admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-24T17:00:18.069848+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-24 17:00:21 +00:00
parent 286a093c72
commit b0482c6a16
107 changed files with 2159 additions and 203 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2021/CVE-2021-390xx/CVE-2021-39008.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-39008",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-11-23T23:15:07.353",
"lastModified": "2023-11-23T23:15:07.353",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nIBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileged user to obtain sensitive information due to missing best practices. IBM X-Force ID: 213551.\n\n"
},
{
"lang": "es",
"value": "IBM QRadar WinCollect Agent 10.0 a 10.1.7 podr\u00eda permitir que un usuario privilegiado obtenga informaci\u00f3n confidencial debido a la falta de mejores pr\u00e1cticas. ID de IBM X-Force: 213551."
}
],
"metrics": {

6
CVE-2022/CVE-2022-272xx/CVE-2022-27239.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-27239",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-27T14:15:09.203",
"lastModified": "2023-11-07T03:45:18.077",
"lastModified": "2023-11-24T15:15:07.467",
"vulnStatus": "Modified",
"descriptions": [
{
@ -491,6 +491,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/",
"source": "cve@mitre.org"
},
{
"url": "https://security.gentoo.org/glsa/202311-05",
"source": "cve@mitre.org"
},
{
"url": "https://www.debian.org/security/2022/dsa-5157",
"source": "cve@mitre.org",

6
CVE-2022/CVE-2022-298xx/CVE-2022-29869.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29869",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-28T01:15:06.727",
"lastModified": "2023-11-07T03:46:06.320",
"lastModified": "2023-11-24T15:15:07.603",
"vulnStatus": "Modified",
"descriptions": [
{
@ -180,6 +180,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/",
"source": "cve@mitre.org"
},
{
"url": "https://security.gentoo.org/glsa/202311-05",
"source": "cve@mitre.org"
},
{
"url": "https://www.debian.org/security/2022/dsa-5157",
"source": "cve@mitre.org",

8
CVE-2022/CVE-2022-440xx/CVE-2022-44010.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-44010",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-23T16:15:07.157",
"lastModified": "2023-11-23T16:15:07.157",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en ClickHouse antes del 22.9.1.2603. Un atacante podr\u00eda enviar una solicitud HTTP manipulada al endpoint HTTP (normalmente escuchando en el puerto 8123 de forma predeterminada), lo que provocar\u00eda un desbordamiento del b\u00fafer basado en el mont\u00f3n que bloquear\u00eda el proceso. Esto no requiere autenticaci\u00f3n. Las versiones corregidas son 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16 y 22.3.12.19."
}
],
"metrics": {},

8
CVE-2022/CVE-2022-440xx/CVE-2022-44011.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-44011",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-23T16:15:07.217",
"lastModified": "2023-11-23T16:15:07.217",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en ClickHouse antes del 22.9.1.2603. Un usuario autenticado (con la capacidad de cargar datos) podr\u00eda provocar un desbordamiento del b\u00fafer del heap y bloquear el servidor al insertar un objeto CapnProto con formato incorrecto. Las versiones corregidas son 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16 y 22.3.12.19."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-239xx/CVE-2023-23978.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-23978",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T00:15:07.800",
"lastModified": "2023-11-23T00:15:07.800",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SwitchWP WP Client Reports plugin <=\u00a01.0.16 versions."
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en el complemento SwitchWP WP Client Reports en versiones &lt;= 1.0.16."
}
],
"metrics": {

8
CVE-2023/CVE-2023-262xx/CVE-2023-26279.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-26279",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-11-24T00:15:10.280",
"lastModified": "2023-11-24T00:15:10.280",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nIBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160.\n\n"
},
{
"lang": "es",
"value": "IBM QRadar WinCollect Agent 10.0 a 10.1.7 podr\u00eda permitir que un usuario local realice acciones no autorizadas debido a una codificaci\u00f3n incorrecta. ID de IBM X-Force: 248160."
}
],
"metrics": {

8
CVE-2023/CVE-2023-288xx/CVE-2023-28811.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-28811",
"sourceIdentifier": "hsrc@hikvision.com",
"published": "2023-11-23T07:15:43.883",
"lastModified": "2023-11-23T07:15:43.883",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device."
},
{
"lang": "es",
"value": "Hay un desbordamiento del b\u00fafer en la funci\u00f3n de recuperaci\u00f3n de contrase\u00f1a de los modelos NVR/DVR de Hikvision. Si se explota, un atacante en la misma red de \u00e1rea local (LAN) podr\u00eda provocar un mal funcionamiento del dispositivo al enviar paquetes especialmente manipulados a un dispositivo sin parches."
}
],
"metrics": {

8
CVE-2023/CVE-2023-288xx/CVE-2023-28812.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-28812",
"sourceIdentifier": "hsrc@hikvision.com",
"published": "2023-11-23T09:15:32.930",
"lastModified": "2023-11-23T09:15:32.930",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento del b\u00fafer en un complemento del navegador web que podr\u00eda permitir que un atacante aproveche la vulnerabilidad enviando mensajes manipulados a las maquinas instaladas con este complemento, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario o provocar una excepci\u00f3n en el proceso del complemento."
}
],
"metrics": {

8
CVE-2023/CVE-2023-288xx/CVE-2023-28813.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-28813",
"sourceIdentifier": "hsrc@hikvision.com",
"published": "2023-11-23T09:15:33.190",
"lastModified": "2023-11-23T09:15:33.190",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files. "
},
{
"lang": "es",
"value": "Un atacante podr\u00eda aprovechar una vulnerabilidad enviando mensajes manipulados a las maquinas instaladas con este complemento para modificar los par\u00e1metros del complemento, lo que podr\u00eda provocar que las maquinas afectadas descarguen archivos maliciosos."
}
],
"metrics": {

