admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-08T13:00:40.270293+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-08 13:00:44 +00:00
parent c8de4992f8
commit b4bbd2313f
83 changed files with 883 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2023/CVE-2023-290xx/CVE-2023-29048.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-29048",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-01-08T09:15:19.893",
"lastModified": "2024-01-08T09:15:19.893",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially violate integrity by modifying resources. The template engine has been reconfigured to deny execution of harmful commands on a system level. No publicly available exploits are known.\n\n"
},
{
"lang": "es",
"value": "Se podr\u00eda abusar de un componente para analizar plantillas OXMF para ejecutar comandos arbitrarios del sistema que se ejecutar\u00edan como usuario de tiempo de ejecuci\u00f3n sin privilegios. Los usuarios y atacantes podr\u00edan ejecutar comandos del sistema con privilegios limitados para obtener acceso no autorizado a informaci\u00f3n confidencial y potencialmente violar la integridad al modificar recursos. El motor de plantillas se ha reconfigurado para denegar la ejecuci\u00f3n de comandos da\u00f1inos a nivel del sistema. No se conocen exploits disponibles p\u00fablicamente."
}
],
"metrics": {

8
CVE-2023/CVE-2023-290xx/CVE-2023-29049.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-29049",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-01-08T09:15:20.120",
"lastModified": "2024-01-08T09:15:20.120",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The \"upsell\" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain. User input for this widget is now sanitized to avoid malicious content the be processed. No publicly available exploits are known.\n\n"
},
{
"lang": "es",
"value": "Se podr\u00eda abusar del widget \"upsell\" en la p\u00e1gina del portal para inyectar c\u00f3digo de script arbitrario. Los atacantes que logran atraer a los usuarios a una cuenta comprometida u obtener acceso temporal a una cuenta leg\u00edtima, podr\u00edan inyectar c\u00f3digo de secuencia de comandos para obtener capacidades de ejecuci\u00f3n de c\u00f3digo persistente en un dominio confiable. La entrada del usuario para este widget ahora se sanitiza para evitar que se procese contenido malicioso. No se conocen exploits disponibles p\u00fablicamente."
}
],
"metrics": {

8
CVE-2023/CVE-2023-290xx/CVE-2023-29050.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-29050",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-01-08T09:15:20.300",
"lastModified": "2024-01-08T09:15:20.300",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The optional \"LDAP contacts provider\" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory server, leading to denial of service. Encoding has been added for user-provided fragments that are used when constructing the LDAP query. No publicly available exploits are known.\n\n"
},
{
"lang": "es",
"value": "Los usuarios privilegiados podr\u00edan abusar del \"proveedor de contactos LDAP\" opcional para inyectar cadenas de filtro LDAP que permitan acceder a contenido fuera de la jerarqu\u00eda prevista. Los usuarios no autorizados podr\u00edan romper la confidencialidad de la informaci\u00f3n en el directorio y potencialmente causar una gran carga en el servidor del directorio, lo que llevar\u00eda a la denegaci\u00f3n de servicio. Se ha agregado codificaci\u00f3n para los fragmentos proporcionados por el usuario que se utilizan al construir la consulta LDAP. No se conocen exploits disponibles p\u00fablicamente."
}
],
"metrics": {

8
CVE-2023/CVE-2023-290xx/CVE-2023-29051.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-29051",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-01-08T09:15:20.480",
"lastModified": "2024-01-08T09:15:20.480",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users and contexts. We now make sure that the switch to disable user-generated templates by default works as intended and will remove the feature in future generations of the product. No publicly available exploits are known.\n\n"
},
{
"lang": "es",
"value": "Se pueden utilizar plantillas OXMF definidas por el usuario para acceder a una parte limitada de la API Java interna de OX App Suite. El interruptor existente para desactivar la funci\u00f3n de forma predeterminada no fue efectivo en este caso. Los usuarios no autorizados podr\u00edan descubrir y modificar el estado de la aplicaci\u00f3n, incluidos objetos relacionados con otros usuarios y contextos. Ahora nos aseguramos de que el cambio para deshabilitar las plantillas generadas por el usuario de forma predeterminada funcione seg\u00fan lo previsto y eliminar\u00e1 la funci\u00f3n en generaciones futuras del producto. No se conocen exploits disponibles p\u00fablicamente."
}
],
"metrics": {

8
CVE-2023/CVE-2023-290xx/CVE-2023-29052.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-29052",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-01-08T09:15:20.680",
"lastModified": "2024-01-08T09:15:20.680",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.\n\n"
},
{
"lang": "es",
"value": "Los usuarios pudieron definir textos de exenci\u00f3n de responsabilidad para un cuadro de di\u00e1logo de tienda de ventas adicionales que contendr\u00eda c\u00f3digo de script que no se sanitiz\u00f3 correctamente. Los atacantes podr\u00edan atraer a las v\u00edctimas a cuentas de usuario con c\u00f3digo de script malicioso y obligarlas a ejecutarlo en el contexto de un dominio confiable. Agregamos sanitizaci\u00f3n para este contenido. No se conocen exploits disponibles p\u00fablicamente."
}
],
"metrics": {

