admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-23T15:00:25.055191+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-23 15:00:28 +00:00
parent 76a1d9d0a0
commit a96babbefb
105 changed files with 2543 additions and 224 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2021/CVE-2021-35xx/CVE-2021-3533.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-3533",
"sourceIdentifier": "secalert@redhat.com",
"published": "2021-06-09T12:15:08.457",
"lastModified": "2024-01-15T17:15:08.377",
"lastModified": "2024-01-23T13:15:44.970",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This CVE is marked as INVALID and not a bug"
"value": "Rejected reason: This vulnerability does not meet the criteria for a security vulnerability"
}
],
"metrics": {},

8
CVE-2021/CVE-2021-421xx/CVE-2021-42141.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-42141",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T23:15:08.120",
"lastModified": "2024-01-22T23:15:08.120",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:14.167",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Contiki-NG tinyDTLS hasta el 30 de agosto de 2018. Un protocolo de enlace incorrecto podr\u00eda completarse con diferentes n\u00fameros de \u00e9poca en los paquetes Client_Hello, Client_key_exchange y Change_cipher_spec, lo que puede provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {},

69
CVE-2022/CVE-2022-37xx/CVE-2022-3764.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2022-3764",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:10.030",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T13:55:28.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The plugin does not filter the \"delete_entries\" parameter from user requests, leading to an SQL Injection vulnerability."
},
{
"lang": "es",
"value": "El complemento no filtra el par\u00e1metro \"delete_entries\" de las solicitudes de los usuarios, lo que genera una vulnerabilidad de inyecci\u00f3n SQL."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpvibes:form_vibes:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.4.6",
"matchCriteriaId": "6EB67144-2D5F-418B-B82D-294BF8B3B63B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/9d49df6b-e2f1-4662-90d2-84c29c3b1cb0/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2022/CVE-2022-38xx/CVE-2022-3829.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2022-3829",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:10.080",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:01:44.850",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Font Awesome 4 Menus WordPress plugin through 4.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
},
{
"lang": "es",
"value": "El complemento de WordPress Font Awesome 4 Menus hasta la versi\u00f3n 4.7.0 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de cross site scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en configuraci\u00f3n multisitio)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:newnine:font_awesome_4_menus:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.7.0",
"matchCriteriaId": "C72960B8-CAEB-4DF6-8FCA-76EA3847B8E9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/684941ad-541f-43f9-a7ef-d26c0f4e6e21/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-14xx/CVE-2023-1405.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-1405",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:10.717",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:28:58.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present."
},
{
"lang": "es",
"value": "El complemento de WordPress Formidable Forms anterior a 6.2 deserializa la entrada del usuario, lo que podr\u00eda permitir a usuarios an\u00f3nimos realizar inyecci\u00f3n de objetos PHP cuando hay presente un dispositivo adecuado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strategy11:formidable_forms:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.2",
"matchCriteriaId": "BF05B624-859B-4919-9F75-2FD60CADA142"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/8c727a31-ff65-4472-8191-b1becc08192a/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-241xx/CVE-2023-24135.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-24135",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T21:15:08.793",
"lastModified": "2024-01-22T21:15:08.793",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:14.167",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. This vulnerability allows attackers to execute arbitrary commands via manipulation of the mac parameter."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Jensen de Scandinavia Eagle 1200AC V15.03.06.33_en contiene una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n formWriteFacMac. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante la manipulaci\u00f3n del par\u00e1metro mac."
}
],
"metrics": {},

69
CVE-2023/CVE-2023-26xx/CVE-2023-2655.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-2655",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:10.830",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:15:12.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin"
},
{
"lang": "es",
"value": "El complemento Contact Form de WD WordPress hasta la versi\u00f3n 1.13.23 no sanitiza ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que genera una inyecci\u00f3n de SQL explotable por usuarios con privilegios elevados, como el administrador."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:web-dorado:contact_form_maker:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.13.23",
"matchCriteriaId": "351FA2A8-A121-4334-AA2A-8CF3D6CD5D68"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/b3f2d38f-8eeb-45e9-bb58-2957e416e1cd/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-375xx/CVE-2023-37521.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37521",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-16T16:15:10.893",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:21:58.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack.\n"
},
{
"lang": "es",
"value": "HCL BigFix Bare OSD Metal Server WebUI versi\u00f3n 311.19 o inferior a veces puede incluir informaci\u00f3n confidencial en una cadena de consulta que podr\u00eda permitir a un atacante ejecutar un ataque malicioso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "psirt@hcl.com",
"type": "Secondary",
@ -34,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:bigfix_bare_osd_metal_server_webui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "311.28",
"matchCriteriaId": "EC54BBC6-5CEF-4D80-B458-C289E3ED18C9"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109754",
"source": "psirt@hcl.com"
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-380xx/CVE-2023-38039.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38039",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-09-15T04:15:10.127",
"lastModified": "2024-01-22T19:15:08.230",
"lastModified": "2024-01-23T14:15:37.020",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -122,6 +122,10 @@
"url": "https://security.netapp.com/advisory/ntap-20231013-0005/",
"source": "support@hackerone.com"
},
{
"url": "https://support.apple.com/kb/HT214036",
"source": "support@hackerone.com"
},
{
"url": "https://support.apple.com/kb/HT214057",
"source": "support@hackerone.com"

6
CVE-2023/CVE-2023-385xx/CVE-2023-38545.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38545",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-10-18T04:15:11.077",
"lastModified": "2024-01-22T19:15:08.340",
"lastModified": "2024-01-23T14:15:37.120",
"vulnStatus": "Modified",
"descriptions": [
{
@ -138,6 +138,10 @@
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT214036",
"source": "support@hackerone.com"
},
{
"url": "https://support.apple.com/kb/HT214057",
"source": "support@hackerone.com"