8
CVE-2023/CVE-2023-290xx/CVE-2023-29073.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-29073",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-11-23T03:15:41.303",
"lastModified": "2023-11-23T03:15:41.303",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\n"
},
{
"lang": "es",
"value": "Un archivo MODEL creado con fines malintencionados, cuando se analiza mediante Autodesk AutoCAD 2024 y 2023, se puede utilizar para provocar un desbordamiento del b\u00fafer basado en el heap. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-290xx/CVE-2023-29074.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-29074",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-11-23T04:15:07.260",
"lastModified": "2023-11-23T04:15:07.260",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\n"
},
{
"lang": "es",
"value": "Un archivo CATPART creado con fines malintencionados, cuando se analiza mediante Autodesk AutoCAD 2024 y 2023, se puede utilizar para provocar una escritura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-290xx/CVE-2023-29075.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-29075",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-11-23T04:15:07.340",
"lastModified": "2023-11-23T04:15:07.340",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\n"
},
{
"lang": "es",
"value": "Un archivo PRT creado con fines malintencionados, cuando se analiza mediante Autodesk AutoCAD 2024 y 2023, se puede utilizar para provocar una escritura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-290xx/CVE-2023-29076.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-29076",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-11-23T04:15:07.410",
"lastModified": "2023-11-23T04:15:07.410",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\n"
},
{
"lang": "es",
"value": "Un archivo MODEL, SLDASM, SAT o CATPART creado con fines malintencionados cuando se analiza mediante Autodesk AutoCAD 2024 y 2023 podr\u00eda causar una vulnerabilidad de corrupci\u00f3n de memoria. Esta vulnerabilidad, junto con otras vulnerabilidades, podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo en el proceso actual."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-304xx/CVE-2023-30496.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-30496",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T20:15:08.080",
"lastModified": "2023-11-22T20:15:08.080",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MagePeople Team WpBusTicketly plugin <=\u00a05.2.5 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el complemento MagePeople Team WpBusTicketly en versiones &lt;= 5.2.5."
}
],
"metrics": {

8
CVE-2023/CVE-2023-305xx/CVE-2023-30581.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-30581",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-11-23T00:15:07.980",
"lastModified": "2023-11-23T00:15:07.980",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js"
},
{
"lang": "es",
"value": "El uso de __proto__ en process.mainModule.__proto__.require() puede omitir el mecanismo de pol\u00edticas y requerir m\u00f3dulos fuera de la definici\u00f3n de policy.json. Esta vulnerabilidad afecta a todos los usuarios que utilizan el mecanismo de pol\u00edtica experimental en todas las l\u00edneas de lanzamiento activas: v16, v18 y v20. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, la pol\u00edtica era una caracter\u00edstica experimental de Node.js."
}
],
"metrics": {},

57
CVE-2023/CVE-2023-31xx/CVE-2023-3116.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3116",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-11-20T12:15:07.887",
"lastModified": "2023-11-20T15:04:56.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T15:40:05.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "2422B778-3952-48B7-BFEB-D4858B342679"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Broken Link"
]
}
]
}

8
CVE-2023/CVE-2023-332xx/CVE-2023-33202.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-33202",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-23T16:15:07.273",
"lastModified": "2023-11-23T16:15:07.273",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack."
},
{
"lang": "es",
"value": "Bouncy Castle para Java anterior a 1.73 contiene un posible problema de denegaci\u00f3n de servicio (DoS) dentro de la clase Bouncy Castle org.bouncycastle.openssl.PEMParser. Esta clase analiza secuencias codificadas OpenSSL PEM que contienen certificados X.509, claves codificadas PKCS8 y objetos PKCS7. El an\u00e1lisis de un archivo que ha creado datos ASN.1 a trav\u00e9s de PEMParser provoca un OutOfMemoryError, que puede permitir un ataque de denegaci\u00f3n de servicio."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-337xx/CVE-2023-33706.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-33706",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-24T02:15:42.323",
"lastModified": "2023-11-24T02:15:42.323",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp."
},
{
"lang": "es",
"value": "SysAid anterior a 23.2.15 permite que los ataques de Indirect Object Reference (IDOR) lean datos de tickets a trav\u00e9s de un par\u00e1metro sid modificado en EmailHtmlSourceIframe.jsp o un par\u00e1metro srID modificado en ShowMessage.jsp."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-33xx/CVE-2023-3377.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-3377",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-11-23T09:15:33.353",
"lastModified": "2023-11-23T09:15:33.353",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veribilim Software Computer Veribase allows SQL Injection.This issue affects Veribase: through 20231123.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Veribilim Software Computer Veribase permite la inyecci\u00f3n SQL. Este problema afecta a Veribase: hasta 20231123. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera. "
}
],
"metrics": {

8
CVE-2023/CVE-2023-36xx/CVE-2023-3631.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-3631",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-11-23T10:15:07.523",
"lastModified": "2023-11-23T10:15:07.523",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection.This issue affects Medart Notification Panel: through 20231123.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Medart Health Services Medart Notification Panel permite la inyecci\u00f3n SQL. Este problema afecta al Medart Notification Panel: hasta 20231123. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2023/CVE-2023-392xx/CVE-2023-39253.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39253",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-23T07:15:45.300",
"lastModified": "2023-11-23T07:15:45.300",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.\n\n"
},
{
"lang": "es",
"value": "Dell OS Recovery Tool, versiones 2.2.4013, 2.3.7012.0 y 2.3.7515.0, contienen una vulnerabilidad de control de acceso inadecuado. Un usuario local autenticado que no sea administrador podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda la elevaci\u00f3n de privilegios en el sistema."
}
],
"metrics": {

