admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-29T15:04:22.896801+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-29 15:04:26 +00:00
parent 40a10fd35c
commit e3dc9e5320
299 changed files with 1067 additions and 600 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2021/CVE-2021-390xx/CVE-2021-39090.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-39090",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-29T03:15:06.467",
"lastModified": "2024-02-29T03:15:06.467",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-342xx/CVE-2022-34269.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34269",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:35:13.213",
"lastModified": "2024-02-29T01:35:13.213",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-342xx/CVE-2022-34270.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34270",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:35:13.267",
"lastModified": "2024-02-29T01:35:13.267",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-366xx/CVE-2022-36677.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36677",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:35:29.187",
"lastModified": "2024-02-29T01:35:29.187",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-18xx/CVE-2023-1841.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-1841",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2024-02-29T06:15:45.093",
"lastModified": "2024-02-29T06:15:45.093",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05.\u00a0\n\nHoneywell released firmware update package MPA2 firmware\u00a0R1.00.08.05 which addresses\u00a0this vulnerability. This version and all later versions\ncorrect the reported vulnerability.\n\n\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Honeywell MPA2 Access Panel (m\u00f3dulos de servidor web) permite que XSS utilice caracteres no v\u00e1lidos. Este problema afecta a MPA2 Access Panel en todas las versiones anteriores a R1.00.08.05. Honeywell lanz\u00f3 el paquete de actualizaci\u00f3n de firmware MPA2 R1.00.08.05 que soluciona esta vulnerabilidad. Esta versi\u00f3n y todas las versiones posteriores corrigen la vulnerabilidad informada."
}
],
"metrics": {

4
CVE-2023/CVE-2023-259xx/CVE-2023-25921.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25921",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-29T01:38:24.113",
"lastModified": "2024-02-29T01:38:24.113",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-259xx/CVE-2023-25922.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25922",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-28T22:15:25.683",
"lastModified": "2024-02-28T22:15:25.683",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-259xx/CVE-2023-25925.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25925",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-28T22:15:25.883",
"lastModified": "2024-02-28T22:15:25.883",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-259xx/CVE-2023-25926.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25926",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-29T01:38:24.377",
"lastModified": "2024-02-29T01:38:24.377",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-271xx/CVE-2023-27151.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27151",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:38:30.693",
"lastModified": "2024-02-29T01:38:30.693",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-275xx/CVE-2023-27545.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27545",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-29T02:15:08.920",
"lastModified": "2024-02-29T02:15:08.920",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-341xx/CVE-2023-34198.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34198",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:39:48.740",
"lastModified": "2024-02-29T01:39:48.740",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-374xx/CVE-2023-37495.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37495",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-02-29T01:40:04.220",
"lastModified": "2024-02-29T01:40:04.220",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-375xx/CVE-2023-37529.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37529",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-02-29T01:40:04.583",
"lastModified": "2024-02-29T01:40:04.583",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-375xx/CVE-2023-37530.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37530",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-02-29T01:40:04.740",
"lastModified": "2024-02-29T01:40:04.740",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-375xx/CVE-2023-37531.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37531",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-02-29T01:40:04.893",
"lastModified": "2024-02-29T01:40:04.893",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-383xx/CVE-2023-38367.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38367",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-29T02:15:09.120",
"lastModified": "2024-02-29T02:15:09.120",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-383xx/CVE-2023-38372.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38372",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-29T01:40:10.700",
"lastModified": "2024-02-29T01:40:10.700",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-411xx/CVE-2023-41165.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41165",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:40:58.383",
"lastModified": "2024-02-29T01:40:58.383",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer with malicious JavaScript elements that can result in data theft."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Stormshield Network Security (SNS) 3.7.0 hasta 3.7.38 antes de 3.7.39, 3.10.0 hasta 3.11.26 antes de 3.11.27, 4.0 hasta 4.3.21 antes de 4.3.22 y 4.4.0 hasta 4.6.8 antes de 4.6.9. Un administrador con acceso de escritura al firewall SNS puede configurar un descargo de responsabilidad de inicio de sesi\u00f3n con elementos JavaScript maliciosos que pueden resultar en el robo de datos."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-437xx/CVE-2023-43769.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43769",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:41:09.503",
"lastModified": "2024-02-29T01:41:09.503",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server through 7.1.4 before 7.1.5 and before 7.2.1. There are Unauthenticated RMI Service Ports Exposed in Analytics."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Couchbase Server hasta la versi\u00f3n 7.1.4 anterior a la 7.1.5 y anterior a la 7.2.1. Hay puertos de servicio RMI no autenticados expuestos en Analytics."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-443xx/CVE-2023-44341.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44341",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-02-29T01:41:12.810",