6
CVE-2023/CVE-2023-385xx/CVE-2023-38546.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38546",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-10-18T04:15:11.137",
"lastModified": "2024-01-22T19:15:08.437",
"lastModified": "2024-01-23T14:15:37.220",
"vulnStatus": "Modified",
"descriptions": [
{
@ -82,6 +82,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/",
"source": "support@hackerone.com"
},
{
"url": "https://support.apple.com/kb/HT214036",
"source": "support@hackerone.com"
},
{
"url": "https://support.apple.com/kb/HT214057",
"source": "support@hackerone.com"

8
CVE-2023/CVE-2023-391xx/CVE-2023-39197.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39197",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-23T03:15:11.683",
"lastModified": "2024-01-23T03:15:11.683",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de lectura fuera de los l\u00edmites en Netfilter Connection Tracking (conntrack) en el kernel de Linux. Esta falla permite que un usuario remoto revele informaci\u00f3n confidencial a trav\u00e9s del protocolo DCCP."
}
],
"metrics": {

24
CVE-2023/CVE-2023-405xx/CVE-2023-40528.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40528",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:09.620",
"lastModified": "2024-01-23T01:15:09.620",
"vulnStatus": "Received",
"lastModified": "2024-01-23T14:15:37.300",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences."
},
{
"lang": "es",
"value": "Este problema se solucion\u00f3 eliminando el c\u00f3digo vulnerable. Este problema se solucion\u00f3 en tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 y iPadOS 17, macOS Ventura 13.6.4. Es posible que una aplicaci\u00f3n pueda eludir las preferencias de privacidad."
}
],
"metrics": {},
@ -31,6 +35,22 @@
{
"url": "https://support.apple.com/en-us/HT214058",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT213936",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT213937",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT213938",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT213940",
"source": "product-security@apple.com"
}
]
}

8
CVE-2023/CVE-2023-428xx/CVE-2023-42881.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42881",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:09.840",
"lastModified": "2024-01-23T01:15:09.840",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:14.167",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2. Processing a file may lead to unexpected app termination or arbitrary code execution."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sonoma 14.2. El procesamiento de un archivo puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},

12
CVE-2023/CVE-2023-428xx/CVE-2023-42887.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42887",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:09.910",
"lastModified": "2024-01-23T01:15:09.910",
"vulnStatus": "Received",
"lastModified": "2024-01-23T14:15:37.360",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2. An app may be able to read arbitrary files."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de acceso con restricciones adicionales de la sandbox. Este problema se solucion\u00f3 en macOS Ventura 13.6.4, macOS Sonoma 14.2. Es posible que una aplicaci\u00f3n pueda leer archivos arbitrarios."
}
],
"metrics": {},
@ -19,6 +23,10 @@
{
"url": "https://support.apple.com/en-us/HT214058",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214036",
"source": "product-security@apple.com"
}
]
}

20
CVE-2023/CVE-2023-428xx/CVE-2023-42888.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42888",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:09.980",
"lastModified": "2024-01-23T01:15:09.980",
"vulnStatus": "Received",
"lastModified": "2024-01-23T14:15:37.403",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. Processing a maliciously crafted image may result in disclosure of process memory."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 16.7.5 y iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 y iPadOS 17.2. El procesamiento de una imagen creada con fines malintencionados puede provocar la divulgaci\u00f3n de la memoria del proceso."
}
],
"metrics": {},
@ -35,6 +39,18 @@
{
"url": "https://support.apple.com/en-us/HT214063",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214035",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214041",
"source": "product-security@apple.com"
}
]
}

12
CVE-2023/CVE-2023-429xx/CVE-2023-42915.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42915",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:10.123",
"lastModified": "2024-01-23T01:15:10.123",
"vulnStatus": "Received",
"lastModified": "2024-01-23T14:15:37.453",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple issues were addressed by updating to curl version 8.4.0. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 16.7.5 and iPadOS 16.7.5. Multiple issues in curl."
},
{
"lang": "es",
"value": "Se solucionaron varios problemas actualizando a la versi\u00f3n 8.4.0 de curl. Este problema se solucion\u00f3 en macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 16.7.5 y iPadOS 16.7.5. M\u00faltiples problemas en curl."
}
],
"metrics": {},
@ -27,6 +31,10 @@
{
"url": "https://support.apple.com/en-us/HT214063",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214036",
"source": "product-security@apple.com"
}
]
}

8
CVE-2023/CVE-2023-429xx/CVE-2023-42935.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42935",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:10.170",
"lastModified": "2024-01-23T03:15:12.183",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:14.167",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6.4. A local attacker may be able to view the previous logged in user\u2019s desktop from the fast user switching screen."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de autenticaci\u00f3n con una gesti\u00f3n de estado mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.6.4. Un atacante local puede ver el escritorio del usuario que inici\u00f3 sesi\u00f3n anteriormente desde la pantalla de cambio r\u00e1pido de usuario."
}
],
"metrics": {},

20
CVE-2023/CVE-2023-429xx/CVE-2023-42937.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42937",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:10.217",
"lastModified": "2024-01-23T01:15:10.217",
"vulnStatus": "Received",
"lastModified": "2024-01-23T14:15:37.497",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. An app may be able to access sensitive user data."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de privacidad mejorando la redacci\u00f3n de datos privados para las entradas de registro. Este problema se solucion\u00f3 en iOS 16.7.5 y iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 y iPadOS 17.2. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
@ -35,6 +39,18 @@
{
"url": "https://support.apple.com/en-us/HT214063",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214035",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214036",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214041",
"source": "product-security@apple.com"
}
]
}