8
CVE-2023/CVE-2023-400xx/CVE-2023-40002.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40002",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T00:15:08.180",
"lastModified": "2023-11-23T00:15:08.180",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce plugin <=\u00a07.1.1 versions."
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en el complemento Pluggabl LLC Booster para WooCommerce en versiones &lt;= 7.1.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-411xx/CVE-2023-41139.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41139",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-11-23T04:15:07.467",
"lastModified": "2023-11-23T04:15:07.467",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\n"
},
{
"lang": "es",
"value": "Un archivo STP creado con fines malintencionados, cuando se analiza mediante Autodesk AutoCAD 2024 y 2023, se puede utilizar para eliminar la referencia a un puntero que no es de confianza. Esta vulnerabilidad, junto con otras vulnerabilidades, podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo en el proceso actual."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-411xx/CVE-2023-41140.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41140",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-11-23T04:15:07.550",
"lastModified": "2023-11-23T04:15:07.550",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\n"
},
{
"lang": "es",
"value": "Un archivo PRT creado con fines malintencionados, cuando se analiza mediante Autodesk AutoCAD 2024 y 2023, se puede utilizar para provocar un desbordamiento del b\u00fafer basado en el heap. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"metrics": {},

59
CVE-2023/CVE-2023-417xx/CVE-2023-41786.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41786",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:08.023",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772."
},
{
"lang": "es",
"value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n sensible a un actor no autorizado en Pandora FMS en todos los casos que permite File Discovery. Esta vulnerabilidad permite a los usuarios con privilegios bajos descargar copias de seguridad de bases de datos. Este problema afecta a Pandora FMS: del 700 al 772."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
}
]
}

59
CVE-2023/CVE-2023-417xx/CVE-2023-41787.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41787",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:08.223",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 through 772."
},
{
"lang": "es",
"value": "Vulnerabilidad no controlada del elemento de ruta de b\u00fasqueda en Pandora FMS permite aprovechar/manipular rutas de b\u00fasqueda de archivos de configuraci\u00f3n. Esta vulnerabilidad permite el acceso a archivos con informaci\u00f3n sensible. Este problema afecta a Pandora FMS: del 700 al 772."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
}
]
}

59
CVE-2023/CVE-2023-417xx/CVE-2023-41788.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41788",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:08.407",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows attackers to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 through 773."
},
{
"lang": "es",
"value": "La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Pandora FMS permite acceder a funcionalidades no correctamente restringidas por ACL. Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo mediante la carga de archivos PHP. Este problema afecta a Pandora FMS: del 700 al 773."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
}
]
}

59
CVE-2023/CVE-2023-417xx/CVE-2023-41789.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41789",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:08.583",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allows an attacker to perform cookie hijacking and log in as that user without the need for credentials. This issue affects Pandora FMS: from 700 through 773."
},
{
"lang": "es",
"value": "La vulnerabilidad de Neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Pandora FMS permite en todos los casos Cross-Site Scripting (XSS). Esta vulnerabilidad permite a un atacante secuestrar cookies e iniciar sesi\u00f3n como ese usuario sin necesidad de credenciales. Este problema afecta a Pandora FMS: del 700 al 773."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
}
]
}

59
CVE-2023/CVE-2023-417xx/CVE-2023-41790.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41790",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:08.757",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773."
},
{
"lang": "es",
"value": "Vulnerabilidad no controlada del elemento de ruta de b\u00fasqueda en Pandora FMS permite aprovechar/manipular rutas de b\u00fasqueda de archivos de configuraci\u00f3n. Esta vulnerabilidad permite acceder al archivo de configuraci\u00f3n del servidor y comprometer la base de datos. Este problema afecta a Pandora FMS: del 700 al 773."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
}
]
}

59
CVE-2023/CVE-2023-417xx/CVE-2023-41791.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41791",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:08.930",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity of some configuration files. This issue affects Pandora FMS: from 700 through 773."
},
{
"lang": "es",
"value": "La vulnerabilidad de Neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Pandora FMS permite en todos los casos Cross-Site Scripting (XSS). Esta vulnerabilidad permiti\u00f3 a los usuarios con privilegios bajos introducir ejecutables de Javascript a trav\u00e9s de una cadena de traducci\u00f3n que podr\u00eda afectar la integridad de algunos archivos de configuraci\u00f3n. Este problema afecta a Pandora FMS: del 700 al 773."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
}
]
}

59
CVE-2023/CVE-2023-417xx/CVE-2023-41792.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41792",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:09.113",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the SNMP Trap Editor. This issue affects Pandora FMS: from 700 through 773."
},
{
"lang": "es",
"value": "La vulnerabilidad Cross-Site Request Forgery (CSRF) en Pandora FMS permite en todos los casos Cross-Site Scripting (XSS). Esta vulnerabilidad permit\u00eda que se ejecutara c\u00f3digo Javascript en el Editor de capturas SNMP. Este problema afecta a Pandora FMS: del 700 al 773."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
}
]
}

59
CVE-2023/CVE-2023-418xx/CVE-2023-41806.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41806",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:09.287",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability causes that a bad privilege assignment could cause a DOS attack that affects the availability of the Pandora FMS server. This issue affects Pandora FMS: from 700 through 773."
},
{
"lang": "es",
"value": "Vulnerabilidad de Gesti\u00f3n de Privilegios inadecuada en todo Pandora FMS permite Escalada de Privilegios. Esta vulnerabilidad provoca que una mala asignaci\u00f3n de privilegios pueda provocar un ataque DOS que afecte a la disponibilidad del servidor de Pandora FMS. Este problema afecta a Pandora FMS: del 700 al 773."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
}
]
}

59
CVE-2023/CVE-2023-418xx/CVE-2023-41807.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41807",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:09.470",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows a user to escalate permissions on the system shell. This issue affects Pandora FMS: from 700 through 773."
},
{
"lang": "es",
"value": "Vulnerabilidad de Gesti\u00f3n de Privilegios inadecuada en todo Pandora FMS permite Escalada de Privilegios. Esta vulnerabilidad permite a un usuario escalar permisos en el shell del sistema. Este problema afecta a Pandora FMS: del 700 al 773."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
}
]
}