"lastModified": "2024-02-29T01:41:12.810",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones ID18.5 (y anteriores) e ID17.4.2 (y anteriores) de Adobe InDesign se ven afectadas por una vulnerabilidad de desreferencia de puntero NULL. Un atacante no autenticado podr\u00eda aprovechar esta vulnerabilidad para lograr una denegaci\u00f3n de servicio de la aplicaci\u00f3n en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

8
CVE-2023/CVE-2023-443xx/CVE-2023-44342.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44342",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-02-29T01:41:13.020",
"lastModified": "2024-02-29T01:41:13.020",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones ID18.5 (y anteriores) e ID17.4.2 (y anteriores) de Adobe InDesign se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {

4
CVE-2023/CVE-2023-443xx/CVE-2023-44343.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44343",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-02-29T01:41:13.323",
"lastModified": "2024-02-29T01:41:13.323",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-443xx/CVE-2023-44344.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44344",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-02-29T01:41:13.497",
"lastModified": "2024-02-29T01:41:13.497",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-443xx/CVE-2023-44345.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44345",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-02-29T01:41:13.680",
"lastModified": "2024-02-29T01:41:13.680",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-443xx/CVE-2023-44346.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44346",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-02-29T01:41:13.857",
"lastModified": "2024-02-29T01:41:13.857",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-443xx/CVE-2023-44347.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44347",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-02-29T01:41:14.037",
"lastModified": "2024-02-29T01:41:14.037",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-458xx/CVE-2023-45859.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45859",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T22:15:26.070",
"lastModified": "2024-02-28T22:15:26.070",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-458xx/CVE-2023-45873.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45873",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T22:15:26.107",
"lastModified": "2024-02-28T22:15:26.107",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-458xx/CVE-2023-45874.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45874",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:41:20.007",
"lastModified": "2024-02-29T01:41:20.007",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-476xx/CVE-2023-47634.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47634",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-29T01:41:28.370",
"lastModified": "2024-02-29T01:41:28.370",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-478xx/CVE-2023-47874.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47874",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-29T06:15:45.390",
"lastModified": "2024-02-29T06:15:45.390",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Perfmatters. Este problema afecta a Perfmatters: desde n/a hasta 2.1.6."
}
],
"metrics": {

4
CVE-2023/CVE-2023-486xx/CVE-2023-48650.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48650",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:41:34.060",
"lastModified": "2024-02-29T01:41:34.060",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-486xx/CVE-2023-48651.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48651",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:41:34.107",
"lastModified": "2024-02-29T01:41:34.107",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-486xx/CVE-2023-48653.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48653",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:41:34.160",
"lastModified": "2024-02-29T01:41:34.160",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-493xx/CVE-2023-49337.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49337",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:41:37.560",
"lastModified": "2024-02-29T01:41:37.560",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-493xx/CVE-2023-49338.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49338",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T22:15:26.170",
"lastModified": "2024-02-28T22:15:26.170",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-499xx/CVE-2023-49930.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49930",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:41:40.070",
"lastModified": "2024-02-29T01:41:40.070",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-499xx/CVE-2023-49931.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49931",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:41:40.110",
"lastModified": "2024-02-29T01:41:40.110",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-499xx/CVE-2023-49932.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49932",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:41:40.157",
"lastModified": "2024-02-29T01:41:40.157",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-504xx/CVE-2023-50436.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50436",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:42:00.697",
"lastModified": "2024-02-29T01:42:00.697",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-504xx/CVE-2023-50437.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50437",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:42:00.750",
"lastModified": "2024-02-29T01:42:00.750",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-506xx/CVE-2023-50658.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50658",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:42:01.123",
"lastModified": "2024-02-29T01:42:01.123",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-509xx/CVE-2023-50905.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50905",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-29T06:15:45.577",
"lastModified": "2024-02-29T06:15:45.577",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows Stored XSS.This issue affects WP Activity Log: from n/a through 4.6.1.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Melapress WP Activity Log permite almacenar XSS. Este problema afecta el WP Activity Log: desde n/a hasta 4.6.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-515xx/CVE-2023-51528.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51528",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-29T05:15:08.280",
"lastModified": "2024-02-29T05:15:08.280",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin AI Power: Complete AI Pack \u2013 Powered by GPT-4.This issue affects AI Power: Complete AI Pack \u2013 Powered by GPT-4: from n/a through 1.8.12.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Senol Sahin AI Power: Complete AI Pack \u2013 Desarrollado por GPT-4. Este problema afecta a AI Power: Complete AI Pack \u2013 Desarrollado por GPT-4: desde n/a hasta 1.8.12."