59
CVE-2023/CVE-2023-444xx/CVE-2023-44401.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-44401",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T14:15:37.540",
"lastModified": "2024-01-23T14:15:37.540",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn\u2019t paginated per se. This has been fixed in versions 4.3.7 and 5.1.3 by ensuring no new records are pulled in from the database after performing `canView` permission checks for each page of results. This may result in some pages in the query results having less than the maximum number of records per page even when there are more pages of results. This behavior is consistent with how pagination works in other areas of Silverstripe CMS, such as in `GridField`, and is a result of having to perform permission checks in PHP rather than in the database directly. One may disable these permission checks by disabling the `CanViewPermission` plugin."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-jgph-w8rh-xf5p",
"source": "security-advisories@github.com"
},
{
"url": "https://www.silverstripe.org/download/security-releases/CVE-2023-44401",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-463xx/CVE-2023-46343.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46343",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T10:15:10.383",
"lastModified": "2024-01-23T10:15:10.383",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c."
},
{
"lang": "es",
"value": "En el kernel de Linux anterior a 6.5.9, hay una desreferencia de puntero NULL en send_acknowledge en net/nfc/nci/spi.c."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-471xx/CVE-2023-47141.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47141",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-01-22T21:15:09.367",
"lastModified": "2024-01-22T21:15:09.367",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:14.167",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264."
},
{
"lang": "es",
"value": "IIBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5 podr\u00eda permitir que un usuario autenticado con privilegios CONNECT provoque una denegaci\u00f3n de servicio mediante una consulta especialmente manipulada. ID de IBM X-Force: 270264."
}
],
"metrics": {

69
CVE-2023/CVE-2023-47xx/CVE-2023-4797.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-4797",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:13.400",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:25:23.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server."
},
{
"lang": "es",
"value": "El complemento Newsletters de WordPress anterior a 4.9.3 no escapa adecuadamente a los par\u00e1metros controlados por el usuario cuando se agregan a consultas SQL y comandos de shell, lo que podr\u00eda permitir a un administrador ejecutar comandos arbitrarios en el servidor."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribulant:newsletters:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.9.3",
"matchCriteriaId": "333D41F9-407B-4B09-ACDA-09198D07F7E4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/de169fc7-f388-4abb-ab94-12522fd1ac92/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-487xx/CVE-2023-48714.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-48714",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T14:15:37.780",
"lastModified": "2024-01-23T14:15:37.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v",
"source": "security-advisories@github.com"
},
{
"url": "https://www.silverstripe.org/download/security-releases/CVE-2023-48714",
"source": "security-advisories@github.com"
}
]
}

74
CVE-2023/CVE-2023-491xx/CVE-2023-49106.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49106",
"sourceIdentifier": "hirt@hitachi.co.jp",
"published": "2024-01-16T01:15:34.423",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T13:51:31.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
@ -50,10 +80,48 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hitachi:device_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.8.5-04",
"matchCriteriaId": "E39EB7AF-1820-4285-ADBA-9BE2C6EAF15A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA79AC0-A0CC-4EE6-AEF5-9B8C8EA2C9F1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-101/index.html",
"source": "hirt@hitachi.co.jp"
"source": "hirt@hitachi.co.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-491xx/CVE-2023-49107.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49107",
"sourceIdentifier": "hirt@hitachi.co.jp",
"published": "2024-01-16T01:15:34.630",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:04:46.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
},
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
@ -50,10 +80,48 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hitachi:device_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.8.5-04",
"matchCriteriaId": "E39EB7AF-1820-4285-ADBA-9BE2C6EAF15A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA79AC0-A0CC-4EE6-AEF5-9B8C8EA2C9F1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-101/index.html",
"source": "hirt@hitachi.co.jp"
"source": "hirt@hitachi.co.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-497xx/CVE-2023-49783.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49783",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T14:15:37.967",
"lastModified": "2024-01-23T14:15:37.967",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a `ModelAdmin` can still edit or delete records using the CSV import form, provided they have create permissions. The likelihood of a user having create permissions but not having edit or delete permissions is low, but it is possible. Note that this doesn't affect any `ModelAdmin` which has had the import form disabled via the `showImportForm` public property. Versions 1.13.19 and 2.1.8 contain a patch for the issue. Those who have a custom implementation of `BulkLoader` should update their implementations to respect permissions when the return value of `getCheckPermissions()` is true. Those who use any `BulkLoader` in their own project logic, or maintain a module which uses it, should consider passing `true` to `setCheckPermissions()` if the data is provided by users."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/silverstripe/silverstripe-admin/security/advisories/GHSA-j3m6-gvm8-mhvw",
"source": "security-advisories@github.com"
},
{
"url": "https://www.silverstripe.org/download/security-releases/CVE-2023-49783",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2023/CVE-2023-510xx/CVE-2023-51042.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51042",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T11:15:08.703",
"lastModified": "2024-01-23T11:15:08.703",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-510xx/CVE-2023-51043.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51043",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T11:15:08.820",
"lastModified": "2024-01-23T11:15:08.820",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

78
CVE-2023/CVE-2023-518xx/CVE-2023-51807.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2023-51807",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-16T23:15:08.140",
"lastModified": "2024-01-17T00:03:29.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:45:29.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload to the title addition component."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross site scripting en OFCMS v.1.14 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de un payload manipulado para el componente title addition."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ofcms_project:ofcms:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BEC359-FBFB-4504-A489-ABB933E1DFEF"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/oufu/ofcms",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://gitee.com/oufu/ofcms/issues/I7OAU2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Issue Tracking"
]
},
{
"url": "https://github.com/Phantom4me/CVE-Management/blob/main/CVE-2023-51807.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

