diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10128.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10128.json new file mode 100644 index 00000000000..f886615c197 --- /dev/null +++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10128.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2015-10128", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-02T14:15:07.810", + "lastModified": "2024-01-02T14:15:07.810", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function royal_prettyphoto_plugin_links of the file rt-prettyphoto.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3 is able to address this issue. The patch is identified as 0d3d38cfa487481b66869e4212df1cefc281ecb7. It is recommended to upgrade the affected component. VDB-249422 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wp-plugins/rt-prettyphoto/commit/0d3d38cfa487481b66869e4212df1cefc281ecb7", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249422", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249422", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26157.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26157.json index 0b21381ec16..0503f8cde35 100644 --- a/CVE-2023/CVE-2023-261xx/CVE-2023-26157.json +++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26157.json @@ -2,12 +2,16 @@ "id": "CVE-2023-26157", "sourceIdentifier": "report@snyk.io", "published": "2024-01-02T05:15:08.160", - "lastModified": "2024-01-02T05:15:08.160", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c." + }, + { + "lang": "es", + "value": "Las versiones del paquete libredwg anteriores a 0.12.5.6384 son vulnerables a la Denegaci\u00f3n de Servicio (DoS) debido a una lectura fuera de los l\u00edmites que involucra section->num_pages en decode_r2007.c." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26159.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26159.json index 6bd8c1aa636..17cc9b8cab5 100644 --- a/CVE-2023/CVE-2023-261xx/CVE-2023-26159.json +++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26159.json @@ -2,12 +2,16 @@ "id": "CVE-2023-26159", "sourceIdentifier": "report@snyk.io", "published": "2024-01-02T05:15:08.630", - "lastModified": "2024-01-02T05:15:08.630", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches." + }, + { + "lang": "es", + "value": "Las versiones del paquete follow-redirects anteriores a la 1.15.4 son vulnerables a una validaci\u00f3n de entrada incorrecta debido al manejo inadecuado de las URL por parte de la funci\u00f3n url.parse(). Cuando la nueva URL() arroja un error, se puede manipular para malinterpretar el nombre de host. Un atacante podr\u00eda aprovechar esta debilidad para redirigir el tr\u00e1fico a un sitio malicioso, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n, ataques de phishing u otras violaciones de seguridad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28583.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28583.json index cd8a337d0e9..e7a98a2fa9e 100644 --- a/CVE-2023/CVE-2023-285xx/CVE-2023-28583.json +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28583.json @@ -2,12 +2,16 @@ "id": "CVE-2023-28583", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:08.490", - "lastModified": "2024-01-02T06:15:08.490", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria cuando expira la vida \u00fatil del objeto del temporizador de prefijo IPv6, que se crea mientras el daemon Netmgr obtiene una direcci\u00f3n IPv6." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32831.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32831.json index d9a0755f38f..c3abb82bf9e 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32831.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32831.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32831", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:07.720", - "lastModified": "2024-01-02T03:15:07.720", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868." + }, + { + "lang": "es", + "value": "En el controlador WLAN, existe una posible vulneraci\u00f3n del PIN debido al uso de valores insuficientemente aleatorios. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: WCNCR00325055; ID del problema: MSV-868." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32872.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32872.json index f62de323297..990d65ec864 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32872.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32872.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32872", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:07.790", - "lastModified": "2024-01-02T03:15:07.790", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08308607." + }, + { + "lang": "es", + "value": "En keyInstall, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308607; ID del problema: ALPS08308607." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32874.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32874.json index 6d02f8f64a5..f5dc631edad 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32874.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32874.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32874", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:07.833", - "lastModified": "2024-01-02T03:15:07.833", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161803; Issue ID: MOLY01161803 (MSV-893)." + }, + { + "lang": "es", + "value": "En Modem IMS Stack, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01161803; ID del problema: MOLY01161803 (MSV-893)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32875.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32875.json index 6bfe6454924..2293373fabf 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32875.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32875.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32875", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:07.883", - "lastModified": "2024-01-02T03:15:07.883", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08304217." + }, + { + "lang": "es", + "value": "En keyInstall, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308607; ID del problema: ALPS08304217." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32876.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32876.json index df4596af30f..3e7cecfd1a0 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32876.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32876.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32876", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:07.937", - "lastModified": "2024-01-02T03:15:07.937", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308612; Issue ID: ALPS08308612." + }, + { + "lang": "es", + "value": "En keyInstall, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308612; ID del problema: ALPS08308612." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32877.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32877.json index 32d7b676717..5ab24908597 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32877.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32877.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32877", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:07.980", - "lastModified": "2024-01-02T03:15:07.980", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308070." + }, + { + "lang": "es", + "value": "En la bater\u00eda, existe una posible escritura fuera de l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308070; ID del problema: ALPS08308070." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32878.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32878.json index 1fd3b26208c..44eb54e9e90 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32878.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32878.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32878", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.027", - "lastModified": "2024-01-02T03:15:08.027", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992." + }, + { + "lang": "es", + "value": "En la bater\u00eda, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308070; ID del problema: ALPS08307992." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32879.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32879.json index 7bdb8ef7b53..7c6a5272b86 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32879.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32879.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32879", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.077", - "lastModified": "2024-01-02T03:15:08.077", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308064." + }, + { + "lang": "es", + "value": "En la bater\u00eda, existe una posible escritura fuera de l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308070; ID del problema: ALPS08308064." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32880.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32880.json index a0673b1f115..1b7cb7ecba3 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32880.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32880.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32880", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.123", - "lastModified": "2024-01-02T03:15:08.123", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308076." + }, + { + "lang": "es", + "value": "En la bater\u00eda, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308070; ID del problema: ALPS08308076." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32881.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32881.json index 89e5ce3f3cc..fcb1726a6e3 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32881.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32881.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32881", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.173", - "lastModified": "2024-01-02T03:15:08.173", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In battery, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308080." + }, + { + "lang": "es", + "value": "En bater\u00eda existe una posible divulgaci\u00f3n de informaci\u00f3n debido a un desbordamiento de enteros. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308070; ID del problema: ALPS08308080." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32882.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32882.json index 0b2d9018960..8b468844927 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32882.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32882.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32882", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.220", - "lastModified": "2024-01-02T03:15:08.220", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In battery, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308616." + }, + { + "lang": "es", + "value": "En la bater\u00eda, existe una posible corrupci\u00f3n de la memoria debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308070; ID del problema: ALPS08308616." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32883.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32883.json index 6c205df2651..079d8e56335 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32883.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32883.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32883", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.260", - "lastModified": "2024-01-02T03:15:08.260", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249." + }, + { + "lang": "es", + "value": "En Engineer Mode, existe una posible escritura fuera de l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08282249; ID del problema: ALPS08282249." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32884.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32884.json index 00135148171..71a058a472a 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32884.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32884.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32884", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.303", - "lastModified": "2024-01-02T03:15:08.303", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011." + }, + { + "lang": "es", + "value": "En netdagent, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una verificaci\u00f3n de l\u00edmites incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07944011; ID del problema: ALPS07944011." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32885.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32885.json index 182984801d3..87c9b25578c 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32885.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32885.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32885", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.353", - "lastModified": "2024-01-02T03:15:08.353", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In display drm, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780685; Issue ID: ALPS07780685." + }, + { + "lang": "es", + "value": "En display drm, existe una posible corrupci\u00f3n de la memoria debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07780685; ID del problema: ALPS07780685." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32886.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32886.json index ca83aa1386d..9f699988625 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32886.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32886.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32886", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.400", - "lastModified": "2024-01-02T03:15:08.400", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807." + }, + { + "lang": "es", + "value": "En el m\u00f3dem IMS SMS UA, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY00730807; ID del problema: MOLY00730807." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32887.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32887.json index 35449390600..897d3f4e3e0 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32887.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32887.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32887", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.450", - "lastModified": "2024-01-02T03:15:08.450", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837 (MSV-892)." + }, + { + "lang": "es", + "value": "En Modem IMS Stack, existe un posible fallo del sistema debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01161837; ID del problema: MOLY01161837 (MSV-892)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32888.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32888.json index ac906c8db14..a25191874da 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32888.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32888.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32888", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.493", - "lastModified": "2024-01-02T03:15:08.493", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161830; Issue ID: MOLY01161830 (MSV-894)." + }, + { + "lang": "es", + "value": "En Modem IMS Call UA, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01161830; ID del problema: MOLY01161830 (MSV-894)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32889.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32889.json index 05746460fe3..ef3388e90bd 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32889.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32889.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32889", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.540", - "lastModified": "2024-01-02T03:15:08.540", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161825; Issue ID: MOLY01161825 (MSV-895)." + }, + { + "lang": "es", + "value": "En Modem IMS Call UA, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01161825; ID del problema: MOLY01161825 (MSV-895)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32890.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32890.json index feb5354521a..d0cc85f9747 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32890.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32890.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32890", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.587", - "lastModified": "2024-01-02T03:15:08.587", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01183647; Issue ID: MOLY01183647 (MSV-963)." + }, + { + "lang": "es", + "value": "En el modem EMM, existe un posible fallo del sistema debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01183647; ID del problema: MOLY01183647 (MSV-963)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32891.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32891.json index a38a59febe2..548e917c93a 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32891.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32891.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32891", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.633", - "lastModified": "2024-01-02T03:15:08.633", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07933038; Issue ID: MSV-559." + }, + { + "lang": "es", + "value": "En el servicio Bluetooth, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07933038; ID del problema: MSV-559." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33014.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33014.json index d9d88001d61..1d4e6c7af25 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33014.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33014.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33014", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:08.763", - "lastModified": "2024-01-02T06:15:08.763", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Information disclosure in Core services while processing a Diag command." + }, + { + "lang": "es", + "value": "Divulgaci\u00f3n de informaci\u00f3n en servicios principales mientras se procesa un comando Diag." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33025.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33025.json index 68103430302..7f292de92f8 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33025.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33025.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33025", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:08.967", - "lastModified": "2024-01-02T06:15:08.967", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en el m\u00f3dem de datos cuando un cuerpo SDP no est\u00e1ndar, durante una llamada VOLTE." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33030.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33030.json index 59db8976b11..4add169cc04 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33030.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33030.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33030", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:09.157", - "lastModified": "2024-01-02T06:15:09.157", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in HLOS while running playready use-case." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en HLOS mientras se ejecuta el caso de uso de PlayReady." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33032.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33032.json index 7b748a0ccfa..9fb23de8889 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33032.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33032.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33032", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:09.357", - "lastModified": "2024-01-02T06:15:09.357", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in TZ Secure OS while requesting a memory allocation from TA region." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en TZ Secure OS al solicitar una asignaci\u00f3n de memoria de la regi\u00f3n TA." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33033.