63
CVE-2023/CVE-2023-312xx/CVE-2023-31293.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31293",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T03:15:10.690",
"lastModified": "2023-12-29T13:56:44.347",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T12:56:43.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Se descubri\u00f3 un problema en Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), que permite a atacantes remotos obtener informaci\u00f3n confidencial y omitir la restricci\u00f3n de perfil mediante un control de acceso inadecuado en el navegador web del usuario del sistema Reader, permitiendo que el diario se muestre, a pesar de que la opci\u00f3n est\u00e1 desactivada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sesami:cash_point_\\&_transport_optimizer:6.3.8.6.718:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF8F540-DE41-4C35-BA23-64A08F2474E7"
}
]
}
]
}
],
"references": [
{
"url": "https://herolab.usd.de/en/security-advisories/usd-2022-0061/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-312xx/CVE-2023-31294.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31294",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T03:15:10.740",
"lastModified": "2023-12-29T13:56:44.347",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T12:56:24.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Vulnerabilidad de inyecci\u00f3n CSV en Sesami Cash Point & Transport Optimizer (CPTO) versi\u00f3n 6.3.8.6 (#718), permite a atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s del campo Delivery Name."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sesami:cash_point_\\&_transport_optimizer:6.3.8.6.718:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF8F540-DE41-4C35-BA23-64A08F2474E7"
}
]
}
]
}
],
"references": [
{
"url": "https://herolab.usd.de/en/security-advisories/usd-2022-0052/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-312xx/CVE-2023-31295.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31295",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T06:15:43.563",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T12:53:25.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Vulnerabilidad de inyecci\u00f3n CSV en Sesami Cash Point & Transport Optimizer (CPTO) versi\u00f3n 6.3.8.6 (#718), permite a atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s del campo User Profile."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sesami:cash_point_\\&_transport_optimizer:6.3.8.6.718:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF8F540-DE41-4C35-BA23-64A08F2474E7"
}
]
}
]
}
],
"references": [
{
"url": "https://herolab.usd.de/en/security-advisories/usd-2022-0053/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-312xx/CVE-2023-31299.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31299",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T05:15:08.750",
"lastModified": "2023-12-29T13:56:39.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T12:56:17.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en Sesami Cash Point & Transport Optimizer (CPTO) versi\u00f3n 6.3.8.6 (#718), permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del campo Barcode de un contenedor."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sesami:cash_point_\\&_transport_optimizer:6.3.8.6.718:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF8F540-DE41-4C35-BA23-64A08F2474E7"
}
]
}
]
}
],
"references": [
{
"url": "https://herolab.usd.de/en/security-advisories/usd-2022-0055/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-313xx/CVE-2023-31300.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31300",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T06:15:43.633",
"lastModified": "2023-12-29T13:56:33.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T12:52:27.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Se descubri\u00f3 un problema en Sesami Cash Point & Transport Optimizer (CPTO) versi\u00f3n 6.3.8.6 (#718), que permite a atacantes remotos obtener informaci\u00f3n confidencial mediante la transmisi\u00f3n de credenciales de texto plano y sin cifrar durante la funci\u00f3n de Password Reset."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sesami:cash_point_\\&_transport_optimizer:6.3.8.6.718:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF8F540-DE41-4C35-BA23-64A08F2474E7"
}
]
}
]
}
],
"references": [
{
"url": "https://herolab.usd.de/en/security-advisories/usd-2022-0057/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-398xx/CVE-2023-39853.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39853",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-06T04:15:08.863",
"lastModified": "2024-01-06T04:15:08.863",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Dzzoffice versi\u00f3n 2.01, permite a atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s de los par\u00e1metros doobj y doevent en el m\u00f3dulo backend de Network Disk."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-417xx/CVE-2023-41710.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41710",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-01-08T09:15:20.883",
"lastModified": "2024-01-08T09:15:20.883",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.\n\n"
},
{
"lang": "es",
"value": "Se podr\u00eda almacenar un c\u00f3digo de secuencia de comandos definido por el usuario para una URL de la tienda relacionada con ventas adicionales. Este c\u00f3digo no se sanitiz\u00f3 correctamente al agregarlo al DOM. Los atacantes podr\u00edan atraer a las v\u00edctimas a cuentas de usuario con c\u00f3digo de script malicioso y obligarlas a ejecutarlo en el contexto de un dominio confiable. Agregamos sanitizaci\u00f3n para este contenido. No se conocen exploits disponibles p\u00fablicamente."
}
],
"metrics": {

8
CVE-2023/CVE-2023-469xx/CVE-2023-46953.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46953",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-06T05:15:09.427",
"lastModified": "2024-01-06T05:15:09.427",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en ABO.CMS v.5.9.3, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro d en el m\u00f3dulo Documentos."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-471xx/CVE-2023-47140.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47140",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-01-08T03:15:13.283",
"lastModified": "2024-01-08T03:15:13.283",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. IBM X-Force ID: 270259."
},
{
"lang": "es",
"value": "IBM CICS Transaction Gateway 9.3 podr\u00eda permitir a un usuario transferir o ver archivos debido a controles de acceso inadecuados. ID de IBM X-Force: 270259."
}
],
"metrics": {

8
CVE-2023/CVE-2023-471xx/CVE-2023-47145.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47145",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-01-07T19:15:08.017",
"lastModified": "2024-01-07T19:15:08.017",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402."
},
{
"lang": "es",
"value": "IBM Db2 para Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 podr\u00eda permitir a un usuario local escalar sus privilegios al usuario de SYSTEM mediante la funcionalidad de reparaci\u00f3n de MSI ID de IBM X-Force: 270402."
}
],
"metrics": {

8
CVE-2023/CVE-2023-501xx/CVE-2023-50121.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50121",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-06T05:15:09.610",
"lastModified": "2024-01-06T05:15:09.610",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS)."
},
{
"lang": "es",
"value": "La versi\u00f3n 1.6.5 del firmware de control de vuelo del dron Autel EVO NANO es vulnerable a la denegaci\u00f3n de servicio (DoS)."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-506xx/CVE-2023-50609.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50609",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-06T04:15:08.930",
"lastModified": "2024-01-06T04:15:08.930",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version 3.1, allows remote attackers to execute arbitrary code via a crafted script to ajax.aspx."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en la plataforma de servicios de aplicaciones de v\u00eddeo de ense\u00f1anza AVA versi\u00f3n 3.1, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en ajax.aspx."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-506xx/CVE-2023-50612.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50612",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-06T03:15:43.990",
"lastModified": "2024-01-06T03:15:43.990",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter."
},
{
"lang": "es",
"value": "La vulnerabilidad de permisos inseguros en fit2cloud Cloud Explorer Lite versi\u00f3n 1.4.1 permite a atacantes locales escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro de cuentas en la nube."
}
],
"metrics": {},