69
CVE-2023/CVE-2023-55xx/CVE-2023-5558.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-5558",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:13.443",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:31:49.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin."
},
{
"lang": "es",
"value": "El complemento LearnPress WordPress anterior a 4.2.5.5 no sanitiza ni escapa a la entrada del usuario antes de devolverla a la p\u00e1gina, lo que genera cross site scripting reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.2.5.5",
"matchCriteriaId": "9B0CA633-72A5-4BFD-AE42-95AF31F88BD0"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/4efd2a4d-89bd-472f-ba5a-f9944fd4dd16/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-59xx/CVE-2023-5922.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-5922",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:13.487",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:45:17.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content"
},
{
"lang": "es",
"value": "El complemento de WordPress Royal Elementor Addons and Templates anterior a 1.3.81 no garantiza que los usuarios que acceden a publicaciones a trav\u00e9s de una acci\u00f3n AJAX (y el endpoint REST, actualmente deshabilitado en el complemento) tengan derecho a hacerlo, lo que permite a usuarios no autenticados acceder a borradores arbitrarios, privados. y contenido de publicaciones/p\u00e1ginas protegidas con contrase\u00f1a"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.81",
"matchCriteriaId": "53562301-578E-4A72-9A44-733B232DCA7E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/debd8498-5770-4270-9ee1-1503e675ef34/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-62xx/CVE-2023-6292.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-6292",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:13.640",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:47:58.340",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack."
},
{
"lang": "es",
"value": "El complemento de WordPress Ecwid Ecommerce Shopping Cart anterior a 6.12.5 no tiene activada la verificaci\u00f3n CSRF al actualizar su configuraci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n los cambie mediante un ataque CSRF."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lightspeedhq:ecwid_ecommerce_shopping_cart:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.12.5",
"matchCriteriaId": "0FA181E9-AFED-44AC-B43F-77A2CB4A7E9A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/d4cf799e-2571-4b96-a303-78dcafbfcf40/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-63xx/CVE-2023-6373.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-6373",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:13.693",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:53:25.540",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize and escape the \"id\" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor (or above)"
},
{
"lang": "es",
"value": "El complemento ArtPlacer Widget de WordPress anterior a 2.20.7 no sanitiza ni escapa del par\u00e1metro \"id\" antes de enviar la consulta, lo que genera un SQLI explotable por los editores y superiores. Nota: Debido a la falta de verificaci\u00f3n CSRF, el problema tambi\u00e9n podr\u00eda explotarse a trav\u00e9s de un CSRF contra un editor registrado (o superior)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artplacer:artplacer_widget:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.20.6",
"matchCriteriaId": "E875555F-CD27-4807-9551-79C8346B14A8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/afc11c92-a7c5-4e55-8f34-f2235438bd1b/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-65xx/CVE-2023-6592.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-6592",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:13.750",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:56:28.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files."
},
{
"lang": "es",
"value": "El complemento FastDup de WordPress anterior a 2.2 no impide el listado de directorios en directorios confidenciales que contienen archivos de exportaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ninjateam:fastdup:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2",
"matchCriteriaId": "50436D04-3724-4E56-84D5-64C30A61C930"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/a39bb807-b143-4863-88ff-1783e407d7d4/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-67xx/CVE-2023-6732.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-6732",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:13.817",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:59:59.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
},
{
"lang": "es",
"value": "El complemento de WordPress Ultimate Maps by Supsystic anterior a 1.2.16 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, realizar ataques de cross site scripting incluso cuando unfiltered_html no est\u00e1 permitido."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:supsystic:ultimate_maps:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.16",
"matchCriteriaId": "443DECAC-FA9B-4431-807E-0059ACC223A9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/aaf91707-f03b-4f25-bca9-9fac4945002a/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-05xx/CVE-2024-0587.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0587",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-23T07:15:52.623",
"lastModified": "2024-01-23T07:15:52.623",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqus_name' parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento AMP para WP \u2013 Accelerated Mobile Pages para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro 'disqus_name' en todas las versiones hasta la 1.0.92.1 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en el archivo JS ejecutado. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

4
CVE-2024/CVE-2024-07xx/CVE-2024-0703.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0703",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-23T11:15:08.880",
"lastModified": "2024-01-23T11:15:08.880",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

32
CVE-2024/CVE-2024-07xx/CVE-2024-0741.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-0741",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.173",
"lastModified": "2024-01-23T14:15:38.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864587",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-02/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-04/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2024/CVE-2024-07xx/CVE-2024-0742.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-0742",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.230",
"lastModified": "2024-01-23T14:15:38.230",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1867152",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-02/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-04/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2024/CVE-2024-07xx/CVE-2024-0743.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0743",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.280",
"lastModified": "2024-01-23T14:15:38.280",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1867408",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2024/CVE-2024-07xx/CVE-2024-0744.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0744",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.327",
"lastModified": "2024-01-23T14:15:38.327",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1871089",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2024/CVE-2024-07xx/CVE-2024-0745.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0745",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.373",
"lastModified": "2024-01-23T14:15:38.373",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1871838",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2024/CVE-2024-07xx/CVE-2024-0746.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-0746",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.417",
"lastModified": "2024-01-23T14:15:38.417",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1660223",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-02/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-04/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2024/CVE-2024-07xx/CVE-2024-0747.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-0747",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.463",
"lastModified": "2024-01-23T14:15:38.463",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1764343",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-02/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-04/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2024/CVE-2024-07xx/CVE-2024-0748.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0748",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.507",
"lastModified": "2024-01-23T14:15:38.507",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1783504",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2024/CVE-2024-07xx/CVE-2024-0749.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-0749",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.550",
"lastModified": "2024-01-23T14:15:38.550",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1813463",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-02/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-04/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2024/CVE-2024-07xx/CVE-2024-0750.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-0750",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.597",
"lastModified": "2024-01-23T14:15:38.597",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863083",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-02/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-04/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2024/CVE-2024-07xx/CVE-2024-0751.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-0751",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.643",
"lastModified": "2024-01-23T14:15:38.643",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1865689",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-02/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-04/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2024/CVE-2024-07xx/CVE-2024-0752.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0752",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.693",
"lastModified": "2024-01-23T14:15:38.693",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1866840",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2024/CVE-2024-07xx/CVE-2024-0753.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-0753",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.730",
"lastModified": "2024-01-23T14:15:38.730",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1870262",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-02/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-04/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2024/CVE-2024-07xx/CVE-2024-0754.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0754",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.777",
"lastModified": "2024-01-23T14:15:38.777",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1871605",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
}
]
}