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33033.json index 9311e2d2b55..da95950559a 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33033.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33033.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33033", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:09.547", - "lastModified": "2024-01-02T06:15:09.547", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in Audio during playback with speaker protection." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en audio durante la reproducci\u00f3n con protecci\u00f3n de altavoz." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33036.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33036.json index a43d8d5886e..3ffd5fa03bf 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33036.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33036.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33036", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:09.750", - "lastModified": "2024-01-02T06:15:09.750", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call." + }, + { + "lang": "es", + "value": "DOS permanente en Hypervisor mientras una m\u00e1quina virtual que no es de confianza y sin soporte PSCI realiza una llamada de PSCI." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33037.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33037.json index 02abe1a7764..f57263055de 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33037.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33037.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33037", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:10.020", - "lastModified": "2024-01-02T06:15:10.020", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data." + }, + { + "lang": "es", + "value": "Problema criptogr\u00e1fico en Automotive al desenvolver la clave secs2d y verificar con datos de RPMB." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33038.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33038.json index 8fa9a863e01..9b6d454b6c1 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33038.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33038.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33038", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:10.240", - "lastModified": "2024-01-02T06:15:10.240", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption while receiving a message in Bus Socket Transport Server." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria al recibir un mensaje en Bus Socket Transport Server." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33040.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33040.json index 158c49061e9..08b9c3f8e89 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33040.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33040.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33040", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:10.430", - "lastModified": "2024-01-02T06:15:10.430", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Transient DOS in Data Modem during DTLS handshake." + }, + { + "lang": "es", + "value": "DOS transitorio en el m\u00f3dem de datos durante el protocolo de enlace DTLS." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33062.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33062.json index 4290d4af17f..2adcabb2dc4 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33062.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33062.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33062", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:10.627", - "lastModified": "2024-01-02T06:15:10.627", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Transient DOS in WLAN Firmware while parsing a BTM request." + }, + { + "lang": "es", + "value": "DOS transitorio en el firmware WLAN mientras se analiza una solicitud BTM." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33085.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33085.json index a31fa6a910b..b230c2c01fb 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33085.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33085.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33085", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:10.813", - "lastModified": "2024-01-02T06:15:10.813", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in wearables while processing data from AON." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en dispositivos port\u00e1tiles al procesar datos de AON." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33094.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33094.json index 736d08ab9c6..249aa23bc01 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33094.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33094.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33094", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:11.007", - "lastModified": "2024-01-02T06:15:11.007", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption while running VK synchronization with KASAN enabled." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria al ejecutar la sincronizaci\u00f3n VK con KASAN habilitado." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33108.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33108.json index 3681f75d7d1..163868563de 100644 --- a/CVE-2023/CVE-2023-331xx/CVE-2023-33108.json +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33108.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33108", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:11.193", - "lastModified": "2024-01-02T06:15:11.193", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en el controlador de gr\u00e1ficos al destruir un contexto con objetos KGSL_GPU_AUX_COMMAND_TIMELINE en cola." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33109.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33109.json index cf193b859a2..1456cb80d24 100644 --- a/CVE-2023/CVE-2023-331xx/CVE-2023-33109.json +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33109.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33109", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:11.377", - "lastModified": "2024-01-02T06:15:11.377", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host." + }, + { + "lang": "es", + "value": "DOS transitorio mientras se procesa un comando de inicio de escucha WMI P2P (0xD00A) enviado desde el host." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33110.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33110.json index 646842d7764..bc97e151309 100644 --- a/CVE-2023/CVE-2023-331xx/CVE-2023-33110.json +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33110.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33110", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:11.570", - "lastModified": "2024-01-02T06:15:11.570", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption." + }, + { + "lang": "es", + "value": "La variable de \u00edndice de sesi\u00f3n en el controlador de audio de voz del host PCM que se inicializa antes de abrir el PCM, a la que se accede durante la devoluci\u00f3n de llamada de evento desde ADSP y se restablece durante el cierre de PCM puede provocar una condici\u00f3n de ejecuci\u00f3n entre la devoluci\u00f3n de llamada de evento, el cierre de PCM y el reinicio del \u00edndice de sesi\u00f3n, lo que provoca da\u00f1os en la memoria." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33112.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33112.json index b3ebe0d9cfa..4830ff42098 100644 --- a/CVE-2023/CVE-2023-331xx/CVE-2023-33112.json +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33112.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33112", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:11.763", - "lastModified": "2024-01-02T06:15:11.763", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:24.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Transient DOS when WLAN firmware receives \"reassoc response\" frame including RIC_DATA element." + }, + { + "lang": "es", + "value": "DOS transitorio cuando el firmware WLAN recibe una trama de \"reassoc response\" que incluye el elemento RIC_DATA." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33113.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33113.json index efc1faaf076..afa3fa5e5ba 100644 --- a/CVE-2023/CVE-2023-331xx/CVE-2023-33113.json +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33113.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33113", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:12.000", - "lastModified": "2024-01-02T06:15:12.000", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption when resource manager sends the host kernel a reply message with multiple fragments." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria cuando el administrador de recursos env\u00eda al kernel del host un mensaje de respuesta con m\u00faltiples fragmentos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33114.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33114.json index f20e89e6e20..2de695dc8a4 100644 --- a/CVE-2023/CVE-2023-331xx/CVE-2023-33114.json +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33114.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33114", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:12.197", - "lastModified": "2024-01-02T06:15:12.197", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria al ejecutar NPU, cuando los comandos NETWORK_UNLOAD y (NETWORK_UNLOAD o NETWORK_EXECUTE_V2) se env\u00edan al mismo tiempo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33116.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33116.json index 80c74cd832f..2701b9fefb8 100644 --- a/CVE-2023/CVE-2023-331xx/CVE-2023-33116.json +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33116.