61
CVE-2023/CVE-2023-507xx/CVE-2023-50730.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50730",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-22T21:15:07.930",
"lastModified": "2023-12-25T03:08:20.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-08T12:57:18.850",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments would have been accepted for type checking and compilation. The attempted compilation of such fragments would result in a JVM `StackOverflowError` being thrown. Some knowledge of an applications GraphQL schema would be required to construct such a query, however no knowledge of any application-specific performance or other behavioural characteristics would be needed.\n\nGrackle uses the cats-parse library for parsing GraphQL queries. Prior to version 0.18.0, Grackle made use of the cats-parse `recursive` operator. However, `recursive` is not currently stack safe. `recursive` was used in three places in the parser: nested selection sets, nested input values (lists and objects), and nested list type declarations. Consequently, queries with deeply nested selection sets, input values or list types could be constructed which exploited this, causing a JVM `StackOverflowException` to be thrown during parsing. Because this happens very early in query processing, no specific knowledge of an applications GraphQL schema would be required to construct such a query.\n\nThe possibility of small queries resulting in stack overflow is a potential denial of service vulnerability. This potentially affects all applications using Grackle which have untrusted users. Both stack overflow issues have been resolved in the v0.18.0 release of Grackle. As a workaround, users could interpose a sanitizing layer in between untrusted input and Grackle query processing."
},
{
"lang": "es",
"value": "Grackle es un servidor GraphQL escrito en functional Scala, construido en la pila Typelevel. La especificaci\u00f3n GraphQL requiere que los fragmentos de GraphQL no formen ciclos, ni directa ni indirectamente. Antes de la versi\u00f3n 0.18.0 de Grackle, ese requisito no se verificaba y las consultas con fragmentos c\u00edclicos se habr\u00edan aceptado para la verificaci\u00f3n y compilaci\u00f3n de tipos. El intento de compilaci\u00f3n de dichos fragmentos dar\u00eda como resultado que se generara un \"StackOverflowError\" de JVM. Se necesitar\u00eda cierto conocimiento del esquema GraphQL de una aplicaci\u00f3n para construir dicha consulta; sin embargo, no se necesitar\u00eda ning\u00fan conocimiento del rendimiento espec\u00edfico de la aplicaci\u00f3n ni de otras caracter\u00edsticas de comportamiento. Grackle usa la librer\u00eda cats-parse para analizar consultas GraphQL. Antes de la versi\u00f3n 0.18.0, Grackle hac\u00eda uso del operador \"recursive\" de cats-parse. Sin embargo, \"recursive\" actualmente no es seguro para pilas. \"recursive\" se us\u00f3 en tres lugares del analizador: conjuntos de selecci\u00f3n anidados, valores de entrada anidados (listas y objetos) y declaraciones de tipos de listas anidadas. En consecuencia, se podr\u00edan construir consultas con conjuntos de selecci\u00f3n, valores de entrada o tipos de listas profundamente anidados que explotaran esto, provocando que se lanzara una `StackOverflowException` de JVM durante el an\u00e1lisis. Debido a que esto sucede muy temprano en el procesamiento de consultas, no se requerir\u00eda ning\u00fan conocimiento espec\u00edfico del esquema GraphQL de una aplicaci\u00f3n para construir dicha consulta. La posibilidad de que peque\u00f1as consultas provoquen un desbordamiento de la pila es una posible vulnerabilidad de denegaci\u00f3n de servicio. Esto afecta potencialmente a todas las aplicaciones que utilizan Grackle y que tienen usuarios que no son de confianza. Ambos problemas de desbordamiento de pila se resolvieron en la versi\u00f3n v0.18.0 de Grackle. Como workaround, los usuarios podr\u00edan interponer una capa de sanitizaci\u00f3n entre las entradas que no son de confianza y el procesamiento de consultas de Grackle."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +74,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:typelevel:grackle:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.18.0",
"matchCriteriaId": "7CDE45B5-5A5B-487E-87ED-A62DCD8DD851"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/typelevel/grackle/commit/56e244b91659cf385df590fc6c46695b6f36cbfd",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/typelevel/grackle/releases/tag/v0.18.0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/typelevel/grackle/security/advisories/GHSA-g56x-7j6w-g8r8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-509xx/CVE-2023-50948.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50948",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-01-08T02:15:13.793",
"lastModified": "2024-01-08T02:15:13.793",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671."
},
{
"lang": "es",
"value": "IBM Storage Fusion HCI 2.1.0 a 2.6.1 contiene credenciales codificadas, como una contrase\u00f1a o clave criptogr\u00e1fica, que utiliza para su propia autenticaci\u00f3n entrante, comunicaci\u00f3n saliente con componentes externos o cifrado de datos internos. ID de IBM X-Force: 275671."
}
],
"metrics": {

