..83e1908e158 100644 --- a/CVE-2024/CVE-2024-225xx/CVE-2024-22570.json +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22570.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22570", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T20:15:15.420", - "lastModified": "2024-01-29T20:15:15.420", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross site scripting (XSS) almacenado en /install.php?m=install&c=index&a=step3 de GreenCMS v2.3 permite a los atacantes ejecutar scripts web o HTML de su elecci\u00f3n a trav\u00e9s de un payload manipulado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22643.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22643.json index c24f474896a..e80d5cf5822 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22643.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22643.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22643", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T07:15:07.950", - "lastModified": "2024-01-30T07:15:07.950", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22646.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22646.json index 7d5c61374b2..e7051795b27 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22646.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22646.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22646", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T07:15:08.027", - "lastModified": "2024-01-30T07:15:08.027", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22647.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22647.json index ca55f74790e..9da46e1958e 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22647.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22647.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22647", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T07:15:08.103", - "lastModified": "2024-01-30T07:15:08.103", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22648.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22648.json index 50e0245c520..8b4b8a06c02 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22648.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22648.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22648", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T07:15:08.200", - "lastModified": "2024-01-30T07:15:08.200", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22682.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22682.json index 484f46be376..f658142e1a3 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22682.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22682.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22682", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T01:16:00.020", - "lastModified": "2024-01-30T01:16:00.020", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to malicious extension injection via the custom extension feature." + }, + { + "lang": "es", + "value": "DuckDB <=0.9.2 y DuckDB extension-template <=0.9.2 son vulnerables a la inyecci\u00f3n de extensiones maliciosas a trav\u00e9s de la funci\u00f3n de extensi\u00f3n personalizada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22894.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22894.json index 095e15f1095..3f0e3d0cc5b 100644 --- a/CVE-2024/CVE-2024-228xx/CVE-2024-22894.json +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22894.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22894", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T10:15:09.833", - "lastModified": "2024-01-30T10:15:09.833", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in AIT-Deutschland Alpha Innotec Heatpumps wp2reg-V.3.88.0-9015 and Novelan Heatpumps wp2reg-V.3.88.0-9015, allows remote attackers to execute arbitrary code via the password component in the shadow file." + }, + { + "lang": "es", + "value": "Un problema en AIT-Deutschland Alpha Innotec Heatpumps wp2reg-V.3.88.0-9015 y Novelan Heatpumps wp2reg-V.3.88.0-9015 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente de contrase\u00f1a en el archivo sombra." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-229xx/CVE-2024-22938.json b/CVE-2024/CVE-2024-229xx/CVE-2024-22938.json index 8839a92275b..81396a2924f 100644 --- a/CVE-2024/CVE-2024-229xx/CVE-2024-22938.json +++ b/CVE-2024/CVE-2024-229xx/CVE-2024-22938.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22938", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T01:16:00.077", - "lastModified": "2024-01-30T01:16:00.077", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component." + }, + { + "lang": "es", + "value": "La vulnerabilidad de permisos inseguros en BossCMS v.1.3.0 permite a un atacante local ejecutar c\u00f3digo arbitrario y escalar privilegios a trav\u00e9s de la funci\u00f3n init en el componente admin.class.php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23219.