32
CVE-2024/CVE-2024-07xx/CVE-2024-0755.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-0755",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.820",
"lastModified": "2024-01-23T14:15:38.820",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-02/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-04/",
"source": "security@mozilla.org"
}
]
}

4
CVE-2024/CVE-2024-220xx/CVE-2024-22076.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22076",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T11:15:09.233",
"lastModified": "2024-01-23T11:15:09.233",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

57
CVE-2024/CVE-2024-224xx/CVE-2024-22428.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22428",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-01-16T04:15:08.067",
"lastModified": "2024-01-16T13:56:05.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:13:19.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:emc_idrac_service_module:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.2.0.0",
"matchCriteriaId": "CF8A2D97-2E01-4726-9C55-640B7CA80314"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000221129/dsa-2024-018-security-update-for-dell-idrac-service-module-for-weak-folder-permission-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-224xx/CVE-2024-22491.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2024-22491",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-16T19:15:09.080",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:28:45.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross site scripting almacenado (XSS) en beetl-bbs 2.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de contenido post/save ."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:beetl-bbs_project:beetl-bbs:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D511D79C-25A7-4836-91CF-20770E174374"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cui2shark/security/blob/main/A%20stored%20cross-site%20scripting%20%28XSS%29%20vulnerability%20was%20discovered%20in%20beetl-bbs%20post%20save.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

67
CVE-2024/CVE-2024-226xx/CVE-2024-22601.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2024-22601",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T17:15:14.417",
"lastModified": "2024-01-18T19:25:46.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:23:11.057",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save"
},
{
"lang": "es",
"value": "FlyCms v1.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /system/score/scorerule_save"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flycms_project:flycms:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEB820-5DE8-48ED-8E13-72B868382601"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ljw11e/cms/blob/main/5.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-226xx/CVE-2024-22603.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22603",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T17:15:14.480",
"lastModified": "2024-01-18T19:25:46.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:23:38.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link"
},
{
"lang": "es",
"value": "FlyCms v1.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /system/links/add_link"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flycms_project:flycms:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEB820-5DE8-48ED-8E13-72B868382601"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ljw11e/cms/blob/main/4.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-226xx/CVE-2024-22699.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22699",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T16:15:09.020",
"lastModified": "2024-01-18T19:25:46.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:22:44.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save."
},
{
"lang": "es",
"value": "FlyCms v1.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /system/admin/update_group_save."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flycms_project:flycms:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEB820-5DE8-48ED-8E13-72B868382601"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/biantaibao/cms/blob/main/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-227xx/CVE-2024-22705.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22705",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T11:15:09.327",
"lastModified": "2024-01-23T11:15:09.327",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-227xx/CVE-2024-22768.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22768",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2024-01-23T05:15:08.690",
"lastModified": "2024-01-23T05:15:08.690",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.\n"
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en Hitron Systems DVR HVR-4781 1.03~4.02 permite a un atacante provocar un ataque a la red en caso de utilizar el ID/PW de administrador predeterminado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-227xx/CVE-2024-22769.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22769",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2024-01-23T05:15:08.990",
"lastModified": "2024-01-23T05:15:08.990",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en Hitron Systems DVR HVR-8781 1.03~4.02 permite a un atacante provocar un ataque a la red en caso de utilizar el ID/PW de administrador predeterminado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-227xx/CVE-2024-22770.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22770",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2024-01-23T05:15:09.333",
"lastModified": "2024-01-23T05:15:09.333",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en Hitron Systems DVR HVR-16781 1.03~4.02 permite a un atacante provocar un ataque a la red en caso de utilizar el ID/PW de administrador predeterminado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-227xx/CVE-2024-22771.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22771",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2024-01-23T05:15:09.563",
"lastModified": "2024-01-23T05:15:09.563",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en Hitron Systems DVR LGUVR-4H 1.02~4.02 permite a un atacante provocar un ataque a la red en caso de utilizar el ID/PW de administrador predeterminado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-227xx/CVE-2024-22772.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22772",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2024-01-23T05:15:09.800",
"lastModified": "2024-01-23T05:15:09.800",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en Hitron Systems DVR LGUVR-8H 1.02~4.02 permite a un atacante provocar un ataque a la red en caso de utilizar el ID/PW de administrador predeterminado."
}
],
"metrics": {