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33116", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:12.377", - "lastModified": "2024-01-02T06:15:12.377", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver." + }, + { + "lang": "es", + "value": "DOS transitorio mientras se analiza ieee80211_parse_mscs_ie en el controlador WIN WLAN." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33117.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33117.json index cdb46d28f3f..99f690f671e 100644 --- a/CVE-2023/CVE-2023-331xx/CVE-2023-33117.json +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33117.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33117", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:12.580", - "lastModified": "2024-01-02T06:15:12.580", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria cuando HLOS asigna el b\u00fafer de payload de respuesta para copiar los datos recibidos de ADSP en respuesta al comando AVCS_LOAD_MODULE." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33118.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33118.json index c38e7a938c3..922afb43530 100644 --- a/CVE-2023/CVE-2023-331xx/CVE-2023-33118.json +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33118.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33118", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:12.780", - "lastModified": "2024-01-02T06:15:12.780", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria durante el procesamiento de b\u00fafer de paylaod del cliente Listen Sound Model cuando hay una solicitud para que la sesi\u00f3n Listen Sound obtenga el par\u00e1metro de ST HAL." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33120.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33120.json index 95bf3446c70..31a21642acd 100644 --- a/CVE-2023/CVE-2023-331xx/CVE-2023-33120.json +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33120.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33120", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:12.957", - "lastModified": "2024-01-02T06:15:12.957", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in Audio when memory map command is executed consecutively in ADSP." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en audio cuando el comando de mapa de memoria se ejecuta consecutivamente en ADSP." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-435xx/CVE-2023-43511.json b/CVE-2023/CVE-2023-435xx/CVE-2023-43511.json index e61cb710f1c..c6cba774c6a 100644 --- a/CVE-2023/CVE-2023-435xx/CVE-2023-43511.json +++ b/CVE-2023/CVE-2023-435xx/CVE-2023-43511.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43511", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:13.150", - "lastModified": "2024-01-02T06:15:13.150", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header." + }, + { + "lang": "es", + "value": "DOS transitorio mientras se analiza el encabezado de extensi\u00f3n IPv6 cuando el firmware WLAN recibe un paquete IPv6 que contiene \"IPPROTO_NONE\" como el siguiente encabezado." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-435xx/CVE-2023-43512.json b/CVE-2023/CVE-2023-435xx/CVE-2023-43512.json index 5b6f610390c..8164d383b4c 100644 --- a/CVE-2023/CVE-2023-435xx/CVE-2023-43512.json +++ b/CVE-2023/CVE-2023-435xx/CVE-2023-43512.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43512", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:13.390", - "lastModified": "2024-01-02T06:15:13.390", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer." + }, + { + "lang": "es", + "value": "DOS transitorio mientras analiza los datos del servicio GATT cuando la cantidad total de memoria requerida por los m\u00faltiples servicios es mayor que el tama\u00f1o real del b\u00fafer de servicios." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-435xx/CVE-2023-43514.json b/CVE-2023/CVE-2023-435xx/CVE-2023-43514.json index db35e85998b..af7dacdcd20 100644 --- a/CVE-2023/CVE-2023-435xx/CVE-2023-43514.json +++ b/CVE-2023/CVE-2023-435xx/CVE-2023-43514.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43514", "sourceIdentifier": "product-security@qualcomm.com", "published": "2024-01-02T06:15:13.557", - "lastModified": "2024-01-02T06:15:13.557", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria al invocar llamadas IOCTL desde el espacio de usuario para la memoria interna MAP y la memoria interna UNMAP." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45115.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45115.json index b5e339ce3ca..42b4910dedd 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45115.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45115.json @@ -2,12 +2,12 @@ "id": "CVE-2023-45115", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T16:15:07.517", - "lastModified": "2023-12-27T21:36:32.453", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T14:15:08.167", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'ch' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'ch' parameter of the\u00a0/update.php?q=addqns\u00a0resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45116.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45116.json index 58d3c1ea5a3..668f05e2882 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45116.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45116.json @@ -2,12 +2,12 @@ "id": "CVE-2023-45116", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T16:15:08.040", - "lastModified": "2023-12-27T21:36:11.097", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T14:15:08.360", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'demail' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'demail' parameter of the /update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45117.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45117.json index 789a02e2b75..51cbf80b168 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45117.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45117.json @@ -2,12 +2,12 @@ "id": "CVE-2023-45117", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T16:15:08.380", - "lastModified": "2023-12-27T21:36:01.277", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T14:15:08.460", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'eid' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'eid' parameter of the /update.php?q=rmquiz resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45118.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45118.json index 05d77dd3691..08cdd894f87 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45118.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45118.json @@ -2,12 +2,12 @@ "id": "CVE-2023-45118", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T16:15:08.750", - "lastModified": "2023-12-27T21:38:08.260", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T14:15:08.563", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'fdid' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'fdid' parameter of the /update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45119.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45119.json index 70e800f5e16..901e596bd5f 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45119.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45119.json @@ -2,12 +2,12 @@ "id": "CVE-2023-45119", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T16:15:09.197", - "lastModified": "2023-12-27T21:37:56.367", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T14:15:08.657", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'n' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'n' parameter of the /update.php?q=quiz resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45120.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45120.json index b7419743e43..b6225745ab4 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45120.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45120.json @@ -2,12 +2,12 @@ "id": "CVE-2023-45120", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T17:15:08.153", - "lastModified": "2023-12-29T03:18:26.660", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T14:15:08.753", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'qid' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'qid' parameter of the /update.php?q=quiz&step=2 resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45121.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45121.json index b79fdb0a62c..b48ddb68c2b 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45121.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45121.json @@ -2,12 +2,12 @@ "id": "CVE-2023-45121", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-12-21T17:15:08.440", - "lastModified": "2023-12-29T03:18:17.760", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T14:15:08.847", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'desc' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'desc' parameter of the /update.php?q=addquiz resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45887.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45887.json index 82852266498..fcdf884ea0c 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45887.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45887.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45887", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-20T00:15:08.613", - "lastModified": "2023-12-20T13:50:26.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T14:32:56.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,78 @@ "value": "DS Wireless Communication (DWC) con DWC_VERSION_3 y DWC_VERSION_11 permite a atacantes remotos ejecutar c\u00f3digo arbitrario en la m\u00e1quina de un cliente de juego a trav\u00e9s de un mensaje GPCM modificado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nintendo:ds_wireless_communication:3:*:*:*:*:*:*:*", + "matchCriteriaId": "62897078-BF0D-44B9-85FD-AC267DFB47ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nintendo:ds_wireless_communication:11:*:*:*:*:*:*:*", + "matchCriteriaId": "026B152C-9DAC-48B3-B5C6-374761A2949D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/MikeIsAStar/DS-Wireless-Communication-Remote-Code-Execution", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://pastebin.com/ukRzztv0", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47039.