}
],
"metrics": {

8
CVE-2023/CVE-2023-515xx/CVE-2023-51529.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51529",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-29T05:15:08.570",
"lastModified": "2024-02-29T05:15:08.570",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega \u2013 Absolute Addons For Elementor.This issue affects HT Mega \u2013 Absolute Addons For Elementor: from n/a through 2.3.3.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en HasThemes HT Mega \u2013 Absolute Addons For Elementor. Este problema afecta a HT Mega \u2013 Absolute Addons For Elementor: desde n/a hasta 2.3.3."
}
],
"metrics": {

8
CVE-2023/CVE-2023-515xx/CVE-2023-51530.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51530",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-29T05:15:08.863",
"lastModified": "2024-02-29T05:15:08.863",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider \u2013 Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider \u2013 Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through 3.5.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en GS Plugins Logo Slider \u2013 Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation. Este problema afecta a Logo Slider \u2013 Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: desde n/ a hasta 3.5.1."
}
],
"metrics": {

8
CVE-2023/CVE-2023-515xx/CVE-2023-51531.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51531",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-29T05:15:09.157",
"lastModified": "2024-02-29T05:15:09.157",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Automator.This issue affects Thrive Automator: from n/a through 1.17.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Thrive Themes Thrive Automator. Este problema afecta a Thrive Automator: desde n/a hasta 1.17."
}
],
"metrics": {

4
CVE-2023/CVE-2023-515xx/CVE-2023-51533.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51533",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-28T19:15:09.963",
"lastModified": "2024-02-28T19:15:09.963",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-516xx/CVE-2023-51681.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51681",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-28T17:15:07.270",
"lastModified": "2024-02-28T17:15:07.270",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-516xx/CVE-2023-51683.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51683",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-28T17:15:07.760",
"lastModified": "2024-02-28T17:15:07.760",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-516xx/CVE-2023-51692.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51692",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-28T19:15:10.147",
"lastModified": "2024-02-28T19:15:10.147",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

10
CVE-2023/CVE-2023-516xx/CVE-2023-51696.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51696",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-29T05:15:09.450",
"lastModified": "2024-02-29T05:15:09.450",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in \u0421leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.\n\n"
"value": "Cross-Site Request Forgery (CSRF) vulnerability in ?leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en ?leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk. Este problema afecta a la protecci\u00f3n contra spam, Anti-Spam, FireWall de CleanTalk: desde n/a hasta 6.20."