59
CVE-2023/CVE-2023-418xx/CVE-2023-41808.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41808",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:09.650",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows an unauthorised user to escalate and read sensitive files as if they were root. This issue affects Pandora FMS: from 700 through 773."
},
{
"lang": "es",
"value": "Vulnerabilidad de Gesti\u00f3n de Privilegios inadecuada en todo Pandora FMS permite Escalada de Privilegios. Esta vulnerabilidad permite a un usuario no autorizado escalar y leer archivos confidenciales como si fueran root. Este problema afecta a Pandora FMS: del 700 al 773."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
}
]
}

59
CVE-2023/CVE-2023-418xx/CVE-2023-41810.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41810",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:09.827",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in some Widgets' text box. This issue affects Pandora FMS: from 700 through 773."
},
{
"lang": "es",
"value": "La vulnerabilidad de Neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Pandora FMS permite en todos los casos Cross-Site Scripting (XSS). Esta vulnerabilidad permit\u00eda ejecutar c\u00f3digo Javascript en el cuadro de texto de algunos Widgets. Este problema afecta a Pandora FMS: del 700 al 773."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
}
]
}

59
CVE-2023/CVE-2023-418xx/CVE-2023-41811.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41811",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:10.000",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the news section of the web console. This issue affects Pandora FMS: from 700 through 773."
},
{
"lang": "es",
"value": "La vulnerabilidad de Neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Pandora FMS permite en todos los casos Cross-Site Scripting (XSS). Esta vulnerabilidad permit\u00eda ejecutar c\u00f3digo Javascript en la secci\u00f3n de noticias de la consola web. Este problema afecta a Pandora FMS: del 700 al 773."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
}
]
}

59
CVE-2023/CVE-2023-418xx/CVE-2023-41812.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41812",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:10.170",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 through 773."
},
{
"lang": "es",
"value": "La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Pandora FMS permite acceder a funcionalidades no correctamente restringidas por ACL. Esta vulnerabilidad permit\u00eda cargar archivos ejecutables PHP a trav\u00e9s del administrador de archivos. Este problema afecta a Pandora FMS: del 700 al 773."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
}
]
}

57
CVE-2023/CVE-2023-427xx/CVE-2023-42774.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42774",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-11-20T12:15:08.157",
"lastModified": "2023-11-20T15:04:56.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T15:39:53.750",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "2422B778-3952-48B7-BFEB-D4858B342679"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Broken Link"
]
}
]
}

8
CVE-2023/CVE-2023-430xx/CVE-2023-43086.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43086",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-23T07:15:46.203",
"lastModified": "2023-11-23T07:15:46.203",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.\n\n"
},
{
"lang": "es",
"value": "Comando Dell | Configure, versiones anteriores a la 4.11.0, contiene una vulnerabilidad de control de acceso inadecuado. Un usuario malintencionado local podr\u00eda modificar archivos dentro de la carpeta de instalaci\u00f3n durante la actualizaci\u00f3n de la aplicaci\u00f3n, lo que provocar\u00eda una escalada de privilegios."
}
],
"metrics": {

12
CVE-2023/CVE-2023-431xx/CVE-2023-43123.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43123",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-23T10:15:07.727",
"lastModified": "2023-11-23T10:15:07.727",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems.\n\nThe method File.createTempFile on unix-like systems creates a file with predefined name (so easily identifiable) and by default will create this file with the permissions -rw-r--r--. Thus, if sensitive information is written to this file, other local users can read this information.\n\nFile.createTempFile(String, String) will create a temporary file in the system temporary directory if the 'java.io.tmpdir' system property is not explicitly set. \n\nThis affects the class\u00a0 https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99 \u00a0and was introduced by\u00a0 https://issues.apache.org/jira/browse/STORM-3123 \n\nIn practice, this has a very limited impact as this class is used only if\u00a0ui.disable.spout.lag.monitoring\n\n is set to false, but its value is true by default.\nMoreover, the temporary file gets deleted soon after its creation.\n\nThe solution is to use\u00a0 Files.createTempFile https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute...) \u00a0instead.\n\nWe recommend that all users upgrade to the latest version of Apache Storm.\n\n"
},
{
"lang": "es",
"value": "En sistemas tipo Unix, el directorio temporal se comparte entre todos los usuarios. Como tal, escribir en este directorio utilizando API que no establecen expl\u00edcitamente los permisos de archivo/directorio puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n. Es de destacar que esto no afecta a los sistemas operativos MacOS modernos. El m\u00e9todo File.createTempFile en sistemas tipo Unix crea un archivo con un nombre predefinido (f\u00e1cilmente identificable) y, de forma predeterminada, crear\u00e1 este archivo con los permisos -rw-r--r--. Por lo tanto, si se escribe informaci\u00f3n confidencial en este archivo, otros usuarios locales pueden leer esta informaci\u00f3n. File.createTempFile(String, String) crear\u00e1 un archivo temporal en el directorio temporal del sistema si la propiedad del sistema 'java.io.tmpdir' no est\u00e1 configurada expl\u00edcitamente. Esto afecta a la clase https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99 y fue introducido por https://issues.apache.org/jira/browse/STORM-3123 En la pr\u00e1ctica, esto tiene un impacto muy limitado ya que esta clase se usa solo si ui.disable.spout.lag.monitoring est\u00e1 configurado en falso, pero su valor es verdadero de forma predeterminada. Adem\u00e1s, el archivo temporal se elimina poco despu\u00e9s de su creaci\u00f3n. La soluci\u00f3n es utilizar Files.createTempFile https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute...) en su lugar. Recomendamos que todos los usuarios actualicen a la \u00faltima versi\u00f3n de Apache Storm."
}
],
"metrics": {},
@ -24,6 +28,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/23/1",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/88oc1vqfjtr29cz5xts0v2wm5pmhbm0l",
"source": "security@apache.org"