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23219.json index 198b480a526..443c13c074e 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23219.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23219.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23219", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-23T01:15:11.450", - "lastModified": "2024-01-26T17:15:13.057", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-30T14:36:42.017", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,81 @@ "value": "El problema se solucion\u00f3 con una autenticaci\u00f3n mejorada. Este problema se solucion\u00f3 en iOS 17.3 y iPadOS 17.3. La protecci\u00f3n de dispositivos robados puede desactivarse inesperadamente." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.3", + "matchCriteriaId": "93A0FBA9-3FF2-483E-8669-E2C196B3A444" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.3", + "matchCriteriaId": "F927B013-925E-4474-B464-3FA0241F9269" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jan/33", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214059", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23222.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23222.json index 4f38895a1fc..d71cb3c175a 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23222.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23222.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23222", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-23T01:15:11.500", - "lastModified": "2024-01-26T18:15:12.997", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-30T14:32:15.580", + "vulnStatus": "Analyzed", "cisaExploitAdd": "2024-01-23", "cisaActionDue": "2024-02-13", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", @@ -18,63 +18,220 @@ "value": "Se solucion\u00f3 un problema de confusi\u00f3n de tipos con comprobaciones mejoradas. Este problema se solucion\u00f3 en tvOS 17.3, iOS 17.3 y iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 y iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. El procesamiento de contenido web creado con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido aprovechado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionStartExcluding": "16.0", + "versionEndExcluding": "16.7.5", + "matchCriteriaId": "8C2307FA-1412-4727-AD29-541A337A9B97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionStartExcluding": "17.0", + "versionEndExcluding": "17.3", + "matchCriteriaId": "EF93182E-EFE2-4DAF-BAA2-5053A20ADCFF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionStartExcluding": "16.0", + "versionEndExcluding": "16.7.5", + "matchCriteriaId": "78404384-8393-4F57-8076-C84BCFD58B1D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionStartExcluding": "17.0", + "versionEndExcluding": "17.3", + "matchCriteriaId": "79493683-AFEA-42B7-9F15-C3E47069C9CF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.7.3", + "matchCriteriaId": "ECD0F581-7DA4-428A-A1F5-C9A86DDD99D7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.4", + "matchCriteriaId": "A3916CD8-E6D5-4786-903E-B86026859CE6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.3", + "matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:safari:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.3", + "matchCriteriaId": "AF847E34-E210-4F2D-919C-772FFEC50D8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "17.3", + "matchCriteriaId": "921307BF-8419-42C7-9B2C-8DD643723E38" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jan/27", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/33", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/34", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/36", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/37", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/38", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/40", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214055", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214056", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214057", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214058", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214059", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214061", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT214063", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-233xx/CVE-2024-23334.json b/CVE-2024/CVE-2024-233xx/CVE-2024-23334.json index 22951690424..01b4fb33e3f 100644 --- a/CVE-2024/CVE-2024-233xx/CVE-2024-23334.json +++ b/CVE-2024/CVE-2024-233xx/CVE-2024-23334.