8
CVE-2023/CVE-2023-50xx/CVE-2023-5091.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5091",
"sourceIdentifier": "arm-security@arm.com",
"published": "2024-01-08T10:15:11.233",
"lastModified": "2024-01-08T10:15:11.233",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a\u00a0local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through r40p0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Use After Free en Arm Ltd Valhall GPU Kernel Driver permite a un usuario local sin privilegios realizar operaciones de procesamiento de GPU incorrectas para obtener acceso a la memoria ya liberada. Este problema afecta al controlador del kernel de GPU de Valhall: desde r37p0 hasta r40p0."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-514xx/CVE-2023-51441.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51441",
"sourceIdentifier": "security@apache.org",
"published": "2024-01-06T12:15:42.997",
"lastModified": "2024-01-06T12:15:42.997",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF\nThis issue affects Apache Axis: through 1.3.\n\nAs Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does not expect to create an Axis 1.x release \nfixing this problem, though contributors that would like to work towards\n this are welcome.\n\n"
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** La vulnerabilidad de validaci\u00f3n de entrada incorrecta en Apache Axis permiti\u00f3 a los usuarios con acceso al servicio de administraci\u00f3n realizar posibles SSRF. Este problema afecta a Apache Axis: hasta 1.3. Como Axis 1 ha estado en EOL, le recomendamos migrar a un motor SOAP diferente, como Apache Axis 2/Java. Alternativamente, puede usar una compilaci\u00f3n de Axis con el parche de https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 aplicado. El proyecto Apache Axis no espera crear una versi\u00f3n Axis 1.x que solucione este problema, aunque los contribuyentes que deseen trabajar para lograrlo son bienvenidos."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-67xx/CVE-2023-6798.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6798",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-06T10:15:45.840",
"lastModified": "2024-01-06T10:15:45.840",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with author-level access or above to change the plugin's settings including proxy settings, which are also exposed to authors."
},
{
"lang": "es",
"value": "El complemento RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator para WordPress es vulnerable a actualizaciones de configuraci\u00f3n no autorizadas debido a una falta de verificaci\u00f3n de capacidad al actualizar la configuraci\u00f3n en todas las versiones hasta la 4.3.2 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de autor o superior, cambien la configuraci\u00f3n del complemento, incluida la configuraci\u00f3n del proxy, que tambi\u00e9n est\u00e1 expuesta a los autores."
}
],
"metrics": {

8
CVE-2023/CVE-2023-68xx/CVE-2023-6801.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6801",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-06T10:15:46.133",
"lastModified": "2024-01-06T10:15:46.133",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en todas las versiones hasta la 4.3.2 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y salida que se escapa. Esto hace posible que atacantes autenticados, con permisos de nivel de autor y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

63
CVE-2023/CVE-2023-69xx/CVE-2023-6921.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-6921",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-01-08T12:15:46.513",
"lastModified": "2024-01-08T12:15:46.513",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cvd@cert.pl",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cvd@cert.pl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2024/01/CVE-2023-6921/",
"source": "cvd@cert.pl"
},
{
"url": "https://cert.pl/posts/2024/01/CVE-2023-6921/",
"source": "cvd@cert.pl"
},
{
"url": "https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html",
"source": "cvd@cert.pl"
}
]
}

8
CVE-2023/CVE-2023-72xx/CVE-2023-7208.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7208",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T07:15:07.777",
"lastModified": "2024-01-07T07:15:07.777",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Totolink X2000R_V2 2.0.0-B20230727.10434 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n formTmultiAP del archivo /bin/boa. La manipulaci\u00f3n provoca un desbordamiento de b\u00fafer. VDB-249742 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7209.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7209",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T09:15:08.853",
"lastModified": "2024-01-07T09:15:08.853",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Uniway Router up to 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boaform/device_reset.cgi of the component Device Reset Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249758 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Uniway Router hasta 2.0. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /boaform/device_reset.cgi del componente Device Reset Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-249758 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7210.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7210",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T10:15:08.660",
"lastModified": "2024-01-07T10:15:08.660",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects an unknown part of the file /index.php?c=api of the component API. The manipulation of the argument X-Token leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249765 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en OneNav hasta 0.9.33. Ha sido clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo /index.php?c=api del componente API. La manipulaci\u00f3n del argumento X-Token conduce a una autenticaci\u00f3n incorrecta. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249765."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7211.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7211",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T10:15:08.907",
"lastModified": "2024-01-07T10:15:08.907",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Uniway Router 2.0. It has been declared as critical. This vulnerability affects unknown code of the component Administrative Web Interface. The manipulation leads to reliance on ip address for authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-249766 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Uniway Router 2.0. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del componente Administrative Web Interface. La manipulaci\u00f3n lleva a depender de la direcci\u00f3n IP para la autenticaci\u00f3n. El ataque se puede iniciar de forma remota. La complejidad de un ataque es bastante alta. La explotaci\u00f3n parece dif\u00edcil. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-249766 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7212.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7212",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T17:15:08.180",
"lastModified": "2024-01-07T17:15:08.180",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file file_class.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249768. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en DeDeCMS hasta 5.7.112 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo file_class.php del componente Backend es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una carga sin restricciones. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249768. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7213.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7213",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T19:15:08.230",
"lastModified": "2024-01-07T19:15:08.230",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this vulnerability is the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249769 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Totolink N350RT 9.3.5u.6139_B20201216 y clasificada como cr\u00edtica. La funci\u00f3n main del archivo /cgi-bin/cstecgi.cgi?action=login&flag=1 del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento v33 provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249769. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7214.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7214",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T20:15:47.560",
"lastModified": "2024-01-07T20:15:47.560",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249770 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Totolink N350RT 9.3.5u.6139_B20201216 y clasificada como cr\u00edtica. La funci\u00f3n main del archivo /cgi-bin/cstecgi.cgi?action=login del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento v8 provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249770 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma."
}
],
"metrics": {