}
],
"metrics": {

4
CVE-2023/CVE-2023-517xx/CVE-2023-51773.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51773",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:42:05.557",
"lastModified": "2024-02-29T01:42:05.557",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-517xx/CVE-2023-51774.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51774",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:42:05.597",
"lastModified": "2024-02-29T01:42:05.597",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-517xx/CVE-2023-51775.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51775",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:42:05.637",
"lastModified": "2024-02-29T01:42:05.637",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-517xx/CVE-2023-51779.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51779",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:42:05.677",
"lastModified": "2024-02-29T01:42:05.677",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-518xx/CVE-2023-51800.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51800",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T02:15:09.280",
"lastModified": "2024-02-29T02:15:09.280",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-518xx/CVE-2023-51801.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51801",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T02:15:09.323",
"lastModified": "2024-02-29T02:15:09.323",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-518xx/CVE-2023-51802.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51802",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T02:15:09.367",
"lastModified": "2024-02-29T02:15:09.367",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-518xx/CVE-2023-51835.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51835",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:42:05.830",
"lastModified": "2024-02-29T01:42:05.830",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-520xx/CVE-2023-52047.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52047",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T20:15:41.590",
"lastModified": "2024-02-28T20:15:41.590",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-520xx/CVE-2023-52048.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52048",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T20:15:41.640",
"lastModified": "2024-02-28T20:15:41.640",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-522xx/CVE-2023-52223.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52223",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-28T17:15:07.953",
"lastModified": "2024-02-28T17:15:07.953",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-522xx/CVE-2023-52226.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52226",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-28T17:15:08.150",
"lastModified": "2024-02-28T17:15:08.150",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-524xx/CVE-2023-52475.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52475",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T06:15:45.763",
"lastModified": "2024-02-29T06:15:45.763",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: powermate - fix use-after-free in powermate_config_complete\n\nsyzbot has found a use-after-free bug [1] in the powermate driver. This\nhappens when the device is disconnected, which leads to a memory free from\nthe powermate_device struct. When an asynchronous control message\ncompletes after the kfree and its callback is invoked, the lock does not\nexist anymore and hence the bug.\n\nUse usb_kill_urb() on pm->config to cancel any in-progress requests upon\ndevice disconnection.\n\n[1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Entrada: powermate - corrige el use-after-free en powermate_config_complete syzbot ha encontrado un error de use-after-free [1] en el controlador powermate. Esto sucede cuando el dispositivo est\u00e1 desconectado, lo que genera una memoria libre de la estructura powermate_device. Cuando se completa un mensaje de control asincr\u00f3nico despu\u00e9s de que se invoca kfree y su devoluci\u00f3n de llamada, el bloqueo ya no existe y de ah\u00ed el error. Utilice usb_kill_urb() en pm->config para cancelar cualquier solicitud en curso al desconectar el dispositivo. [1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-524xx/CVE-2023-52476.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52476",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T06:15:45.820",