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23334", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-29T23:15:08.563", - "lastModified": "2024-01-29T23:15:08.563", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue." + }, + { + "lang": "es", + "value": "aiohttp es un framework cliente/servidor HTTP as\u00edncrono para asyncio y Python. Cuando se utiliza aiohttp como servidor web y se configuran rutas est\u00e1ticas, es necesario especificar la ruta ra\u00edz para los archivos est\u00e1ticos. Adem\u00e1s, la opci\u00f3n 'follow_symlinks' se puede utilizar para determinar si se deben seguir enlaces simb\u00f3licos fuera del directorio ra\u00edz est\u00e1tico. Cuando 'follow_symlinks' se establece en Verdadero, no hay validaci\u00f3n para verificar si la lectura de un archivo est\u00e1 dentro del directorio ra\u00edz. Esto puede generar vulnerabilidades de directory traversal, lo que resulta en acceso no autorizado a archivos arbitrarios en el sistema, incluso cuando no hay enlaces simb\u00f3licos presentes. Se recomiendan como mitigaciones deshabilitar follow_symlinks y usar un proxy inverso. La versi\u00f3n 3.9.2 soluciona este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-233xx/CVE-2024-23339.json b/CVE-2024/CVE-2024-233xx/CVE-2024-23339.json index ea4a9796238..671d613ec1f 100644 --- a/CVE-2024/CVE-2024-233xx/CVE-2024-23339.json +++ b/CVE-2024/CVE-2024-233xx/CVE-2024-23339.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23339", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-22T23:15:08.413", - "lastModified": "2024-01-23T13:44:14.167", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T14:30:28.343", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elijahharry:hoolock:*:*:*:*:*:node.js:*:*", + "versionStartIncluding": "2.0.0", + "versionEndExcluding": "2.2.1", + "matchCriteriaId": "C4DE5F97-F88D-4551-9194-4620945DA9C9" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/elijahharry/hoolock/commit/97ae80e856774335d92743c635ffeae2f652b982", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/elijahharry/hoolock/security/advisories/GHSA-4c2g-hx49-7h25", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-233xx/CVE-2024-23340.json b/CVE-2024/CVE-2024-233xx/CVE-2024-23340.json index 4d715465c94..33643164e00 100644 --- a/CVE-2024/CVE-2024-233xx/CVE-2024-23340.json +++ b/CVE-2024/CVE-2024-233xx/CVE-2024-23340.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23340", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-22T23:15:08.637", - "lastModified": "2024-01-23T13:44:14.167", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-30T14:30:38.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,18 +70,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hono:node-server:*:*:*:*:*:node.js:*:*", + "versionStartIncluding": "1.3.0", + "versionEndExcluding": "1.4.1", + "matchCriteriaId": "050ADA00-CAFF-4B7D-AB88-92F4196D1289" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/honojs/node-server/blob/8cea466fd05e6d2e99c28011fc0e2c2d3f3397c9/src/request.ts#L43-L45", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/honojs/node-server/commit/dd9b9a9b23e3896403c90a740e7f1f0892feb402", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/honojs/node-server/security/advisories/GHSA-rjq5-w47x-x359", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23829.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23829.json index a53c88dd59d..845e6b589ad 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23829.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23829.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23829", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-29T23:15:08.767", - "lastModified": "2024-01-29T23:15:08.767", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability." + }, + { + "lang": "es", + "value": "aiohttp es un framework cliente/servidor HTTP as\u00edncrono para asyncio y Python. Las partes sensibles a la seguridad del analizador HTTP de Python conservaron diferencias menores en los conjuntos de caracteres permitidos, que deben activar el manejo de errores para hacer coincidir de manera s\u00f3lida los l\u00edmites de marco de los servidores proxy para proteger contra la inyecci\u00f3n de solicitudes adicionales. Adem\u00e1s, la validaci\u00f3n podr\u00eda desencadenar excepciones que no se manejaron de manera consistente con el procesamiento de otras entradas con formato incorrecto. Ser m\u00e1s indulgente de lo que exigen los est\u00e1ndares de Internet podr\u00eda, seg\u00fan el entorno de implementaci\u00f3n, ayudar en el contrabando de solicitudes. La excepci\u00f3n no controlada podr\u00eda causar un consumo excesivo de recursos en el servidor de aplicaciones y/o sus instalaciones de registro. Esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2023-47627. La versi\u00f3n 3.9.2 corrige esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-239xx/CVE-2024-23940.json b/CVE-2024/CVE-2024-239xx/CVE-2024-23940.json index 4b63c4aae1b..cff9e6e11a3 100644 --- a/CVE-2024/CVE-2024-239xx/CVE-2024-23940.json +++ b/CVE-2024/CVE-2024-239xx/CVE-2024-23940.