57
CVE-2023/CVE-2023-436xx/CVE-2023-43612.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43612",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-11-20T12:15:08.323",
"lastModified": "2023-11-20T15:04:56.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T15:39:42.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "2422B778-3952-48B7-BFEB-D4858B342679"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Broken Link"
]
}
]
}

8
CVE-2023/CVE-2023-442xx/CVE-2023-44289.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44289",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-23T07:15:46.950",
"lastModified": "2023-11-23T07:15:46.950",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.\n\n"
},
{
"lang": "es",
"value": "Dell Command | Configure las versiones anteriores a la 4.11.0 contienen una vulnerabilidad de control de acceso inadecuado. Un usuario est\u00e1ndar malicioso local podr\u00eda explotar esta vulnerabilidad mientras repara/cambia la instalaci\u00f3n, lo que provocar\u00eda una escalada de privilegios."
}
],
"metrics": {

8
CVE-2023/CVE-2023-442xx/CVE-2023-44290.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44290",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-23T07:15:47.710",
"lastModified": "2023-11-23T07:15:47.710",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.\n\n"
},
{
"lang": "es",
"value": "Dell Command | Monitor las versiones anteriores a la 10.10.0 contienen una vulnerabilidad de control de acceso inadecuado. Un usuario est\u00e1ndar malicioso local podr\u00eda explotar esta vulnerabilidad mientras repara/cambia la instalaci\u00f3n, lo que provocar\u00eda una escalada de privilegios."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44303.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44303",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-11-24T03:15:07.317",
"lastModified": "2023-11-24T03:15:07.317",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nRVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially exploit this vulnerability, leading to the disclosure of encrypted passwords in clear text. This vulnerability is caused by an incomplete fix for CVE-2020-27688. \n\n"
},
{
"lang": "es",
"value": "RVTools, versi\u00f3n 3.9.2 y superiores, contiene una vulnerabilidad de exposici\u00f3n de datos confidenciales en la utilidad de cifrado de contrase\u00f1as (RVToolsPasswordEncryption.exe) y la aplicaci\u00f3n principal (RVTools.exe). Un atacante remoto no autenticado con acceso a contrase\u00f1as cifradas almacenadas desde el sistema de un usuario podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la divulgaci\u00f3n de contrase\u00f1as cifradas en texto plano. Esta vulnerabilidad se debe a una soluci\u00f3n incompleta para CVE-2020-27688."
}
],
"metrics": {

8
CVE-2023/CVE-2023-44xx/CVE-2023-4406.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4406",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2023-11-23T10:15:07.823",
"lastModified": "2023-11-23T10:15:07.823",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KC Group E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: through 20231123.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en KC Group E-Commerce Software permite XSS reflejado. Este problema afecta a E-Commerce Software: hasta 20231123. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2023/CVE-2023-45xx/CVE-2023-4593.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4593",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-23T13:15:11.810",
"lastModified": "2023-11-23T13:15:11.810",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmin_dll.htm file."
},
{
"lang": "es",
"value": "Vulnerabilidad de Path Traversal cuya explotaci\u00f3n podr\u00eda permitir a un usuario remoto autenticado eludir las restricciones previstas por SecurityManager y enumerar un directorio principal a trav\u00e9s de cualquier nombre de archivo, como un valor m\u00faltiple ..%2F que afecta el par\u00e1metro 'dodoc' en el archivo /MailAdmin_dll.htm."
}
],
"metrics": {

8
CVE-2023/CVE-2023-45xx/CVE-2023-4594.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4594",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-23T13:15:12.347",
"lastModified": "2023-11-23T13:15:12.347",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS almacenada. Esta vulnerabilidad podr\u00eda permitir a un atacante almacenar un payload de JavaScript malicioso mediante m\u00e9todos GET y POST en m\u00faltiples par\u00e1metros en el archivo MailAdmin_dll.htm."
}
],
"metrics": {

8
CVE-2023/CVE-2023-45xx/CVE-2023-4595.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4595",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-23T13:15:12.533",
"lastModified": "2023-11-23T13:15:12.533",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de exposici\u00f3n de informaci\u00f3n, cuya explotaci\u00f3n podr\u00eda permitir a un usuario remoto recuperar informaci\u00f3n confidencial almacenada en el servidor, como archivos de credenciales, archivos de configuraci\u00f3n, archivos de aplicaciones, etc., simplemente agregando cualquiera de los siguientes par\u00e1metros al final de la URL: %00 %0a, %20, %2a, %a0, %aa, %c0 y %ca."
}
],
"metrics": {

57
CVE-2023/CVE-2023-461xx/CVE-2023-46100.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46100",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-11-20T12:15:08.550",
"lastModified": "2023-11-20T15:04:56.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T15:39:29.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "2422B778-3952-48B7-BFEB-D4858B342679"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Broken Link"
]
}
]
}

4
CVE-2023/CVE-2023-465xx/CVE-2023-46575.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46575",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-24T14:15:08.337",
"lastModified": "2023-11-24T14:15:08.337",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

57
CVE-2023/CVE-2023-467xx/CVE-2023-46705.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46705",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-11-20T12:15:08.800",
"lastModified": "2023-11-20T15:04:56.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T15:39:18.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "2422B778-3952-48B7-BFEB-D4858B342679"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Broken Link"
]
}
]
}