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47039.json index 06677138aa9..7ea35606e6d 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47039.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47039.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47039", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-02T06:15:13.737", - "lastModified": "2024-01-02T06:15:13.737", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Perl. Este problema de seguridad ocurre mientras Perl para Windows depende de la variable de entorno de ruta del sistema para encontrar el shell (`cmd.exe`). Cuando se ejecuta un ejecutable que utiliza el int\u00e9rprete de Windows Perl, Perl intenta buscar y ejecutar `cmd.exe` dentro del sistema operativo. Sin embargo, debido a problemas con el orden de b\u00fasqueda de rutas, Perl inicialmente busca cmd.exe en el directorio de trabajo actual. Esta falla permite que un atacante con privilegios limitados coloque `cmd.exe` en ubicaciones con permisos d\u00e9biles, como `C:\\ProgramData`. Al hacerlo, se puede ejecutar c\u00f3digo arbitrario cuando un administrador intenta utilizar este ejecutable desde estas ubicaciones comprometidas." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47216.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47216.json index 0de65c47c46..00e953665b4 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47216.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47216.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47216", "sourceIdentifier": "scy@openharmony.io", "published": "2024-01-02T08:15:09.077", - "lastModified": "2024-01-02T08:15:09.077", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nin OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources\n\n" + }, + { + "lang": "es", + "value": "En OpenHarmony v3.2.2 y versiones anteriores permiten que un atacante local haga que DOS ocupe todos los recursos" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47857.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47857.json index 3bf8e569831..81355469e19 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47857.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47857.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47857", "sourceIdentifier": "scy@openharmony.io", "published": "2024-01-02T08:15:09.480", - "lastModified": "2024-01-02T08:15:09.480", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nin OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer." + }, + { + "lang": "es", + "value": "En OpenHarmony v3.2.2 y versiones anteriores permiten que un atacante local provoque el bloqueo de la c\u00e1mara multimedia modificando un puntero liberado." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47858.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47858.json index c5f37c371e0..e9efa26d8ce 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47858.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47858.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47858", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-01-02T10:15:08.117", - "lastModified": "2024-01-02T10:15:08.117", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Mattermost fails to properly verify the permissions needed for viewing archived public channels,\u00a0\u00a0allowing a member of one team to get details about the archived public channels of another team via the\u00a0GET /api/v4/teams//channels/deleted endpoint.\n\n" + }, + { + "lang": "es", + "value": "Mattermost no verifica adecuadamente los permisos necesarios para ver los canales p\u00fablicos archivados, lo que permite que un miembro de un equipo obtenga detalles sobre los canales p\u00fablicos archivados de otro equipo a trav\u00e9s de GET /api/v4/teams//channels/deleted endpoint." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48360.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48360.json index 39cc574b596..054775edd15 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48360.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48360.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48360", "sourceIdentifier": "scy@openharmony.io", "published": "2024-01-02T08:15:09.707", - "lastModified": "2024-01-02T08:15:09.707", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nin OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer." + }, + { + "lang": "es", + "value": "En OpenHarmony v3.2.2 y versiones anteriores permiten que un atacante local provoque la ca\u00edda del reproductor multimedia modificando un puntero liberado." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48732.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48732.json index 1cd932f3f3a..3c70498de7d 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48732.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48732.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48732", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-01-02T10:15:08.487", - "lastModified": "2024-01-02T10:15:08.487", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Mattermost fails to scope the WebSocket response around notified users\u00a0to a each user separately resulting in the\u00a0WebSocket broadcasting the information about who was notified about a post to everyone else in the channel.\n\n" + }, + { + "lang": "es", + "value": "Mattermost no logra abarcar la respuesta de WebSocket en torno a los usuarios notificados para cada usuario por separado, lo que hace que WebSocket transmita la informaci\u00f3n sobre qui\u00e9n fue notificado sobre una publicaci\u00f3n a todos los dem\u00e1s en el canal." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49006.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49006.json index 4f31fb1e36f..0338c46f281 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49006.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49006.json @@ -2,27 +2,94 @@ "id": "CVE-2023-49006", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-19T10:15:07.883", - "lastModified": "2023-12-19T13:42:12.823", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T13:54:04.177", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Request Forgery (CSRF) en Phpsysinfo versi\u00f3n 3.4.3 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de una p\u00e1gina manipulada en el archivo XML.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpsysinfo:phpsysinfo:3.4.3:*:*:*:*:*:*:*", + "matchCriteriaId": "E23F0F66-F333-46A3-97D0-044CB005C884" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/Hebing123/cve/issues/5", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://github.com/phpsysinfo/phpsysinfo/commit/4f2cee505e4f2e9b369a321063ff2c5e0c34ba45", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/ca6d669f-fd82-4188-aae2-69e08740d982/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49135.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49135.json index e4ea234b2a6..015c764155c 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49135.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49135.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49135", "sourceIdentifier": "scy@openharmony.io", "published": "2024-01-02T08:15:09.927", - "lastModified": "2024-01-02T08:15:09.927", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nin OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer." + }, + { + "lang": "es", + "value": "En OpenHarmony v3.2.2 y versiones anteriores permiten que un atacante local provoque la ca\u00edda del reproductor multimedia modificando un puntero liberado." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49142.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49142.json index 68792971bcf..dc38dfcc591 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49142.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49142.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49142", "sourceIdentifier": "scy@openharmony.io", "published": "2024-01-02T08:15:10.123", - "lastModified": "2024-01-02T08:15:10.123", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nin OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer." + }, + { + "lang": "es", + "value": "En OpenHarmony v3.2.2 y versiones anteriores permiten que un atacante local provoque una falla del audio multimedia al modificar un puntero liberado." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49147.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49147.json index bfc840c6a05..25c5e3a951e 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49147.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49147.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49147", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-19T23:15:07.903", - "lastModified": "2023-12-20T13:50:26.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T14:26:38.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,86 @@ "value": "Se descubri\u00f3 un problema en PDF24 Creator 11.14.0. Se descubri\u00f3 que la configuraci\u00f3n del archivo de instalaci\u00f3n msi produce una ventana cmd.exe visible cuando se utiliza la funci\u00f3n de reparaci\u00f3n de msiexec.exe. Esto permite a un atacante local sin privilegios utilizar una cadena de acciones (por ejemplo, un bloqueo de operaci\u00f3n en faxPrnInst.log) para abrir un cmd.exe de SYSTEM." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf24:pdf24_creator:*:*:*:*:*:*:*:*", + "versionEndExcluding": "11.15.2", + "matchCriteriaId": "56234A76-BCD3-4BE0-8196-345DAFE5AD24" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/176206/PDF24-Creator-11.15.1-Local-Privilege-Escalation.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://seclists.org/fulldisclosure/2023/Dec/18", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-msi-installer-in-pdf24-creator-geek-software-gmbh/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50094.