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23940", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-29T19:15:08.887", - "lastModified": "2024-01-29T19:15:08.887", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system." + }, + { + "lang": "es", + "value": "Trend Micro uiAirSupport, incluido en la familia de productos de consumo Trend Micro Security 2023, versi\u00f3n 6.0.2092 y anteriores, es vulnerable a una vulnerabilidad de secuestro/proxy de DLL que, si se explota, podr\u00eda permitir a un atacante hacerse pasar por una librer\u00eda y modificarla para ejecutar c\u00f3digo en el sistema y, en \u00faltima instancia, escalar privilegios en un sistema afectado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24134.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24134.json index 8b91fcb824c..768b67b3ea7 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24134.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24134.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24134", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T19:15:08.940", - "lastModified": "2024-01-29T19:15:08.940", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section." + }, + { + "lang": "es", + "value": "Sourcecodester Online Food Menu 1.0 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de los campos 'Menu Name' y 'Description' en la secci\u00f3n Update Menu." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24135.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24135.json index f8fe6660f45..8fee783a49d 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24135.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24135.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24135", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T19:15:08.990", - "lastModified": "2024-01-29T19:15:08.990", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks." + }, + { + "lang": "es", + "value": "Product Name y Product Code en la secci\u00f3n 'Add Product' de Sourcecodester Product Inventory with Export to Excel 1.0 son vulnerables a ataques XSS." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24136.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24136.json index f5850d372e2..1249a5442f8 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24136.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24136.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24136", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T20:15:15.467", - "lastModified": "2024-01-29T20:15:15.467", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks." + }, + { + "lang": "es", + "value": "El campo 'Your Name' en la secci\u00f3n Submit Score de Sourcecodester Math Game con Leaderboard v1.0 es vulnerable a ataques de Cross-Site Scripting (XSS)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24139.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24139.json index f31cd1b1a7e..e25d790e851 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24139.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24139.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24139", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T20:15:15.517", - "lastModified": "2024-01-29T20:15:15.517", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via the 'user' parameter." + }, + { + "lang": "es", + "value": "El sistema de inicio de sesi\u00f3n Sourcecodester Login System with Email Verification 1.0 permite la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'user'." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24140.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24140.json index 9556357bee3..6c6866f49ed 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24140.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24140.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24140", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T20:15:15.557", - "lastModified": "2024-01-29T20:15:15.557", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'" + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n Sourcecodester Daily Habit Tracker 1.0 permite la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'tracker'." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24141.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24141.json index b48a33720af..37a6de40ac3 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24141.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24141.