"lastModified": "2024-02-29T06:15:45.820",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/lbr: Filter vsyscall addresses\n\nWe found that a panic can occur when a vsyscall is made while LBR sampling\nis active. If the vsyscall is interrupted (NMI) for perf sampling, this\ncall sequence can occur (most recent at top):\n\n __insn_get_emulate_prefix()\n insn_get_emulate_prefix()\n insn_get_prefixes()\n insn_get_opcode()\n decode_branch_type()\n get_branch_type()\n intel_pmu_lbr_filter()\n intel_pmu_handle_irq()\n perf_event_nmi_handler()\n\nWithin __insn_get_emulate_prefix() at frame 0, a macro is called:\n\n peek_nbyte_next(insn_byte_t, insn, i)\n\nWithin this macro, this dereference occurs:\n\n (insn)->next_byte\n\nInspecting registers at this point, the value of the next_byte field is the\naddress of the vsyscall made, for example the location of the vsyscall\nversion of gettimeofday() at 0xffffffffff600000. The access to an address\nin the vsyscall region will trigger an oops due to an unhandled page fault.\n\nTo fix the bug, filtering for vsyscalls can be done when\ndetermining the branch type. This patch will return\na \"none\" branch if a kernel address if found to lie in the\nvsyscall region."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: perf/x86/lbr: Filtrar direcciones vsyscall Descubrimos que puede ocurrir un p\u00e1nico cuando se realiza una vsyscall mientras el muestreo LBR est\u00e1 activo. Si el VSYSCALL se interrumpe (NMI) para el muestreo de Perf, esta secuencia de llamadas puede ocurrir (m\u00e1s reciente en la parte superior): __insn_get_emulate_prefix () insn_get_emulate_prefix () insn_get_prefixes () insn_get_opcode () decode_branch_type () get_branch_type () _pmu_handle_irq () perf_event_nmi_handler ( ) Dentro de __insn_get_emulate_prefix() en el cuadro 0, se llama una macro: peek_nbyte_next(insn_byte_t, insn, i) Dentro de esta macro, se produce esta desreferencia: (insn)->next_byte Inspeccionando registros en este punto, el valor del campo next_byte es el direcci\u00f3n de vsyscall realizada, por ejemplo, la ubicaci\u00f3n de la versi\u00f3n vsyscall de gettimeofday() en 0xffffffffff600000. El acceso a una direcci\u00f3n en la regi\u00f3n vsyscall provocar\u00e1 un error debido a un error de p\u00e1gina no controlado. Para corregir el error, se puede filtrar por vsyscalls al determinar el tipo de rama. Este parche devolver\u00e1 una rama \"ninguna\" si se encuentra que una direcci\u00f3n del kernel se encuentra en la regi\u00f3n vsyscall."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-524xx/CVE-2023-52477.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52477",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T06:15:45.870",
"lastModified": "2024-02-29T06:15:45.870",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: hub: Guard against accesses to uninitialized BOS descriptors\n\nMany functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h\naccess fields inside udev->bos without checking if it was allocated and\ninitialized. If usb_get_bos_descriptor() fails for whatever\nreason, udev->bos will be NULL and those accesses will result in a\ncrash:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000018\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 5 PID: 17818 Comm: kworker/5:1 Tainted: G W 5.15.108-18910-gab0e1cb584e1 #1 <HASH:1f9e 1>\nHardware name: Google Kindred/Kindred, BIOS Google_Kindred.12672.413.0 02/03/2021\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:hub_port_reset+0x193/0x788\nCode: 89 f7 e8 20 f7 15 00 48 8b 43 08 80 b8 96 03 00 00 03 75 36 0f b7 88 92 03 00 00 81 f9 10 03 00 00 72 27 48 8b 80 a8 03 00 00 <48> 83 78 18 00 74 19 48 89 df 48 8b 75 b0 ba 02 00 00 00 4c 89 e9\nRSP: 0018:ffffab740c53fcf8 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffa1bc5f678000 RCX: 0000000000000310\nRDX: fffffffffffffdff RSI: 0000000000000286 RDI: ffffa1be9655b840\nRBP: ffffab740c53fd70 R08: 00001b7d5edaa20c R09: ffffffffb005e060\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: ffffab740c53fd3e R14: 0000000000000032 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffffa1be96540000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000018 CR3: 000000022e80c005 CR4: 00000000003706e0\nCall Trace:\nhub_event+0x73f/0x156e\n? hub_activate+0x5b7/0x68f\nprocess_one_work+0x1a2/0x487\nworker_thread+0x11a/0x288\nkthread+0x13a/0x152\n? process_one_work+0x487/0x487\n? kthread_associate_blkcg+0x70/0x70\nret_from_fork+0x1f/0x30\n\nFall back to a default behavior if the BOS descriptor isn't accessible\nand skip all the functionalities that depend on it: LPM support checks,\nSuper Speed capabilitiy checks, U1/U2 states setup."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: hub: protege contra accesos a descriptores BOS no inicializados Muchas funciones en drivers/usb/core/hub.c y drivers/usb/core/hub.h acceden a los campos dentro de udev- &gt;bos sin verificar si fue asignado e inicializado. Si usb_get_bos_descriptor() falla por cualquier motivo, udev-&gt;bos ser\u00e1 NULL y esos accesos resultar\u00e1n en un bloqueo: ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000018 PGD 0 P4D 0 Vaya: 0000 [#1] CPU PREEMPT SMP NOPTI : 5 PID: 17818 Comm: kworker/5:1 Tainted: GW 5.15.108-18910-gab0e1cb584e1 #1 Nombre de hardware: Google Kindred/Kindred, BIOS Google_Kindred.12672.413.0 03/02/2021 Cola de trabajo : usb_hub_wq hub_event RIP: 0010:hub_port_reset+0x193/0x788 C\u00f3digo: 89 f7 e8 20 f7 15 00 48 8b 43 08 80 b8 96 03 00 00 03 75 36 0f b7 88 92 03 00 00 81 f9 10 03 00 00 72 27 48 8b 80 a8 03 00 00 &lt;48&gt; 83 78 18 00 74 19 48 89 df 48 8b 75 b0 ba 02 00 00 00 4c 89 e9 RSP: 0018:ffffab740c53fcf8 EFLAGS: 00010246 RAX: 000000 0000000000 RBX: ffffa1bc5f678000 RCX: 0000000000000310 RDX: ffffffffffffdff RSI: 0000000000000286 RDI: ffffa1be9655b840 RBP: ffffab740c53fd70 R08: 00001b7d5edaa20c R09: ffffffffb005e060 R10: 0000000000000001 R11: 00000000 00000000 R12: 0000000000000000 R13: ffffab740c53fd3e R14: 0000000000000032 R15: 00000000000000000 FS: 0000000000000000(0000) GS:ffffa1be965 40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000018 CR3: 000000022e80c005 CR4: 00000000003706e0 Seguimiento de llamadas: hub_event+0x73f/0x156e ? hub_activate+0x5b7/0x68f proceso_one_work+0x1a2/0x487 trabajador_thread+0x11a/0x288 kthread+0x13a/0x152 ? proceso_one_work+0x487/0x487? kthread_associate_blkcg+0x70/0x70 ret_from_fork+0x1f/0x30 Vuelva a un comportamiento predeterminado si no se puede acceder al descriptor BOS y omita todas las funcionalidades que dependen de \u00e9l: comprobaciones de compatibilidad con LPM, comprobaciones de capacidad de supervelocidad, configuraci\u00f3n de estados U1/U2."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-524xx/CVE-2023-52478.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52478",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T06:15:45.920",
"lastModified": "2024-02-29T06:15:45.920",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-524xx/CVE-2023-52479.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52479",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T06:15:45.973",
"lastModified": "2024-02-29T06:15:45.973",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix uaf in smb20_oplock_break_ack\n\ndrop reference after use opinfo."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: corrige uaf en smb20_oplock_break_ack elimina la referencia despu\u00e9s de usar opinfo."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-524xx/CVE-2023-52480.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52480",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T06:15:46.017",