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50094.json index 4e214233a97..1e5a7f17913 100644 --- a/CVE-2023/CVE-2023-500xx/CVE-2023-50094.json +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50094.json @@ -2,12 +2,16 @@ "id": "CVE-2023-50094", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-01T18:15:09.130", - "lastModified": "2024-01-01T18:15:09.130", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:38.167", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "reNgine through 2.0.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output." + }, + { + "lang": "es", + "value": "reNgine hasta 2.0.2 permite la inyecci\u00f3n de comandos del sistema operativo si un adversario tiene una ID de sesi\u00f3n v\u00e1lida. El ataque coloca metacaracteres del shell en una cadena api/tools/waf_detector/?url=. Los comandos se ejecutan como root a trav\u00e9s de subprocess.check_output." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50096.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50096.json index 34ccdc943cd..659230e4828 100644 --- a/CVE-2023/CVE-2023-500xx/CVE-2023-50096.json +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50096.json @@ -2,12 +2,16 @@ "id": "CVE-2023-50096", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-01T18:15:09.197", - "lastModified": "2024-01-01T18:15:09.197", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:38.167", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications (1.2.0), and thus can affect user-written code that was derived from a published sample application." + }, + { + "lang": "es", + "value": "El middleware STMicroelectronics STSAFE-A1xx anterior a 3.3.7 permite la ejecuci\u00f3n de c\u00f3digo MCU si un adversario tiene la capacidad de leer y escribir en el bus I2C. Esto se debe a un desbordamiento de b\u00fafer StSafeA_ReceiveBytes en el paquete de software X-CUBE-SAFEA1 para aplicaciones de muestra STSAFE-A (1.2.0) y, por lo tanto, puede afectar el c\u00f3digo escrito por el usuario que se deriv\u00f3 de una aplicaci\u00f3n de muestra publicada." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50333.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50333.json index 7b90dce2474..4e4123e7f7c 100644 --- a/CVE-2023/CVE-2023-503xx/CVE-2023-50333.json +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50333.json @@ -2,12 +2,16 @@ "id": "CVE-2023-50333", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-01-02T10:15:08.723", - "lastModified": "2024-01-02T10:15:08.723", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing\u00a0freshly demoted guests to change group names.\n\n" + }, + { + "lang": "es", + "value": "Mattermost no actualiza los permisos de la sesi\u00f3n actual para un usuario que acaba de ser degradado a invitado, lo que permite a los invitados reci\u00e9n degradados cambiar los nombres de los grupos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5877.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5877.json index 67f931bf4c2..d17eccdc6c5 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5877.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5877.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5877", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-01T15:15:42.727", - "lastModified": "2024-01-01T15:15:42.727", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:38.167", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue." + }, + { + "lang": "es", + "value": "affiliate-toolkit WordPress plugin anterior a 3.4.3 carece de autorizaci\u00f3n y autenticaci\u00f3n para solicitudes a su endpoint afiliado-toolkit-starter/tools/atkp_imagereceiver.php, lo que permite a visitantes no autenticados realizar solicitudes a URL arbitrarias, incluidas direcciones privadas RFC1918, que conducen a un servidor. Problema de Server Side Request Forgery (SSRF)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6000.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6000.json index 39190227ce1..47d2f3d33c9 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6000.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6000.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6000", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-01T15:15:43.100", - "lastModified": "2024-01-01T15:15:43.100", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:38.167", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks." + }, + { + "lang": "es", + "value": "Popup Builder WordPress plugin anterior a 4.2.3 no impide que los visitantes simples actualicen las ventanas emergentes existentes e inyecten JavaScript sin formato en ellas, lo que podr\u00eda provocar ataques XSS almacenados." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6037.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6037.json index 14a925c74ee..bfecf5aabf5 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6037.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6037.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6037", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-01T15:15:43.147", - "lastModified": "2024-01-01T15:15:43.147", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:38.167", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + }, + { + "lang": "es", + "value": "WP TripAdvisor Review Slider WordPress plugin anterior a 11.9 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6064.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6064.json index f81bbeddbda..ca30ca3c6cd 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6064.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6064.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6064", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-01T15:15:43.197", - "lastModified": "2024-01-01T15:15:43.197", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:38.167", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur." + }, + { + "lang": "es", + "value": "PayHere Payment Gateway WordPress plugin anterior a 2.2.12 crea autom\u00e1ticamente archivos de registro de acceso p\u00fablico que contienen informaci\u00f3n confidencial cuando se producen transacciones." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6113.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6113.json index ae5031b659a..ff1e0a32bfa 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6113.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6113.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6113", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-01T15:15:43.243", - "lastModified": "2024-01-01T15:15:43.243", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:38.167", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later." + }, + { + "lang": "es", + "value": "WP STAGING WordPress Backup Plugin anterior a 3.1.3 y WP STAGING Pro WordPress Backup Plugin anterior a 5.1.3 no impiden que los visitantes filtren informaci\u00f3n clave sobre los procesos de copia de seguridad en curso, lo que permite a atacantes no autenticados descargar dichas copias de seguridad m\u00e1s tarde." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6271.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6271.json index 75665d55d68..6a7e80eadfc 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6271.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6271.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6271", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-01T15:15:43.293", - "lastModified": "2024-01-01T15:15:43.293", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:38.167", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups." + }, + { + "lang": "es", + "value": "Backup Migration WordPress plugin anterior a 1.3.6 almacena informaci\u00f3n de las copias de seguridad en progreso en archivos f\u00e1ciles de encontrar y de acceso p\u00fablico, lo que puede permitir a los atacantes monitorearlos para filtrar informaci\u00f3n confidencial de las copias de seguridad del sitio." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6314.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6314.json index 4eb085599fe..73d651e2aa3 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6314.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6314.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6314", "sourceIdentifier": "product-security@gg.jp.panasonic.com", "published": "2023-12-19T01:15:12.157", - "lastModified": "2023-12-19T13:42:12.823", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T13:31:21.217", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "product-security@gg.jp.panasonic.com", "type": "Secondary", @@ -38,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:panasonic:fpwin_pro:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.7.0.0", + "matchCriteriaId": "3F6A3061-FE7B-4973-965B-632CFFC1FCC8" + } + ] + } + ] + } + ], "references": [ { "url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro", - "source": "product-security@gg.jp.panasonic.com" + "source": "product-security@gg.jp.panasonic.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6315.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6315.json index 536b4896bc8..35febfc83d0 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6315.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6315.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6315", "sourceIdentifier": "product-security@gg.jp.panasonic.com", "published": "2023-12-19T01:15:12.310", - "lastModified": "2023-12-19T13:42:12.823", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T13:43:51.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "product-security@gg.jp.panasonic.com", "type": "Secondary", @@ -38,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:panasonic:fpwin_pro:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.7.0.0", + "matchCriteriaId": "3F6A3061-FE7B-4973-965B-632CFFC1FCC8" + } + ] + } + ] + } + ], "references": [ { "url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro", - "source": "product-security@gg.jp.panasonic.com" + "source": "product-security@gg.jp.panasonic.