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24141", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T20:15:15.600", - "lastModified": "2024-01-29T20:15:15.600", - "vulnStatus": "Received", + "lastModified": "2024-01-30T14:18:33.837", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n Sourcecodester School Task Manager 1.0 permite la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'task'." } ], "metrics": {}, diff --git a/README.md b/README.md index 41057d26f2f..e9f85472853 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-30T11:00:24.962970+00:00 +2024-01-30T15:00:25.970047+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-30T10:15:09.833000+00:00 +2024-01-30T14:56:48.577000+00:00 ``` ### Last Data Feed Release @@ -29,31 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -237114 +237120 ``` ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `6` -* [CVE-2023-36259](CVE-2023/CVE-2023-362xx/CVE-2023-36259.json) (`2024-01-30T09:15:47.377`) -* [CVE-2023-36260](CVE-2023/CVE-2023-362xx/CVE-2023-36260.json) (`2024-01-30T09:15:47.440`) -* [CVE-2023-6374](CVE-2023/CVE-2023-63xx/CVE-2023-6374.json) (`2024-01-30T09:15:47.520`) -* [CVE-2023-6942](CVE-2023/CVE-2023-69xx/CVE-2023-6942.json) (`2024-01-30T09:15:47.757`) -* [CVE-2023-6943](CVE-2023/CVE-2023-69xx/CVE-2023-6943.json) (`2024-01-30T09:15:47.960`) -* [CVE-2024-1061](CVE-2024/CVE-2024-10xx/CVE-2024-1061.json) (`2024-01-30T09:15:48.367`) -* [CVE-2024-22523](CVE-2024/CVE-2024-225xx/CVE-2024-22523.json) (`2024-01-30T09:15:48.573`) -* [CVE-2024-1030](CVE-2024/CVE-2024-10xx/CVE-2024-1030.json) (`2024-01-30T10:15:08.467`) -* [CVE-2024-1063](CVE-2024/CVE-2024-10xx/CVE-2024-1063.json) (`2024-01-30T10:15:09.267`) -* [CVE-2024-22894](CVE-2024/CVE-2024-228xx/CVE-2024-22894.json) (`2024-01-30T10:15:09.833`) +* [CVE-2024-0674](CVE-2024/CVE-2024-06xx/CVE-2024-0674.json) (`2024-01-30T13:15:08.330`) +* [CVE-2024-0675](CVE-2024/CVE-2024-06xx/CVE-2024-0675.json) (`2024-01-30T13:15:08.667`) +* [CVE-2024-0676](CVE-2024/CVE-2024-06xx/CVE-2024-0676.json) (`2024-01-30T13:15:08.913`) +* [CVE-2024-1031](CVE-2024/CVE-2024-10xx/CVE-2024-1031.json) (`2024-01-30T13:15:09.123`) +* [CVE-2024-1032](CVE-2024/CVE-2024-10xx/CVE-2024-1032.json) (`2024-01-30T14:15:47.577`) +* [CVE-2024-1033](CVE-2024/CVE-2024-10xx/CVE-2024-1033.json) (`2024-01-30T14:15:47.853`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `78` -* [CVE-2024-1014](CVE-2024/CVE-2024-10xx/CVE-2024-1014.json) (`2024-01-30T09:15:48.173`) -* [CVE-2024-1015](CVE-2024/CVE-2024-10xx/CVE-2024-1015.json) (`2024-01-30T09:15:48.277`) +* [CVE-2024-23334](CVE-2024/CVE-2024-233xx/CVE-2024-23334.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-23829](CVE-2024/CVE-2024-238xx/CVE-2024-23829.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-1024](CVE-2024/CVE-2024-10xx/CVE-2024-1024.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-1026](CVE-2024/CVE-2024-10xx/CVE-2024-1026.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-22682](CVE-2024/CVE-2024-226xx/CVE-2024-22682.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-22938](CVE-2024/CVE-2024-229xx/CVE-2024-22938.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-1027](CVE-2024/CVE-2024-10xx/CVE-2024-1027.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-21840](CVE-2024/CVE-2024-218xx/CVE-2024-21840.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-1028](CVE-2024/CVE-2024-10xx/CVE-2024-1028.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-21488](CVE-2024/CVE-2024-214xx/CVE-2024-21488.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-1029](CVE-2024/CVE-2024-10xx/CVE-2024-1029.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-22643](CVE-2024/CVE-2024-226xx/CVE-2024-22643.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-22646](CVE-2024/CVE-2024-226xx/CVE-2024-22646.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-22647](CVE-2024/CVE-2024-226xx/CVE-2024-22647.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-22648](CVE-2024/CVE-2024-226xx/CVE-2024-22648.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-21803](CVE-2024/CVE-2024-218xx/CVE-2024-21803.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-1061](CVE-2024/CVE-2024-10xx/CVE-2024-1061.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-22523](CVE-2024/CVE-2024-225xx/CVE-2024-22523.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-1030](CVE-2024/CVE-2024-10xx/CVE-2024-1030.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-1063](CVE-2024/CVE-2024-10xx/CVE-2024-1063.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-22894](CVE-2024/CVE-2024-228xx/CVE-2024-22894.json) (`2024-01-30T14:18:33.837`) +* [CVE-2024-23339](CVE-2024/CVE-2024-233xx/CVE-2024-23339.json) (`2024-01-30T14:30:28.343`) +* [CVE-2024-23340](CVE-2024/CVE-2024-233xx/CVE-2024-23340.json) (`2024-01-30T14:30:38.267`) +* [CVE-2024-23222](CVE-2024/CVE-2024-232xx/CVE-2024-23222.json) (`2024-01-30T14:32:15.580`) +* [CVE-2024-23219](CVE-2024/CVE-2024-232xx/CVE-2024-23219.json) (`2024-01-30T14:36:42.017`) ## Download and Usage