68
CVE-2024/CVE-2024-228xx/CVE-2024-22817.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22817",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T17:15:14.530",
"lastModified": "2024-01-18T19:25:46.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:23:18.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte"
},
{
"lang": "es",
"value": "FlyCms v1.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /system/email/email_conf_updagte"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flycms_project:flycms:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEB820-5DE8-48ED-8E13-72B868382601"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/mafangqian/cms/blob/main/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-228xx/CVE-2024-22818.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22818",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T17:15:14.577",
"lastModified": "2024-01-18T19:25:46.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:23:46.073",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save"
},
{
"lang": "es",
"value": "FlyCms v1.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /system/site/filterKeyword_save"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flycms_project:flycms:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEB820-5DE8-48ED-8E13-72B868382601"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/mafangqian/cms/blob/main/3.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-228xx/CVE-2024-22819.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22819",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T17:15:14.623",
"lastModified": "2024-01-18T19:25:46.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-23T14:23:51.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update."
},
{
"lang": "es",
"value": "FlyCms v1.0 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /system/email/email_templets_update."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flycms_project:flycms:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85DEB820-5DE8-48ED-8E13-72B868382601"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/mafangqian/cms/blob/main/2.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-231xx/CVE-2024-23180.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23180",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-01-23T10:15:10.440",
"lastModified": "2024-01-23T10:15:10.440",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file."
},
{
"lang": "es",
"value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en las versiones de la serie a-blog cms Ver.3.1.x anteriores a la Ver.3.1.7, versiones de la serie Ver.3.0.x anteriores a la Ver.3.0.29, versiones de la serie Ver.2.11.x anteriores a la Ver. 2.11.58, versiones de la serie Ver.2.10.x anteriores a la Ver.2.10.50 y Ver.2.9.0 y anteriores permiten a un atacante remoto autenticado ejecutar c\u00f3digo arbitrario cargando un archivo SVG especialmente manipulado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-231xx/CVE-2024-23181.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23181",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-01-23T10:15:10.493",
"lastModified": "2024-01-23T10:15:10.493",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user's web browser."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting en las versiones de la serie a-blog cms Ver.3.1.x anteriores a la Ver.3.1.7, versiones de la serie Ver.3.0.x anteriores a la Ver.3.0.29, versiones de la serie Ver.2.11.x anteriores a la Ver. .2.11.58, versiones de la serie Ver.2.10.x anteriores a la Ver.2.10.50 y Ver.2.9.0 y anteriores permiten a un atacante remoto no autenticado ejecutar un script arbitrario en el navegador web del usuario que ha iniciado sesi\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-231xx/CVE-2024-23182.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23182",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-01-23T10:15:10.540",
"lastModified": "2024-01-23T10:15:10.540",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to delete arbitrary files on the server."
},
{
"lang": "es",
"value": "Vulnerabilidad de path traversal relativo en las versiones de la serie a-blog cms Ver.3.1.x anteriores a la Ver.3.1.7, versiones de la serie Ver.3.0.x anteriores a la Ver.3.0.29, versiones de la serie Ver.2.11.x anteriores a la Ver. 2.11.58, versiones de la serie Ver.2.10.x anteriores a Ver.2.10.50 y Ver.2.9.0 y anteriores permiten a un atacante remoto autenticado eliminar archivos arbitrarios en el servidor."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-231xx/CVE-2024-23183.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23183",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-01-23T10:15:10.590",
"lastModified": "2024-01-23T10:15:10.590",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user's web browser."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting en las versiones de la serie a-blog cms Ver.3.1.x anteriores a la Ver.3.1.7, versiones de la serie Ver.3.0.x anteriores a la Ver.3.0.29, versiones de la serie Ver.2.11.x anteriores a la Ver. .2.11.58, versiones de la serie Ver.2.10.x anteriores a la Ver.2.10.50 y Ver.2.9.0 y anteriores permiten a un atacante remoto autenticado ejecutar un script arbitrario en el navegador web del usuario que ha iniciado sesi\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-232xx/CVE-2024-23203.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23203",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:10.740",
"lastModified": "2024-01-23T01:15:10.740",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:14.167",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con comprobaciones de permisos adicionales. Este problema se solucion\u00f3 en macOS Sonoma 14.3, iOS 17.3 y iPadOS 17.3. Un acceso directo puede utilizar datos confidenciales con determinadas acciones sin avisar al usuario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-232xx/CVE-2024-23204.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23204",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:10.787",
"lastModified": "2024-01-23T01:15:10.787",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con comprobaciones de permisos adicionales. Este problema se solucion\u00f3 en macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 y iPadOS 17.3. Un acceso directo puede utilizar datos confidenciales con determinadas acciones sin avisar al usuario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-232xx/CVE-2024-23206.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23206",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:10.840",
"lastModified": "2024-01-23T01:15:10.840",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de acceso mejorando las restricciones de acceso. Este problema se solucion\u00f3 en watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 y iPadOS 16.7.5, Safari 17.3. Una p\u00e1gina web creada con fines malintencionados puede tomar huellas digitales del usuario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-232xx/CVE-2024-23207.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23207",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:10.887",
"lastModified": "2024-01-23T01:15:10.887",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to access sensitive user data."
},
{
"lang": "es",
"value": "Este problema se solucion\u00f3 mejorando la redacci\u00f3n de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en watchOS 10.3, iOS 17.3 y iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-232xx/CVE-2024-23208.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23208",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:10.930",
"lastModified": "2024-01-23T01:15:10.930",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios del kernel."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-232xx/CVE-2024-23209.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23209",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:10.977",
"lastModified": "2024-01-23T01:15:10.977",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3. Processing web content may lead to arbitrary code execution."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sonoma 14.3. El procesamiento de contenido web puede dar lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-232xx/CVE-2024-23210.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23210",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.033",
"lastModified": "2024-01-23T01:15:11.033",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to view a user's phone number in system logs."
},
{
"lang": "es",
"value": "Este problema se solucion\u00f3 mejorando la redacci\u00f3n de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3. Es posible que una aplicaci\u00f3n pueda ver el n\u00famero de tel\u00e9fono de un usuario en los registros del sistema."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-232xx/CVE-2024-23211.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23211",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.087",