8
CVE-2023/CVE-2023-72xx/CVE-2023-7215.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7215",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T02:15:14.027",
"lastModified": "2024-01-08T02:15:14.027",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Chanzhaoyu chatgpt-web 2.11.1. This issue affects some unknown processing. The manipulation of the argument Description with the input <image src onerror=prompt(document.domain)> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249779."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Chanzhaoyu chatgpt-web 2.11.1 y clasificada como problem\u00e1tica. Este problema afecta alg\u00fan procesamiento desconocido. La manipulaci\u00f3n del argumento Description con la entrada conduce a cross site scripting. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249779."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0260.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0260",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T00:15:42.550",
"lastModified": "2024-01-07T00:15:42.550",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249816."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester Engineers Online Portal 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo change_password_teacher.php del componente Password Change es afectada por esta vulnerabilidad. La manipulaci\u00f3n provoca la caducidad de la sesi\u00f3n. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249816."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0261.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0261",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T02:15:44.380",
"lastModified": "2024-01-07T02:15:44.380",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249817 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Sentex FTPDMIN 0.96 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente RNFR Command Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249817."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0262.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0262",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T02:15:44.623",
"lastModified": "2024-01-07T02:15:44.623",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Admin/News.php of the component Create News Page. The manipulation of the argument News with the input </title><scRipt>alert(0x00C57D)</scRipt> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249818 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Online Job Portal 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /Admin/News.php del componente Create News Page es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento News con la entrada conduce a cross site scripting. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-249818 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0263.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0263",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T04:15:08.563",
"lastModified": "2024-01-07T04:15:08.563",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249819."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en ACME Ultra Mini HTTPd 1.21. Ha sido clasificada como problem\u00e1tica. Una parte desconocida del componente HTTP GET Request Handler afecta a una parte desconocida. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-249819."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0264.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0264",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T05:15:09.143",
"lastModified": "2024-01-07T05:15:09.143",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249820."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Clinic Queuing System 1.0. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo /LoginRegistration.php. La manipulaci\u00f3n del argumento formToken conduce a la omisi\u00f3n de autorizaci\u00f3n. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249820."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0265.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0265",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T05:15:09.977",
"lastModified": "2024-01-07T05:15:09.977",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Clinic Queuing System 1.0. Ha sido calificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo /index.php del componente GET Parameter Handler. La manipulaci\u00f3n de la p\u00e1gina de argumentos conduce a la inclusi\u00f3n del archivo. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249821."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0266.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0266",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T06:15:47.507",
"lastModified": "2024-01-07T06:15:47.507",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the component User Registration. The manipulation of the argument First Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249822 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Project Worlds Online Lawyer Management System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente User Registration es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento First Name conduce a cross site scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-249822 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0267.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0267",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T06:15:47.863",
"lastModified": "2024-01-07T06:15:47.863",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Kashipara Hospital Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Parameter Handler. The manipulation of the argument email/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249823."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Kashipara Hospital Management System hasta 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo login.php del componente Parameter Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento email/password conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249823."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0268.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0268",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T08:15:07.393",
"lastModified": "2024-01-07T08:15:07.393",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Kashipara Hospital Management System up to 1.0. Affected by this issue is some unknown functionality of the file registration.php. The manipulation of the argument name/email/pass/gender/age/city leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249824."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Kashipara Hospital Management System hasta 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo registration.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento name/email/pass/gender/age/city conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249824."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0270.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0270",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T08:15:07.840",
"lastModified": "2024-01-07T08:15:07.840",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0. This affects an unknown part of the file item_list_submit.php. The manipulation of the argument item_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249825 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Kashipara Food Management System hasta 1.0 y clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo item_list_submit.php. La manipulaci\u00f3n del argumento item_name conduce a la inyecci\u00f3n de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249825."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0271.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0271",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T09:15:09.140",
"lastModified": "2024-01-07T09:15:09.140",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file addmaterial_edit.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249826 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Kashipara Food Management System hasta 1.0 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo addmaterial_edit.php. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-249826 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0272.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0272",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T11:15:16.537",
"lastModified": "2024-01-07T11:15:16.537",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file addmaterialsubmit.php. The manipulation of the argument material_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249827."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Kashipara Food Management System hasta 1.0 y se clasific\u00f3 como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo addmaterialsubmit.php. La manipulaci\u00f3n del argumento material_name conduce a la inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249827."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0273.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0273",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T11:15:16.987",
"lastModified": "2024-01-07T11:15:16.987",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as critical. Affected is an unknown function of the file addwaste_entry.php. The manipulation of the argument item_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249828."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Kashipara Food Management System hasta la versi\u00f3n 1.0. Ha sido clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo addwaste_entry.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento item_name conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249828."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0274.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0274",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T12:15:14.580",
"lastModified": "2024-01-07T12:15:14.580",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file billAjax.php. The manipulation of the argument item_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249829 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Kashipara Food Management System hasta la versi\u00f3n 1.0. Ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo billAjax.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento item_name conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249829."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0275.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0275",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T12:15:14.820",
"lastModified": "2024-01-07T12:15:14.820",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file item_edit_submit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249830 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Kashipara Food Management System hasta la versi\u00f3n 1.0. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo item_edit_submit.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249830 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0276.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0276",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T13:15:08.293",
"lastModified": "2024-01-07T13:15:08.293",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Kashipara Food Management System up to 1.0. This affects an unknown part of the file rawstock_used_damaged_smt.php. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249831."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Kashipara Food Management System hasta 1.0 y clasificada como cr\u00edtica. Una parte desconocida del archivo afecta a rawstock_used_damged_smt.php. La manipulaci\u00f3n del argumento product_name conduce a la inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249831."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0277.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0277",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T13:15:08.540",
"lastModified": "2024-01-07T13:15:08.540",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Kashipara Food Management System up to 1.0. This vulnerability affects unknown code of the file party_submit.php. The manipulation of the argument party_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249832."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Kashipara Food Management System hasta 1.0 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo party_submit.php. La manipulaci\u00f3n del argumento party_name conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249832."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0278.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0278",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T14:15:43.297",
"lastModified": "2024-01-07T14:15:43.297",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Kashipara Food Management System up to 1.0. This issue affects some unknown processing of the file partylist_edit_submit.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249833 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Kashipara Food Management System hasta 1.0 y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo partylist_edit_submit.php. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249833."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0279.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0279",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T14:15:43.543",