"lastModified": "2024-02-29T06:15:46.017",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix race condition between session lookup and expire\n\n Thread A + Thread B\n ksmbd_session_lookup | smb2_sess_setup\n sess = xa_load |\n |\n | xa_erase(&conn->sessions, sess->id);\n |\n | ksmbd_session_destroy(sess) --> kfree(sess)\n |\n // UAF! |\n sess->last_active = jiffies |\n +\n\nThis patch add rwsem to fix race condition between ksmbd_session_lookup\nand ksmbd_expire_session."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ksmbd: corrige la condici\u00f3n de ejecuci\u00f3n entre la b\u00fasqueda de sesi\u00f3n y la caducidad del subproceso A + subproceso B ksmbd_session_lookup | smb2_sess_setup sess = xa_load | | | xa_erase(&amp;conn-&gt;sesiones, sesi\u00f3n-&gt;id); | | ksmbd_session_destroy(sess) --&gt; kfree(sess) | // \u00a1UAF! | sess-&gt;last_active = jiffies | + Este parche agrega rwsem para corregir la condici\u00f3n de ejecuci\u00f3n entre ksmbd_session_lookup y ksmbd_expire_session."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-524xx/CVE-2023-52481.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52481",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T06:15:46.060",
"lastModified": "2024-02-29T06:15:46.060",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: errata: Add Cortex-A520 speculative unprivileged load workaround\n\nImplement the workaround for ARM Cortex-A520 erratum 2966298. On an\naffected Cortex-A520 core, a speculatively executed unprivileged load\nmight leak data from a privileged load via a cache side channel. The\nissue only exists for loads within a translation regime with the same\ntranslation (e.g. same ASID and VMID). Therefore, the issue only affects\nthe return to EL0.\n\nThe workaround is to execute a TLBI before returning to EL0 after all\nloads of privileged data. A non-shareable TLBI to any address is\nsufficient.\n\nThe workaround isn't necessary if page table isolation (KPTI) is\nenabled, but for simplicity it will be. Page table isolation should\nnormally be disabled for Cortex-A520 as it supports the CSV3 feature\nand the E0PD feature (used when KASLR is enabled)."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: errata: Agregar workaround de carga especulativa sin privilegios de Cortex-A520 Implementar la workaround para la errata 2966298 de ARM Cortex-A520. En un n\u00facleo Cortex-A520 afectado, una carga sin privilegios ejecutada especulativamente podr\u00eda filtrarse datos de una carga privilegiada a trav\u00e9s de un canal lateral de cach\u00e9. El problema s\u00f3lo existe para cargas dentro de un r\u00e9gimen de traducci\u00f3n con la misma traducci\u00f3n (por ejemplo, el mismo ASID y VMID). Por tanto, el problema s\u00f3lo afecta al retorno a EL0. La soluci\u00f3n es ejecutar un TLBI antes de regresar a EL0 despu\u00e9s de todas las cargas de datos privilegiados. Un TLBI que no se pueda compartir con cualquier direcci\u00f3n es suficiente. El workaround no es necesario si el aislamiento de la tabla de p\u00e1ginas (KPTI) est\u00e1 habilitado, pero por simplicidad lo ser\u00e1. El aislamiento de la tabla de p\u00e1ginas normalmente debe estar deshabilitado para Cortex-A520, ya que admite la funci\u00f3n CSV3 y la funci\u00f3n E0PD (utilizada cuando KASLR est\u00e1 habilitado)."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-524xx/CVE-2023-52482.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52482",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T06:15:46.103",
"lastModified": "2024-02-29T06:15:46.103",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/srso: Add SRSO mitigation for Hygon processors\n\nAdd mitigation for the speculative return stack overflow vulnerability\nwhich exists on Hygon processors too."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: x86/srso: agregue mitigaci\u00f3n SRSO para procesadores Hygon. Agregue mitigaci\u00f3n para la vulnerabilidad de desbordamiento de pila de retorno especulativo que tambi\u00e9n existe en los procesadores Hygon."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-524xx/CVE-2023-52483.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52483",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T06:15:46.147",