"lastModified": "2024-01-23T01:15:11.087",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de privacidad mejorando el manejo de las preferencias del usuario. Este problema se solucion\u00f3 en watchOS 10.3, iOS 17.3 y iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 y iPadOS 16.7.5, Safari 17.3. La actividad de navegaci\u00f3n privada de un usuario puede ser visible en Configuraci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-232xx/CVE-2024-23212.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23212",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.133",
"lastModified": "2024-01-23T01:15:11.133",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to execute arbitrary code with kernel privileges."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 y iPadOS 16.7.5, macOS Ventura 13.6.4, macOS Monterey 12.7.3. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios del kernel."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-232xx/CVE-2024-23213.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23213",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.183",
"lastModified": "2024-01-23T01:15:11.183",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 y iPadOS 16.7.5, Safari 17.3. El procesamiento de contenido web puede dar lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-232xx/CVE-2024-23214.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23214",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.230",
"lastModified": "2024-01-23T01:15:11.230",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution."
},
{
"lang": "es",
"value": "Se solucionaron m\u00faltiples problemas de corrupci\u00f3n de memoria con un manejo mejorado de la memoria. Este problema se solucion\u00f3 en macOS Sonoma 14.3, iOS 16.7.5 y iPadOS 16.7.5, iOS 17.3 y iPadOS 17.3. El procesamiento de contenido web creado con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-232xx/CVE-2024-23215.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23215",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.300",
"lastModified": "2024-01-23T01:15:11.300",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access user-sensitive data."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema con el manejo mejorado de archivos temporales. Este problema se solucion\u00f3 en macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-232xx/CVE-2024-23217.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23217",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.360",
"lastModified": "2024-01-23T01:15:11.360",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app may be able to bypass certain Privacy preferences."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de privacidad mejorando el manejo de archivos temporales. Este problema se solucion\u00f3 en macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 y iPadOS 17.3. Es posible que una aplicaci\u00f3n pueda omitir ciertas preferencias de privacidad."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-232xx/CVE-2024-23218.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23218",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.403",
"lastModified": "2024-01-23T01:15:11.403",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema del canal lateral de temporizaci\u00f3n con mejoras en el c\u00e1lculo de tiempo constante en funciones criptogr\u00e1ficas. Este problema se solucion\u00f3 en macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3. Un atacante puede descifrar textos cifrados RSA PKCS#1 v1.5 heredados sin tener la clave privada."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-232xx/CVE-2024-23219.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23219",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.450",
"lastModified": "2024-01-23T01:15:11.450",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.3. Stolen Device Protection may be unexpectedly disabled."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con una autenticaci\u00f3n mejorada. Este problema se solucion\u00f3 en iOS 17.3 y iPadOS 17.3. La protecci\u00f3n de dispositivos robados puede desactivarse inesperadamente."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-232xx/CVE-2024-23222.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23222",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.500",
"lastModified": "2024-01-23T01:15:11.500",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de confusi\u00f3n de tipos con comprobaciones mejoradas. Este problema se solucion\u00f3 en tvOS 17.3, iOS 17.3 y iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 y iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. El procesamiento de contenido web creado con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido aprovechado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-232xx/CVE-2024-23223.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23223",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.557",
"lastModified": "2024-01-23T01:15:11.557",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access sensitive user data."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de privacidad mejorando el manejo de archivos. Este problema se solucion\u00f3 en macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-232xx/CVE-2024-23224.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23224",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.600",
"lastModified": "2024-01-23T01:15:11.600",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.3, macOS Ventura 13.6.4. An app may be able to access sensitive user data."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.3, macOS Ventura 13.6.4. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-233xx/CVE-2024-23339.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23339",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-22T23:15:08.413",
"lastModified": "2024-01-22T23:15:08.413",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:14.167",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (`get`, `set`, and `update`) did not block attempts to access or alter object prototypes. Starting in version 2.2.1, the `get`, `set` and `update` functions throw a `TypeError` when a user attempts to access or alter inherited properties."
},
{
"lang": "es",
"value": "hoolock es un conjunto de utilidades livianas manipuladas para ocupar poco espacio cuando se incluyen en paquete. A partir de la versi\u00f3n 2.0.0 y antes de la versi\u00f3n 2.2.1, las funciones de utilidad relacionadas con las rutas de los objetos (`get`, `set` y `update`) no bloqueaban los intentos de acceder o alterar los prototipos de objetos. A partir de la versi\u00f3n 2.2.1, las funciones `get`, `set` y `update` arrojan un `TypeError` cuando un usuario intenta acceder o modificar propiedades heredadas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-233xx/CVE-2024-23340.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23340",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-22T23:15:08.637",
"lastModified": "2024-01-22T23:15:08.637",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:14.167",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with `url` behavior that is unexpected. In the standard API, if the URL contains `..`, here called \"double dots\", the URL string returned by Request will be in the resolved path. However, the `url` in @hono/node-server's Request as does not resolve double dots, so `http://localhost/static/.. /foo.txt` is returned. This causes vulnerabilities when using `serveStatic`. Modern web browsers and a latest `curl` command resolve double dots on the client side, so this issue doesn't affect those using either of those tools. However, problems may occur if accessed by a client that does not resolve them. Version 1.4.1 includes the change to fix this issue. As a workaround, don't use `serveStatic`.\n\n"
},
{
"lang": "es",
"value": "@hono/node-server es un adaptador que permite a los usuarios ejecutar aplicaciones Hono en Node.js. Desde v1.3.0, @hono/node-server ha utilizado su propio objeto Request con un comportamiento de `url` inesperado. En la API est\u00e1ndar, si la URL contiene `..`, aqu\u00ed denominada \"puntos dobles\", la cadena de URL devuelta por la Solicitud estar\u00e1 en la ruta resuelta. Sin embargo, la `url` en la solicitud de @hono/node-server no resuelve los puntos dobles, por lo que se devuelve `http://localhost/static/.. /foo.txt`. Esto provoca vulnerabilidades al utilizar `serveStatic`. Los navegadores web modernos y el \u00faltimo comando `curl` resuelven los puntos dobles en el lado del cliente, por lo que este problema no afecta a quienes utilizan cualquiera de esas herramientas. Sin embargo, pueden ocurrir problemas si accede un cliente que no los resuelve. La versi\u00f3n 1.4.1 incluye el cambio para solucionar este problema. Como workaround, no utilice \"serveStatic\"."
}
],
"metrics": {