59
CVE-2023/CVE-2023-46xx/CVE-2023-4677.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4677",
"sourceIdentifier": "security@pandorafms.com",
"published": "2023-11-23T15:15:10.410",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772."
},
{
"lang": "es",
"value": "Los archivos de copia de seguridad del registro Cron contienen ID de sesi\u00f3n de administrador. Es trivial para cualquier atacante que pueda acceder a Pandora FMS Console y extraer el directorio de registros cron para realizar copias de seguridad de los registros Cron. Luego se puede abusar del contenido de estos archivos de registro para autenticarse en la aplicaci\u00f3n como administrador. Este problema afecta a Pandora FMS &lt;= 772."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@pandorafms.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "security@pandorafms.com"
}
]
}

57
CVE-2023/CVE-2023-472xx/CVE-2023-47217.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47217",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-11-20T12:15:08.990",
"lastModified": "2023-11-20T15:04:56.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T15:39:09.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "2422B778-3952-48B7-BFEB-D4858B342679"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Broken Link"
]
}
]
}

8
CVE-2023/CVE-2023-472xx/CVE-2023-47244.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47244",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T21:15:07.787",
"lastModified": "2023-11-23T21:15:07.787",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Omnisend Email Marketing for WooCommerce by Omnisend.This issue affects Email Marketing for WooCommerce by Omnisend: from n/a through 1.13.8.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Omnisend Email Marketing para WooCommerce de Omnisend. Este problema afecta al Email Marketing para WooCommerce de Omnisend: desde n/a hasta 1.13.8."
}
],
"metrics": {

8
CVE-2023/CVE-2023-475xx/CVE-2023-47529.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47529",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T21:15:07.990",
"lastModified": "2023-11-23T21:15:07.990",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeIsle Cloud Templates & Patterns collection.This issue affects Cloud Templates & Patterns collection: from n/a through 1.2.2.\n\n"
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en ThemeIsle Cloud Templates &amp; Patterns collection. Este problema afecta a Cloud Templates &amp; Patterns collection: desde n/a hasta 1.2.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-476xx/CVE-2023-47668.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47668",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T00:15:08.367",
"lastModified": "2023-11-23T00:15:08.367",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin \u2013 Restrict Content plugin <=\u00a03.2.7 versions."
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en el complemento StellarWP Membership Plugin \u2013 Restrict Content en versiones &lt;= 3.2.7."
}
],
"metrics": {

8
CVE-2023/CVE-2023-477xx/CVE-2023-47759.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47759",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T20:15:09.023",
"lastModified": "2023-11-22T20:15:09.023",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premio Chaty plugin <=\u00a03.1.2 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el complemento Premio Chaty en versiones &lt;= 3.1.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-477xx/CVE-2023-47766.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47766",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T22:15:07.580",
"lastModified": "2023-11-22T22:15:07.580",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timo Reith Post Status Notifier Lite plugin <=\u00a01.11.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el complemento Timo Reith Post Status Notifier Lite en versiones &lt;= 1.11.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-477xx/CVE-2023-47767.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47767",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T22:15:07.760",
"lastModified": "2023-11-22T22:15:07.760",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fla-shop.Com Interactive World Map plugin <=\u00a03.2.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el complemento Fla-shop.Com Interactive World Map en versiones &lt;= 3.2.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-477xx/CVE-2023-47768.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47768",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T22:15:07.940",
"lastModified": "2023-11-22T22:15:07.940",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter plugin <=\u00a01.17 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el complemento Russell Jamieson Footer Putter en versiones &lt;= 1.17."
}
],
"metrics": {

8
CVE-2023/CVE-2023-477xx/CVE-2023-47773.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47773",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T22:15:08.133",
"lastModified": "2023-11-22T22:15:08.133",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YAS Global Team Permalinks Customizer plugin <=\u00a02.8.2 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Scripting entre sitios') en el complemento YAS Global Team Permalinks Customizer en versiones &lt;= 2.8.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-477xx/CVE-2023-47786.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47786",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T22:15:08.313",
"lastModified": "2023-11-22T22:15:08.313",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LayerSlider plugin <=\u00a07.7.9 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el complemento LayerSlider &lt;= versiones 7.7.9."
}
],
"metrics": {