"lastModified": "2024-01-07T14:15:43.543",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0. Affected is an unknown function of the file item_list_edit.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249834 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Kashipara Food Management System hasta 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo item_list_edit.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249834 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0280.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0280",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T15:15:08.917",
"lastModified": "2024-01-07T15:15:08.917",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file item_type_submit.php. The manipulation of the argument type_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249835."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Kashipara Food Management System hasta 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo item_type_submit.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento type_name conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249835."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0281.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0281",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T15:15:09.157",
"lastModified": "2024-01-07T15:15:09.157",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file loginCheck.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249836."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Kashipara Food Management System hasta 1.0 y se clasific\u00f3 como cr\u00edtica. Una funci\u00f3n desconocida del archivo loginCheck.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento password conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249836."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0282.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0282",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T16:15:44.133",
"lastModified": "2024-01-07T16:15:44.133",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as problematic. This affects an unknown part of the file addmaterialsubmit.php. The manipulation of the argument tin leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249837 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Kashipara Food Management System hasta la versi\u00f3n 1.0. Ha sido clasificada como problem\u00e1tica. Una parte desconocida del archivo addmaterialsubmit.php afecta a esta vulnerabilidad. La manipulaci\u00f3n del argumento tin puede conducir a cross site scripting. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249837."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0283.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0283",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T16:15:44.380",
"lastModified": "2024-01-07T16:15:44.380",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file party_details.php. The manipulation of the argument party_name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249838 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Kashipara Food Management System hasta la versi\u00f3n 1.0. Ha sido declarada problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo party_details.php. La manipulaci\u00f3n del argumento party_name conduce a cross site scripting. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249838 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0284.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0284",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T17:15:08.427",
"lastModified": "2024-01-07T17:15:08.427",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as problematic. This issue affects some unknown processing of the file party_submit.php. The manipulation of the argument party_address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249839."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Kashipara Food Management System hasta la versi\u00f3n 1.0. Ha sido calificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo party_submit.php. La manipulaci\u00f3n del argumento party_address conduce a cross site scripting. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249839."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0286.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0286",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T18:15:16.383",
"lastModified": "2024-01-07T18:15:16.383",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249843."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en PHPGurukul Hospital Management System 1.0 y clasificada como problem\u00e1tica. Esto afecta a una parte desconocida del archivo index.php#contact_us del componente Contact Form. La manipulaci\u00f3n del argumento Name/Email/Message conduce a cross site scripting. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249843."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0287.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0287",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-07T23:15:43.607",
"lastModified": "2024-01-07T23:15:43.607",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Kashipara Food Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file itemBillPdf.php. The manipulation of the argument printid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249848."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Kashipara Food Management System 1.0. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo itemBillPdf.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento printid conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249848."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0288.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0288",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T00:15:43.947",
"lastModified": "2024-01-08T00:15:43.947",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Kashipara Food Management System 1.0. This affects an unknown part of the file rawstock_used_damaged_submit.php. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249849 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Kashipara Food Management System 1.0 y clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo rawstock_used_damged_submit.php. La manipulaci\u00f3n del argumento product_name conduce a la inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249849."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0289.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0289",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T00:15:44.190",
"lastModified": "2024-01-08T00:15:44.190",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Kashipara Food Management System 1.0. This vulnerability affects unknown code of the file stock_entry_submit.php. The manipulation of the argument itemype leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249850 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Kashipara Food Management System 1.0 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo stock_entry_submit.php. La manipulaci\u00f3n del argumento itemype conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249850 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0290.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0290",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T01:15:10.607",
"lastModified": "2024-01-08T01:15:10.607",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Kashipara Food Management System 1.0. This issue affects some unknown processing of the file stock_edit.php. The manipulation of the argument item_type leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249851."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Kashipara Food Management System 1.0 y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo stock_edit.php. La manipulaci\u00f3n del argumento item_type conduce a la inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249851."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0291.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0291",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T01:15:10.850",
"lastModified": "2024-01-08T01:15:10.850",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249857 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Totolink LR1200GB 9.1.0u.6619_B20230130. Ha sido calificado como cr\u00edtico. Este problema afecta la funci\u00f3n UploadFirmwareFile del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento FileName conduce a la inyecci\u00f3n de comandos. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249857. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0292.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0292",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T02:15:14.367",
"lastModified": "2024-01-08T02:15:14.367",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Totolink LR1200GB 9.1.0u.6619_B20230130 y clasificada como cr\u00edtica. La funci\u00f3n setOpModeCfg del fichero /cgi-bin/cstecgi.cgi es afectada por la vulnerabilidad. La manipulaci\u00f3n del argumento hostName conduce a la inyecci\u00f3n de comandos del sistema operativo. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249858 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0293.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0293",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T03:15:13.820",
"lastModified": "2024-01-08T03:15:13.820",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this vulnerability is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Totolink LR1200GB 9.1.0u.6619_B20230130 y clasificada como cr\u00edtica. La funci\u00f3n setUploadSetting del archivo /cgi-bin/cstecgi.cgi es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento FileName conduce a la inyecci\u00f3n de comandos del sistema operativo. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249859. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0294.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0294",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T03:15:14.050",
"lastModified": "2024-01-08T03:15:14.050",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this issue is the function setUssd of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ussd leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249860. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Totolink LR1200GB 9.1.0u.6619_B20230130 y clasificada como cr\u00edtica. La funci\u00f3n setUssd del archivo /cgi-bin/cstecgi.cgi es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento ussd conduce a la inyecci\u00f3n de comandos del sistema operativo. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249860. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0295.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0295",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T04:15:08.287",
"lastModified": "2024-01-08T04:15:08.287",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Totolink LR1200GB 9.1.0u.6619_B20230130 y clasificada como cr\u00edtica. Esto afecta a la funci\u00f3n setWanCfg del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento hostName conduce a la inyecci\u00f3n de comandos del sistema operativo. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249861. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0296.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0296",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T04:15:08.540",
"lastModified": "2024-01-08T04:15:08.540",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Totolink N200RE 9.3.5u.6139_B20201216 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n NTPSyncWithHost del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento host_time conduce a la inyecci\u00f3n de comandos del sistema operativo. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249862 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0297.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0297",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T05:15:09.393",
"lastModified": "2024-01-08T05:15:09.393",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Totolink N200RE 9.3.5u.6139_B20201216 y clasificada como cr\u00edtica. Este problema afecta la funci\u00f3n UploadFirmwareFile del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n del argumento FileName conduce a la inyecci\u00f3n de comandos del sistema operativo. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249863. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0298.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0298",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T05:15:09.770",
"lastModified": "2024-01-08T05:15:09.770",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Totolink N200RE 9.3.5u.6139_B20201216. Ha sido clasificada como cr\u00edtica. La funci\u00f3n setDiagnosisCfg del fichero /cgi-bin/cstecgi.cgi es afectada por la vulnerabilidad. La manipulaci\u00f3n del argumento ip conduce a la inyecci\u00f3n de comandos del sistema operativo. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249864. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma."
}
],
"metrics": {