8
CVE-2024/CVE-2024-233xx/CVE-2024-23342.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23342",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T00:15:26.397",
"lastModified": "2024-01-23T00:15:26.397",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:14.167",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists."
},
{
"lang": "es",
"value": "El paquete PyPI `ecdsa` es una implementaci\u00f3n pura de Python de ECC (criptograf\u00eda de curva el\u00edptica) con soporte para ECDSA (algoritmo de firma digital de curva el\u00edptica), EdDSA (algoritmo de firma digital de curva Edwards) y ECDH (curva el\u00edptica Diffie-Hellman). Las versiones 0.18.0 y anteriores son vulnerables al ataque Minerva. Al momento de la publicaci\u00f3n, no existe ninguna versi\u00f3n parcheada conocida."
}
],
"metrics": {

8
CVE-2024/CVE-2024-233xx/CVE-2024-23345.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23345",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T00:15:26.690",
"lastModified": "2024-01-23T00:15:26.690",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:14.167",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2."
},
{
"lang": "es",
"value": "Nautobot es una plataforma de automatizaci\u00f3n de redes y fuente de verdad de red creada como una aplicaci\u00f3n web. Todos los usuarios de versiones de Nautobot anteriores a 1.6.10 o 2.1.2 se ven potencialmente afectados por una vulnerabilidad de cross-site scripting. Debido a una sanitizaci\u00f3n de entrada inadecuada, cualquier campo editable por el usuario que admita la representaci\u00f3n de Markdown, incluido el mismo, es potencialmente susceptible a ataques de cross-site scripting (XSS) a trav\u00e9s de datos creados con fines malintencionados. Este problema se solucion\u00f3 en las versiones 1.6.10 y 2.1.2 de Nautobot."
}
],
"metrics": {

8
CVE-2024/CVE-2024-233xx/CVE-2024-23348.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23348",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-01-23T10:15:10.637",
"lastModified": "2024-01-23T10:15:10.637",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file."
},
{
"lang": "es",
"value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en las versiones de la serie a-blog cms Ver.3.1.x anteriores a la Ver.3.1.7, versiones de la serie Ver.3.0.x anteriores a la Ver.3.0.29, versiones de la serie Ver.2.11.x anteriores a la Ver. 2.11.58, versiones de la serie Ver.2.10.x anteriores a la Ver.2.10.50 y Ver.2.9.0 y anteriores permiten a un atacante remoto autenticado ejecutar c\u00f3digo JavaScript arbitrario cargando un archivo SVG especialmente manipulado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-236xx/CVE-2024-23675.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23675",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2024-01-22T21:15:10.263",
"lastModified": "2024-01-22T21:15:10.263",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:14.167",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections."
},
{
"lang": "es",
"value": "En las versiones de Splunk Enterprise inferiores a 9.0.8 y 9.1.3, el almac\u00e9n de valores clave de la aplicaci\u00f3n Splunk (KV Store) maneja incorrectamente los permisos para los usuarios que usan la interfaz de programaci\u00f3n de aplicaciones (API) REST. Potencialmente, esto puede resultar en la eliminaci\u00f3n de las colecciones de KV Store."
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23676.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23676",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2024-01-22T21:15:10.530",
"lastModified": "2024-01-22T21:15:10.530",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:14.167",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Splunk versions below 9.0.8 and 9.1.3, the \u201cmrollup\u201d SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit."
},
{
"lang": "es",
"value": "En las versiones de Splunk inferiores a 9.0.8 y 9.1.3, el comando SPL \u201cmrollup\u201d permite a un usuario con pocos privilegios ver m\u00e9tricas en un \u00edndice para el que no tiene permiso. Esta vulnerabilidad requiere la interacci\u00f3n de un usuario con altos privilegios para poder explotarla."
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23677.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23677",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2024-01-22T21:15:10.710",
"lastModified": "2024-01-22T21:15:10.710",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:14.167",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file."
},
{
"lang": "es",
"value": "En las versiones de Splunk Enterprise inferiores a 9.0.8, la utilidad Splunk RapidDiag revela las respuestas del servidor de aplicaciones externas en un archivo de registro."
}
],
"metrics": {

8
CVE-2024/CVE-2024-236xx/CVE-2024-23678.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23678",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2024-01-22T21:15:10.920",
"lastModified": "2024-01-22T21:15:10.920",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:44:14.167",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows."
},
{
"lang": "es",
"value": "En las versiones de Splunk Enterprise para Windows inferiores a 9.0.8 y 9.1.3, Splunk Enterprise no sanitiza correctamente los datos de entrada de ruta. Esto da como resultado la deserializaci\u00f3n insegura de datos que no son de confianza desde una partici\u00f3n de disco separada en la m\u00e1quina. Esta vulnerabilidad s\u00f3lo afecta a Splunk Enterprise para Windows."
}
],
"metrics": {

8
CVE-2024/CVE-2024-238xx/CVE-2024-23842.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23842",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2024-01-23T05:15:10.007",
"lastModified": "2024-01-23T05:15:10.007",
"vulnStatus": "Received",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en Hitron Systems DVR LGUVR-16H 1.02~4.02 permite a un atacante provocar un ataque a la red en caso de utilizar el ID/PW de administrador predeterminado."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More