8
CVE-2023/CVE-2023-477xx/CVE-2023-47790.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47790",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T00:15:08.550",
"lastModified": "2023-11-23T00:15:08.550",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in Poporon Pz-LinkCard plugin <=\u00a02.4.8 versions."
},
{
"lang": "es",
"value": "Cross-Site Request Forgery (CSRF) conduce a una vulnerabilidad de Cross-Site Scripting (XSS) en el complemento Poporon Pz-LinkCard en versiones &lt;= 2.4.8."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47808.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47808",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T22:15:08.493",
"lastModified": "2023-11-22T22:15:08.493",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christina Uechi Add Widgets to Page plugin <=\u00a01.3.2 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el complemento Christina Uechi Add Widgets to Page en versiones &lt;= 1.3.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47809.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47809",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:08.403",
"lastModified": "2023-11-22T23:15:08.403",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Accordion plugin <=\u00a02.6 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el complemento Themepoints Accordion en versiones &lt;= 2.6."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47810.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47810",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:08.607",
"lastModified": "2023-11-22T23:15:08.607",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asdqwe Dev Ajax Domain Checker plugin <=\u00a01.3.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el complemento Asdqwe Dev Ajax Domain Checker en versiones &lt;= 1.3.0."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47811.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47811",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:08.790",
"lastModified": "2023-11-22T23:15:08.790",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Suresh KUMAR Mukhiya Anywhere Flash Embed plugin <=\u00a01.0.5 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el complemento Suresh KUMAR Mukhiya Anywhere Flash Embed en versiones &lt;= 1.0.5."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47812.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47812",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:08.983",
"lastModified": "2023-11-22T23:15:08.983",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bamboo Mcr Bamboo Columns plugin <=\u00a01.6.1 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el complemento Bamboo Mcr Bamboo Columns en versiones &lt;= 1.6.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47813.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47813",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:09.160",
"lastModified": "2023-11-22T23:15:09.160",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grandslambert Better RSS Widget plugin <=\u00a02.8.1 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el complemento grandslambert Better RSS Widget en versiones &lt;= 2.8.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47814.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47814",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:09.337",
"lastModified": "2023-11-22T23:15:09.337",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Waterloo Plugins BMI Calculator Plugin plugin <=\u00a01.0.3 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el complemento Waterloo Plugins BMI Calculator Plugin en versiones &lt;= 1.0.3."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47815.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47815",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:09.520",
"lastModified": "2023-11-22T23:15:09.520",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Venutius BP Profile Shortcodes Extra plugin <=\u00a02.5.2 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el complemento Venutius BP Profile Shortcodes Extra en versiones &lt;= 2.5.2."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47816.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47816",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:09.700",
"lastModified": "2023-11-22T23:15:09.700",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <=\u00a01.7.0.13 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Scripting entre sitios') en el complemento Charitable Donations &amp; Fundraising Team Donation Forms by Charitable en versiones &lt;= 1.7.0.13."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47817.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47817",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:09.887",
"lastModified": "2023-11-22T23:15:09.887",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mmrs151 Daily Prayer Time plugin <=\u00a02023.10.13 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en el complemento mmrs151 Daily Prayer Time en versiones &lt;= 2023.10.13."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47821.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47821",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:10.070",
"lastModified": "2023-11-22T23:15:10.070",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jannis Thuemmig Email Encoder plugin <=\u00a02.1.8 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el complemento Jannis Thuemmig Email Encoder en versiones &lt;= 2.1.8."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47824.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47824",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T20:15:09.210",
"lastModified": "2023-11-22T20:15:09.210",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages \u2013 Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator plugin <=\u00a01.3.8 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento wpWax Legal Pages \u2013 Privacy Policy, Terms &amp; Conditions, GDPR, CCPA, and Cookie Notice Generator en versiones &lt;= 1.3.8."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47825.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47825",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T20:15:09.390",
"lastModified": "2023-11-22T20:15:09.390",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra plugin <=\u00a06.4 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento TienCOP WP EXtra en versiones &lt;= 6.4."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47829.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47829",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:10.253",
"lastModified": "2023-11-22T23:15:10.253",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codez Quick Call Button plugin <=\u00a01.2.9 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el complemento Codez Quick Call Button en versiones &lt;= 1.2.9."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47831.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47831",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-22T23:15:10.440",
"lastModified": "2023-11-22T23:15:10.440",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in assorted[chips] DrawIt (draw.Io) plugin <=\u00a01.1.3 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el complemento assorted[chips] DrawIt (draw.Io) en versiones &lt;= 1.1.3."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47833.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47833",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T00:15:08.777",
"lastModified": "2023-11-23T00:15:08.777",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress plugin <=\u00a00.18.3 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en el complemento Jeroen Schmit Theatre para WordPress en versiones &lt;= 0.18.3."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47834.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47834",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T00:15:08.953",
"lastModified": "2023-11-23T00:15:08.953",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master plugin <=\u00a08.1.13 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en el complemento ExpressTech Quiz And Survey Master en versiones &lt;= 8.1.13."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47835.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47835",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T00:15:09.137",
"lastModified": "2023-11-23T00:15:09.137",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ARI Soft ARI Stream Quiz \u2013 WordPress Quizzes Builder plugin <=\u00a01.2.32 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en el complemento ARI Soft ARI Stream Quiz \u2013 WordPress Quizzes Builder en versiones &lt;= 1.2.32."
}
],
"metrics": {

8
CVE-2023/CVE-2023-478xx/CVE-2023-47839.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47839",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-23T00:15:09.320",
"lastModified": "2023-11-23T00:15:09.320",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <=\u00a03.3.26 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Scripting entre sitios') en el complemento impleCode eCommerce Product Catalog Plugin para WordPress en versiones &lt;= 3.3.26."
}
],
"metrics": {

8
CVE-2023/CVE-2023-481xx/CVE-2023-48105.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48105",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T23:15:10.617",
"lastModified": "2023-11-22T23:15:10.617",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de desbordamiento del heap en Bytecode alliance wasm-micro-runtime v.1.2.3 que permite a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n wasm_loader_prepare_bytecode en core/iwasm/interpreter/wasm_loader.c."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-481xx/CVE-2023-48107.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48107",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T23:15:10.663",
"lastModified": "2023-11-22T23:15:10.663",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento del b\u00fafer en zlib-ng minizip-ng v.4.0.2 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado en la funci\u00f3n mz_path_has_slash en el archivo mz_os.c."
}
],
"metrics": {},

80
CVE-2023/CVE-2023-481xx/CVE-2023-48109.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-48109",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-20T20:15:07.510",
"lastModified": "2023-11-21T01:38:10.777",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T15:40:18.563",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the deviceId parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda AX1803 v1.0.0.1 conten\u00eda un desbordamiento del heap a trav\u00e9s del par\u00e1metro deviceId en la funci\u00f3n saveParentControlInfo. Esta vulnerabilidad permite a los atacantes provocar un ataque de Denegaci\u00f3n de Servicio (DoS)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://tjr181.com/index.php/archives/13/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-481xx/CVE-2023-48110.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-48110",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-20T20:15:07.557",
"lastModified": "2023-11-21T01:38:10.777",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T15:40:26.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the urls parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda AX1803 v1.0.0.1 conten\u00eda un desbordamiento del heap a trav\u00e9s del par\u00e1metro urls en la funci\u00f3n saveParentControlInfo. Esta vulnerabilidad permite a los atacantes provocar un ataque de Denegaci\u00f3n de Servicio (DoS)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://tjr181.com/index.php/archives/13/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-481xx/CVE-2023-48111.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-48111",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-20T20:15:07.600",
"lastModified": "2023-11-21T01:38:10.777",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T15:40:35.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda AX1803 v1.0.0.1 conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro de tiempo en la funci\u00f3n saveParentControlInfo. Esta vulnerabilidad permite a los atacantes provocar un ataque de Denegaci\u00f3n de Servicio (DoS)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://tjr181.com/index.php/archives/13/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-487xx/CVE-2023-48706.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48706",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-22T22:15:08.673",
"lastModified": "2023-11-23T00:15:09.520",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue."
},
{
"lang": "es",
"value": "Vim es un editor UNIX que, antes de la versi\u00f3n 9.0.2121, tiene una vulnerabilidad de heap-use-after-free. Al ejecutar un comando `:s` por primera vez y utilizar un \u00e1tomo subreemplazante especial dentro de la parte de sustituci\u00f3n, es posible que la llamada recursiva `:s` provoque la liberaci\u00f3n de memoria a la que luego se podr\u00e1 acceder por el comando inicial `:s`. El usuario debe ejecutar intencionalmente el payload y todo el proceso es un poco complicado de realizar ya que parece funcionar solo de manera confiable para el primer comando :s. Tambi\u00e9n puede provocar un bloqueo de Vim. La versi\u00f3n 9.0.2121 contiene una soluci\u00f3n para este problema."
}
],
"metrics": {