8
CVE-2024/CVE-2024-02xx/CVE-2024-0299.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0299",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T06:15:44.593",
"lastModified": "2024-01-08T06:15:44.593",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Totolink N200RE 9.3.5u.6139_B20201216. Ha sido declarada cr\u00edtica. La funci\u00f3n setTracerouteCfg del archivo /cgi-bin/cstecgi.cgi es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento command conduce a la inyecci\u00f3n de comandos del sistema operativo. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249865. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma."
}
],
"metrics": {

8
CVE-2024/CVE-2024-03xx/CVE-2024-0300.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0300",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T06:15:45.047",
"lastModified": "2024-01-08T06:15:45.047",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Beijing Baichuo Smart S150 Management Platform up to 20240101. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php of the component HTTP POST Request Handler. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249866 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Beijing Baichuo Smart S150 Management Platform hasta 20240101 y fue calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /useratte/userattestation.php del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento web_img conduce a una carga sin restricciones. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249866 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente al proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma."
}
],
"metrics": {

4
CVE-2024/CVE-2024-03xx/CVE-2024-0301.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0301",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T07:15:08.767",
"lastModified": "2024-01-08T07:15:08.767",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-03xx/CVE-2024-0302.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0302",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T07:15:10.597",
"lastModified": "2024-01-08T07:15:10.597",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-03xx/CVE-2024-0303.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0303",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T08:15:36.400",
"lastModified": "2024-01-08T08:15:36.400",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Affected is an unknown function of the file /app/api/controller/caiji.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249870 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Youke365 hasta 1.5.3 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /app/api/controller/caiji.php del componente Parameter Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento URL conduce a server-side request forgery. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-249870 es el identificador asignado a esta vulnerabilidad. "
}
],
"metrics": {

8
CVE-2024/CVE-2024-03xx/CVE-2024-0304.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0304",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T08:15:36.737",
"lastModified": "2024-01-08T08:15:36.737",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249871."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Youke365 hasta 1.5.3 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /app/api/controller/collect.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento URL conduce a server-side request forgery. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249871."
}
],
"metrics": {

8
CVE-2024/CVE-2024-03xx/CVE-2024-0305.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0305",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T09:15:21.240",
"lastModified": "2024-01-08T09:15:21.240",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249872."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Guangzhou Yingke Electronic Technology Ncast hasta 2017 y se clasific\u00f3 como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /manage/IPSetup.php del componente Guest Login es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249872."
}
],
"metrics": {

8
CVE-2024/CVE-2024-03xx/CVE-2024-0306.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0306",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T09:15:21.497",
"lastModified": "2024-01-08T09:15:21.497",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin_login_process.php. The manipulation of the argument admin_password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249873 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Kashipara Dynamic Lab Management System hasta la versi\u00f3n 1.0. Ha sido clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo /admin/admin_login_process.php. La manipulaci\u00f3n del argumento admin_password conduce a la inyecci\u00f3n de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249873."
}
],
"metrics": {

8
CVE-2024/CVE-2024-03xx/CVE-2024-0307.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0307",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T10:15:11.343",
"lastModified": "2024-01-08T10:15:11.343",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login_process.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249874 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Kashipara Dynamic Lab Management System hasta la versi\u00f3n 1.0. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo login_process.php. La manipulaci\u00f3n del argumento password conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-249874 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-03xx/CVE-2024-0308.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0308",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T10:15:11.560",
"lastModified": "2024-01-08T10:15:11.560",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Inis up to 2.0.1. It has been rated as critical. This issue affects some unknown processing of the file app/api/controller/default/Proxy.php. The manipulation of the argument p_url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249875."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Inis hasta 2.0.1. Ha sido calificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo app/api/controller/default/Proxy.php. La manipulaci\u00f3n del argumento p_url conduce a server-side request forgery. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249875."
}
],
"metrics": {