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6421.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6421.json index 3efc0fc5efe..4ecc2715284 100644 --- a/CVE-2023/CVE-2023-64xx/CVE-2023-6421.json +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6421.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6421", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-01T15:15:43.347", - "lastModified": "2024-01-01T15:15:43.347", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:38.167", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one." + }, + { + "lang": "es", + "value": "Download Manager WordPress plugin anterior a 3.2.83 no protege las contrase\u00f1as de descarga de archivos y las filtra al recibir una no v\u00e1lida." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6436.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6436.json new file mode 100644 index 00000000000..6fcf749974f --- /dev/null +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6436.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6436", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2024-01-02T13:15:08.930", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ekol Informatics Website Template allows SQL Injection.This issue affects Website Template: through 20231215.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Ekol Informatics Website Template permite la inyecci\u00f3n de SQL. Este problema afecta a Website Template: hasta 20231215." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-0001", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6485.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6485.json index 5982953d050..de478c159c1 100644 --- a/CVE-2023/CVE-2023-64xx/CVE-2023-6485.json +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6485.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6485", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-01T15:15:43.393", - "lastModified": "2024-01-01T15:15:43.393", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:38.167", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins" + }, + { + "lang": "es", + "value": "Html5 Video Player WordPress plugin anterior a 2.5.19 no sanitiza ni escapa a algunas de las configuraciones de su reproductor, lo que, combinado con la falta de comprobaciones de capacidad en torno al plugin, podr\u00eda permitir que cualquier usuario autenticado, como suscriptores bajos, realice ataques de Cross-Site Scripting almacenado contra usuarios con altos privilegios como administradores" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6693.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6693.json index a1c244a854f..a62f26727c9 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6693.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6693.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6693", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-02T10:15:08.930", - "lastModified": "2024-01-02T10:15:08.930", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:18.233", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el dispositivo virtio-net de QEMU. Este problema ocurre al vaciar TX en la funci\u00f3n virtio_net_flush_tx si las funciones de invitado VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 y VIRTIO_NET_F_MRG_RXBUF est\u00e1n habilitadas. Esto podr\u00eda permitir que un usuario malintencionado sobrescriba las variables locales asignadas en la pila. Espec\u00edficamente, la variable `out_sg` podr\u00eda usarse para leer una parte de la memoria del proceso y enviarla al cable, provocando una fuga de informaci\u00f3n." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6895.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6895.json index bc9acbcd844..02e3385fad9 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6895.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6895.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6895", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-17T08:15:07.173", - "lastModified": "2023-12-19T09:15:37.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T13:12:21.823", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /php/ping.php. La manipulaci\u00f3n del argumento jsondata[ip] con la entrada netstat -ano conduce a la inyecci\u00f3n del comando os. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-248254 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,200 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:intercom_broadcast_system:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.3", + "versionEndExcluding": "4.1.0", + "matchCriteriaId": "39CE5FB3-D552-4149-A2B8-4D6EA9B02E2A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-bk:-:*:*:*:*:*:*:*", + "matchCriteriaId": "958036E7-556B-4211-91F2-B03FD7B9BD48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-dis:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E42EB382-C853-405D-B3D6-777CA0750270" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C12AC351-A6DB-4F58-899A-FE625DA97219" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-in:-:*:*:*:*:*:*:*", + "matchCriteriaId": "51038A2A-4C52-4029-8ECB-B33018681439" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-info:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F62F9A95-A31C-4047-81D2-0CD30449A71A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-kk:-:*:*:*:*:*:*:*", + "matchCriteriaId": "00241160-697B-4177-97AE-9B98EBF962A8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-kk\\/s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E47560E1-FC85-44C0-8804-5426062ADBB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-kp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "187E6DA2-2909-489A-86B6-AEF22B5E81D3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-kp\\/s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "653905C8-EED2-4EF6-A19C-740D93AD2C59" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd-m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C9CEE9CB-03CD-4220-9B89-1C5C8A9FE1B0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd3003-e6:-:*:*:*:*:*:*:*", + "matchCriteriaId": "42374DAF-62B0-41FF-91D2-E8410BCE6B69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd8003ime1\\(b\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "DF0DE650-B929-4F05-B2D1-CE59ADBF05A4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd8003ime1\\(b\\)\\/flush:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5640AA88-730E-43FB-88D2-F3D65396DE15" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd8003ime1\\(b\\)\\/ns:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DF2F30EE-469B-42E5-9570-6D26C37460A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd8003ime1\\(b\\)\\/s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "96F5783F-87ED-4AAE-801B-27D287991A7B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kd8003ime1\\(b\\)\\/surface:-:*:*:*:*:*:*:*", + "matchCriteriaId": "926B6EE1-7CF4-4A99-9C6F-7DDC26C9A702" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6220-le1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "547F6609-4304-4CB8-A07A-2C3D2E7241E8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6320-le1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E4DAC9C0-6A97-4AA2-9FBE-58E5E1D11666" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6320-tde1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3BC79E9F-0971-46B0-B0AB-062AB4653345" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6320-te1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4BD7D924-84B8-4253-995C-A1E74B3C329C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6320-wtde1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FF4C1CB8-96D8-4E28-B85A-29D05BE4C272" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6320-wte1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97264003-9B83-444C-ADEF-5F0E61C96618" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6350-wte1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9562CB3D-9491-407C-9A59-0F0C48D724BA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6351-te1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FA19A366-0EE7-45D2-A3B2-4EE397FBA95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh6351-wte1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B61ABFF8-5AD3-4367-AA3E-E36DCD93ABE6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh63le1\\(b\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "7B1FDC90-73BA-4691-B942-AE30CA342C9A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh8520-wte1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97280A4A-0EFE-418C-9E94-92239E463163" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh9310-wte1\\(b\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "B3244947-9255-48E0-9491-CD2DFBF21943" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-kh9510-wte1\\(b\\):-:*:*:*:*:*:*:*", + "matchCriteriaId": "62E1B212-E667-4FC0-AF02-116F58D917F2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/willchen0011/cve/blob/main/rce.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.248254", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.248254", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0181.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0181.json index 8ffad16c809..fbed195aa39 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0181.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0181.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0181", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-01T17:15:08.543", - "lastModified": "2024-01-01T17:15:08.543", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:38.167", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin_user.php of the component Admin Panel. The manipulation of the argument Firstname/Lastname/Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249433 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en RRJ Nueva Ecija Engineer Online Portal 1.0. Ha sido declarado problem\u00e1tico. Una funci\u00f3n desconocida del archivo /admin/admin_user.php del componente Admin Panel es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento Firstname/Lastname/Username conduce a cross site scripting. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249433." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0182.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0182.json index a9b77ca940d..cba3d3a95ba 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0182.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0182.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0182", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-01T21:15:24.777", - "lastModified": "2024-01-01T21:15:24.777", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:38.167", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-249440." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en SourceCodester Engineers Online Portal 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/ del componente Admin Login es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento username/password conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. El identificador de esta vulnerabilidad es VDB-249440." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0183.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0183.json index 6a105d5adbb..0cf12f7a3af 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0183.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0183.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0183", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-01T23:15:08.930", - "lastModified": "2024-01-01T23:15:08.930", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:38.167", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/students.php of the component NIA Office. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249441 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en RRJ Nueva Ecija Engineer Online Portal 1.0. Ha sido clasificado como problem\u00e1tico. Una parte desconocida del archivo /admin/students.php del componente NIA Office afecta a una parte desconocida. La manipulaci\u00f3n conduce a cross site scripting b\u00e1sico. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-249441." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0184.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0184.json index ff313509e8a..a0a89e7f28c 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0184.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0184.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0184", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-02T00:15:08.243", - "lastModified": "2024-01-02T00:15:08.243", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:38.167", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/edit_teacher.php of the component Add Enginer. The manipulation of the argument Firstname/Lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249442 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en RRJ Nueva Ecija Engineer Online Portal 1.0. Ha sido declarada problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /admin/edit_teacher.php del componente Add Enginer. La manipulaci\u00f3n del argumento Firstname/Lastname conduce a cross site scripting. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-249442 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0185.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0185.json index e1697b9d0a4..194e60659b4 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0185.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0185.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0185", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-02T01:15:08.020", - "lastModified": "2024-01-02T01:15:08.020", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:38.167", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboard_teacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249443." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en RRJ Nueva Ecija Engineer Online Portal 1.0. Ha sido calificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo dasboard_teacher.php del componente Avatar Handler. La manipulaci\u00f3n conduce a una carga sin restricciones. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-249443." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0186.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0186.json index 9b7bd0ab3a7..e7a98a71ae1 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0186.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0186.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0186", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-02T01:15:08.273", - "lastModified": "2024-01-02T01:15:08.273", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:31.240", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Affected is an unknown function of the file /user/index/findpass?do=4 of the component HTTP POST Request Handler. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249444." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en HuiRan Host Reseller System hasta 2.0.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /user/index/findpass?do=4 del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una recuperaci\u00f3n de contrase\u00f1a d\u00e9bil. Es posible lanzar el ataque de forma remota. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es dif\u00edcil. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-249444." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-217xx/CVE-2024-21732.json b/CVE-2024/CVE-2024-217xx/CVE-2024-21732.json index bfa4b73d838..c42786a08e2 100644 --- a/CVE-2024/CVE-2024-217xx/CVE-2024-21732.json +++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21732.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21732", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-01T08:15:36.087", - "lastModified": "2024-01-01T08:15:36.087", - "vulnStatus": "Received", + "lastModified": "2024-01-02T13:47:38.167", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "FlyCms through abbaa5a allows XSS via the permission management feature." + }, + { + "lang": "es", + "value": "FlyCms a trav\u00e9s de abbaa5a permite XSS a trav\u00e9s de la funci\u00f3n de permission management." } ], "metrics": {}, diff --git a/README.md b/README.md index fc9a2d96a56..270c6316359 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-02T11:00:24.987551+00:00 +2024-01-02T15:00:25.590479+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-02T10:15:09.250000+00:00 +2024-01-02T14:32:56.787000+00:00 ``` ### Last Data Feed Release @@ -29,27 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234684 +234686 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `2` -* [CVE-2023-47858](CVE-2023/CVE-2023-478xx/CVE-2023-47858.json) (`2024-01-02T10:15:08.117`) -* [CVE-2023-48732](CVE-2023/CVE-2023-487xx/CVE-2023-48732.json) (`2024-01-02T10:15:08.487`) -* [CVE-2023-50333](CVE-2023/CVE-2023-503xx/CVE-2023-50333.json) (`2024-01-02T10:15:08.723`) -* [CVE-2023-6693](CVE-2023/CVE-2023-66xx/CVE-2023-6693.json) (`2024-01-02T10:15:08.930`) +* [CVE-2015-10128](CVE-2015/CVE-2015-101xx/CVE-2015-10128.json) (`2024-01-02T14:15:07.810`) +* [CVE-2023-6436](CVE-2023/CVE-2023-64xx/CVE-2023-6436.json) (`2024-01-02T13:15:08.930`) ### CVEs modified in the last Commit -Recently modified CVEs: `4` +Recently modified CVEs: `88` -* [CVE-2023-6051](CVE-2023/CVE-2023-60xx/CVE-2023-6051.json) (`2024-01-02T09:15:07.310`) -* [CVE-2023-6277](CVE-2023/CVE-2023-62xx/CVE-2023-6277.json) (`2024-01-02T09:15:07.500`) -* [CVE-2023-7172](CVE-2023/CVE-2023-71xx/CVE-2023-7172.json) (`2024-01-02T10:15:09.137`) -* [CVE-2023-7173](CVE-2023/CVE-2023-71xx/CVE-2023-7173.json) (`2024-01-02T10:15:09.250`) +* [CVE-2023-6037](CVE-2023/CVE-2023-60xx/CVE-2023-6037.json) (`2024-01-02T13:47:38.167`) +* [CVE-2023-6064](CVE-2023/CVE-2023-60xx/CVE-2023-6064.json) (`2024-01-02T13:47:38.167`) +* [CVE-2023-6113](CVE-2023/CVE-2023-61xx/CVE-2023-6113.json) (`2024-01-02T13:47:38.167`) +* [CVE-2023-6271](CVE-2023/CVE-2023-62xx/CVE-2023-6271.json) (`2024-01-02T13:47:38.167`) +* [CVE-2023-6421](CVE-2023/CVE-2023-64xx/CVE-2023-6421.json) (`2024-01-02T13:47:38.167`) +* [CVE-2023-6485](CVE-2023/CVE-2023-64xx/CVE-2023-6485.json) (`2024-01-02T13:47:38.167`) +* [CVE-2023-50094](CVE-2023/CVE-2023-500xx/CVE-2023-50094.json) (`2024-01-02T13:47:38.167`) +* [CVE-2023-50096](CVE-2023/CVE-2023-500xx/CVE-2023-50096.json) (`2024-01-02T13:47:38.167`) +* [CVE-2023-49006](CVE-2023/CVE-2023-490xx/CVE-2023-49006.json) (`2024-01-02T13:54:04.177`) +* [CVE-2023-45115](CVE-2023/CVE-2023-451xx/CVE-2023-45115.json) (`2024-01-02T14:15:08.167`) +* [CVE-2023-45116](CVE-2023/CVE-2023-451xx/CVE-2023-45116.json) (`2024-01-02T14:15:08.360`) +* [CVE-2023-45117](CVE-2023/CVE-2023-451xx/CVE-2023-45117.json) (`2024-01-02T14:15:08.460`) +* [CVE-2023-45118](CVE-2023/CVE-2023-451xx/CVE-2023-45118.json) (`2024-01-02T14:15:08.563`) +* [CVE-2023-45119](CVE-2023/CVE-2023-451xx/CVE-2023-45119.json) (`2024-01-02T14:15:08.657`) +* [CVE-2023-45120](CVE-2023/CVE-2023-451xx/CVE-2023-45120.json) (`2024-01-02T14:15:08.753`) +* [CVE-2023-45121](CVE-2023/CVE-2023-451xx/CVE-2023-45121.json) (`2024-01-02T14:15:08.847`) +* [CVE-2023-49147](CVE-2023/CVE-2023-491xx/CVE-2023-49147.json) (`2024-01-02T14:26:38.727`) +* [CVE-2023-45887](CVE-2023/CVE-2023-458xx/CVE-2023-45887.json) (`2024-01-02T14:32:56.787`) +* [CVE-2024-0186](CVE-2024/CVE-2024-01xx/CVE-2024-0186.json) (`2024-01-02T13:47:31.240`) +* [CVE-2024-21732](CVE-2024/CVE-2024-217xx/CVE-2024-21732.json) (`2024-01-02T13:47:38.167`) +* [CVE-2024-0181](CVE-2024/CVE-2024-01xx/CVE-2024-0181.json) (`2024-01-02T13:47:38.167`) +* [CVE-2024-0182](CVE-2024/CVE-2024-01xx/CVE-2024-0182.json) (`2024-01-02T13:47:38.167`) +* [CVE-2024-0183](CVE-2024/CVE-2024-01xx/CVE-2024-0183.json) (`2024-01-02T13:47:38.167`) +* [CVE-2024-0184](CVE-2024/CVE-2024-01xx/CVE-2024-0184.json) (`2024-01-02T13:47:38.167`) +* [CVE-2024-0185](CVE-2024/CVE-2024-01xx/CVE-2024-0185.json) (`2024-01-02T13:47:38.167`) ## Download and Usage