8
CVE-2023/CVE-2023-487xx/CVE-2023-48796.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48796",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-24T08:15:20.810",
"lastModified": "2023-11-24T08:15:20.810",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
@ -24,6 +24,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/24/1",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/ffrmkcwgr2lcz0f5nnnyswhpn3fytsvo",
"source": "security@apache.org"

8
CVE-2023/CVE-2023-491xx/CVE-2023-49102.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49102",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T22:15:08.867",
"lastModified": "2023-11-22T22:15:08.867",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "es",
"value": "NZBGet 21.1 permite la ejecuci\u00f3n remota de c\u00f3digo autenticado porque los programas de descompresi\u00f3n (7za y unrar) conservan los permisos de los archivos ejecutables. Un atacante con capacidad de Control puede ejecutar un archivo estableciendo el valor de SevenZipCommand o UnrarCmd. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-491xx/CVE-2023-49146.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49146",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T22:15:08.913",
"lastModified": "2023-11-22T22:15:08.913",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions."
},
{
"lang": "es",
"value": "DOMSanitizer (tambi\u00e9n conocido como dom-sanitizer) anterior a 1.0.7 permite XSS a trav\u00e9s de un documento SVG debido al mal manejo de comentarios y expresiones regulares codiciosas."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-492xx/CVE-2023-49208.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49208",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-23T18:15:07.410",
"lastModified": "2023-11-23T18:15:07.410",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration."
},
{
"lang": "es",
"value": "esquema/webauthn.c en el servidor SSO de Glewlwyd anterior a 2.7.6 tiene un posible desbordamiento del b\u00fafer durante la validaci\u00f3n de las credenciales FIDO2 en el registro de webauthn."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-492xx/CVE-2023-49210.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49210",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-23T20:15:07.157",
"lastModified": "2023-11-23T20:15:07.157",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as \"a nonsense wrapper with no real purpose\" by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "es",
"value": "El paquete NPM openssl (tambi\u00e9n conocido como node-openssl) hasta 2.0.0 fue caracterizado por su autor como \"un contenedor sin sentido sin ning\u00fan prop\u00f3sito real\" y acepta un argumento opts que contiene un campo verbal (usado para la ejecuci\u00f3n de comandos). NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-492xx/CVE-2023-49213.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49213",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-23T22:15:07.290",
"lastModified": "2023-11-23T22:15:07.290",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1."
},
{
"lang": "es",
"value": "Los endpoints API en Ironman PowerShell Universal 3.0.0 a 4.2.0 permiten a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de solicitudes HTTP manipuladas si se usa un bloque param, debido a una sanitizaci\u00f3n no v\u00e1lida de las cadenas de entrada. Las versiones corregidas son 3.10.2, 4.1.10 y 4.2.1."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-492xx/CVE-2023-49214.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49214",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-23T22:15:07.343",
"lastModified": "2023-11-23T22:15:07.343",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Usedesk before 1.7.57 allows chat template injection."
},
{
"lang": "es",
"value": "Usedesk anterior a 1.7.57 permite la inyecci\u00f3n de plantillas de chat."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-492xx/CVE-2023-49215.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49215",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-23T22:15:07.400",
"lastModified": "2023-11-23T22:15:07.400",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Usedesk before 1.7.57 allows filter reflected XSS."
},
{
"lang": "es",
"value": "Usedesk anterior a 1.7.57 permite filtrar XSS reflejado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-492xx/CVE-2023-49216.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49216",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-23T22:15:07.460",
"lastModified": "2023-11-23T22:15:07.460",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Usedesk before 1.7.57 allows profile stored XSS."
},
{
"lang": "es",
"value": "Usedesk anterior a 1.7.57 permite almacenar perfiles XSS."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-59xx/CVE-2023-5972.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5972",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-23T18:15:07.470",
"lastModified": "2023-11-23T18:15:07.470",
"vulnStatus": "Received",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla de desreferencia de puntero nulo en la funcionalidad nft_inner.c de netfilter en el kernel de Linux. Este problema podr\u00eda permitir que un usuario local bloquee el sistema o aumente sus privilegios en el sistema."
}
],
"metrics": {

57
CVE-2023/CVE-2023-60xx/CVE-2023-6045.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6045",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-11-20T12:15:09.387",
"lastModified": "2023-11-20T15:04:56.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-11-24T15:38:56.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*",
"versionEndIncluding": "3.2.2",
"matchCriteriaId": "2422B778-3952-48B7-BFEB-D4858B342679"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md",
"source": "scy@openharmony.io"
"source": "scy@openharmony.io",
"tags": [
"Broken Link"
]
}
]
}

Some files were not shown because too many files have changed in this diff Show More