8
CVE-2024/CVE-2024-216xx/CVE-2024-21642.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21642",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-05T22:15:43.190",
"lastModified": "2024-01-05T22:15:43.190",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery (SSRF), allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the `Load From the Web` input is turned off by default. The only workaround for versions earlier than 3.9.0 is to only host D-Tale to trusted users."
},
{
"lang": "es",
"value": "D-Tale es un visualizador de estructuras de datos de Pandas. Los usuarios que alojan p\u00fablicamente versiones de D-Tale anteriores a la 3.9.0 pueden ser vulnerables a server-side request forgery (SSRF), lo que permite a los atacantes acceder a los archivos del servidor. Los usuarios deben actualizar a la versi\u00f3n 3.9.0, donde la entrada \"Cargar desde la Web\" est\u00e1 desactivada de forma predeterminada. La \u00fanico workaround para versiones anteriores a la 3.9.0 es alojar D-Tale \u00fanicamente para usuarios confiables."
}
],
"metrics": {

4
CVE-2024/CVE-2024-222xx/CVE-2024-22216.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22216",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-08T07:15:11.547",
"lastModified": "2024-01-08T07:15:11.547",
"vulnStatus": "Received",
"lastModified": "2024-01-08T12:02:30.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

48
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-08T11:00:28.546989+00:00
2024-01-08T13:00:40.270293+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-08T10:15:11.560000+00:00
2024-01-08T12:57:18.850000+00:00
```
### Last Data Feed Release
@ -29,31 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
235035
235036
```
### CVEs added in the last Commit
Recently added CVEs: `11`
Recently added CVEs: `1`
* [CVE-2023-29048](CVE-2023/CVE-2023-290xx/CVE-2023-29048.json) (`2024-01-08T09:15:19.893`)
* [CVE-2023-29049](CVE-2023/CVE-2023-290xx/CVE-2023-29049.json) (`2024-01-08T09:15:20.120`)
* [CVE-2023-29050](CVE-2023/CVE-2023-290xx/CVE-2023-29050.json) (`2024-01-08T09:15:20.300`)
* [CVE-2023-29051](CVE-2023/CVE-2023-290xx/CVE-2023-29051.json) (`2024-01-08T09:15:20.480`)
* [CVE-2023-29052](CVE-2023/CVE-2023-290xx/CVE-2023-29052.json) (`2024-01-08T09:15:20.680`)
* [CVE-2023-41710](CVE-2023/CVE-2023-417xx/CVE-2023-41710.json) (`2024-01-08T09:15:20.883`)
* [CVE-2023-5091](CVE-2023/CVE-2023-50xx/CVE-2023-5091.json) (`2024-01-08T10:15:11.233`)
* [CVE-2024-0305](CVE-2024/CVE-2024-03xx/CVE-2024-0305.json) (`2024-01-08T09:15:21.240`)
* [CVE-2024-0306](CVE-2024/CVE-2024-03xx/CVE-2024-0306.json) (`2024-01-08T09:15:21.497`)
* [CVE-2024-0307](CVE-2024/CVE-2024-03xx/CVE-2024-0307.json) (`2024-01-08T10:15:11.343`)
* [CVE-2024-0308](CVE-2024/CVE-2024-03xx/CVE-2024-0308.json) (`2024-01-08T10:15:11.560`)
* [CVE-2023-6921](CVE-2023/CVE-2023-69xx/CVE-2023-6921.json) (`2024-01-08T12:15:46.513`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `81`
* [CVE-2023-5824](CVE-2023/CVE-2023-58xx/CVE-2023-5824.json) (`2024-01-08T09:15:21.070`)
* [CVE-2024-0284](CVE-2024/CVE-2024-02xx/CVE-2024-0284.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0286](CVE-2024/CVE-2024-02xx/CVE-2024-0286.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0287](CVE-2024/CVE-2024-02xx/CVE-2024-0287.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0288](CVE-2024/CVE-2024-02xx/CVE-2024-0288.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0289](CVE-2024/CVE-2024-02xx/CVE-2024-0289.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0290](CVE-2024/CVE-2024-02xx/CVE-2024-0290.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0291](CVE-2024/CVE-2024-02xx/CVE-2024-0291.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0292](CVE-2024/CVE-2024-02xx/CVE-2024-0292.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0293](CVE-2024/CVE-2024-02xx/CVE-2024-0293.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0294](CVE-2024/CVE-2024-02xx/CVE-2024-0294.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0295](CVE-2024/CVE-2024-02xx/CVE-2024-0295.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0296](CVE-2024/CVE-2024-02xx/CVE-2024-0296.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0297](CVE-2024/CVE-2024-02xx/CVE-2024-0297.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0298](CVE-2024/CVE-2024-02xx/CVE-2024-0298.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0299](CVE-2024/CVE-2024-02xx/CVE-2024-0299.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0300](CVE-2024/CVE-2024-03xx/CVE-2024-0300.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0301](CVE-2024/CVE-2024-03xx/CVE-2024-0301.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0302](CVE-2024/CVE-2024-03xx/CVE-2024-0302.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-22216](CVE-2024/CVE-2024-222xx/CVE-2024-22216.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0303](CVE-2024/CVE-2024-03xx/CVE-2024-0303.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0304](CVE-2024/CVE-2024-03xx/CVE-2024-0304.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0305](CVE-2024/CVE-2024-03xx/CVE-2024-0305.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0306](CVE-2024/CVE-2024-03xx/CVE-2024-0306.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0307](CVE-2024/CVE-2024-03xx/CVE-2024-0307.json) (`2024-01-08T12:02:30.513`)
* [CVE-2024-0308](CVE-2024/CVE-2024-03xx/CVE-2024-0308.json) (`2024-01-08T12:02:30.513`)
## Download and Usage