"lastModified": "2024-02-29T06:15:46.147",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmctp: perform route lookups under a RCU read-side lock\n\nOur current route lookups (mctp_route_lookup and mctp_route_lookup_null)\ntraverse the net's route list without the RCU read lock held. This means\nthe route lookup is subject to preemption, resulting in an potential\ngrace period expiry, and so an eventual kfree() while we still have the\nroute pointer.\n\nAdd the proper read-side critical section locks around the route\nlookups, preventing premption and a possible parallel kfree.\n\nThe remaining net->mctp.routes accesses are already under a\nrcu_read_lock, or protected by the RTNL for updates.\n\nBased on an analysis from Sili Luo <rootlab@huawei.com>, where\nintroducing a delay in the route lookup could cause a UAF on\nsimultaneous sendmsg() and route deletion."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mctp: realiza b\u00fasquedas de rutas bajo un bloqueo del lado de lectura de RCU. Nuestras b\u00fasquedas de rutas actuales (mctp_route_lookup y mctp_route_lookup_null) atraviesan la lista de rutas de la red sin que se mantenga el bloqueo de lectura de RCU. Esto significa que la b\u00fasqueda de ruta est\u00e1 sujeta a preferencia, lo que resulta en una posible expiraci\u00f3n del per\u00edodo de gracia y, por lo tanto, en un eventual kfree() mientras todav\u00eda tenemos el puntero de ruta. Agregue los bloqueos de secci\u00f3n cr\u00edtica del lado de lectura adecuados alrededor de las b\u00fasquedas de rutas, evitando la preferencia y un posible kfree paralelo. Los accesos restantes a net-&gt;mctp.routes ya est\u00e1n bajo rcu_read_lock o protegidos por RTNL para actualizaciones. Basado en un an\u00e1lisis de Sili Luo , donde la introducci\u00f3n de un retraso en la b\u00fasqueda de rutas podr\u00eda causar una UAF en sendmsg() y eliminaci\u00f3n de rutas simult\u00e1neas."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-524xx/CVE-2023-52484.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52484",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T06:15:46.190",
"lastModified": "2024-02-29T06:15:46.190",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range\n\nWhen running an SVA case, the following soft lockup is triggered:\n--------------------------------------------------------------------\nwatchdog: BUG: soft lockup - CPU#244 stuck for 26s!\npstate: 83400009 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : arm_smmu_cmdq_issue_cmdlist+0x178/0xa50\nlr : arm_smmu_cmdq_issue_cmdlist+0x150/0xa50\nsp : ffff8000d83ef290\nx29: ffff8000d83ef290 x28: 000000003b9aca00 x27: 0000000000000000\nx26: ffff8000d83ef3c0 x25: da86c0812194a0e8 x24: 0000000000000000\nx23: 0000000000000040 x22: ffff8000d83ef340 x21: ffff0000c63980c0\nx20: 0000000000000001 x19: ffff0000c6398080 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: ffff3000b4a3bbb0\nx14: ffff3000b4a30888 x13: ffff3000b4a3cf60 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : ffffc08120e4d6bc\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000048cfa\nx5 : 0000000000000000 x4 : 0000000000000001 x3 : 000000000000000a\nx2 : 0000000080000000 x1 : 0000000000000000 x0 : 0000000000000001\nCall trace:\n arm_smmu_cmdq_issue_cmdlist+0x178/0xa50\n __arm_smmu_tlb_inv_range+0x118/0x254\n arm_smmu_tlb_inv_range_asid+0x6c/0x130\n arm_smmu_mm_invalidate_range+0xa0/0xa4\n __mmu_notifier_invalidate_range_end+0x88/0x120\n unmap_vmas+0x194/0x1e0\n unmap_region+0xb4/0x144\n do_mas_align_munmap+0x290/0x490\n do_mas_munmap+0xbc/0x124\n __vm_munmap+0xa8/0x19c\n __arm64_sys_munmap+0x28/0x50\n invoke_syscall+0x78/0x11c\n el0_svc_common.constprop.0+0x58/0x1c0\n do_el0_svc+0x34/0x60\n el0_svc+0x2c/0xd4\n el0t_64_sync_handler+0x114/0x140\n el0t_64_sync+0x1a4/0x1a8\n--------------------------------------------------------------------\n\nNote that since 6.6-rc1 the arm_smmu_mm_invalidate_range above is renamed\nto \"arm_smmu_mm_arch_invalidate_secondary_tlbs\", yet the problem remains.\n\nThe commit 06ff87bae8d3 (\"arm64: mm: remove unused functions and variable\nprotoypes\") fixed a similar lockup on the CPU MMU side. Yet, it can occur\nto SMMU too, since arm_smmu_mm_arch_invalidate_secondary_tlbs() is called\ntypically next to MMU tlb flush function, e.g.\n\ttlb_flush_mmu_tlbonly {\n\t\ttlb_flush {\n\t\t\t__flush_tlb_range {\n\t\t\t\t// check MAX_TLBI_OPS\n\t\t\t}\n\t\t}\n\t\tmmu_notifier_arch_invalidate_secondary_tlbs {\n\t\t\tarm_smmu_mm_arch_invalidate_secondary_tlbs {\n\t\t\t\t// does not check MAX_TLBI_OPS\n\t\t\t}\n\t\t}\n\t}\n\nClone a CMDQ_MAX_TLBI_OPS from the MAX_TLBI_OPS in tlbflush.h, since in an\nSVA case SMMU uses the CPU page table, so it makes sense to align with the\ntlbflush code. Then, replace per-page TLBI commands with a single per-asid\nTLBI command, if the request size hits this threshold."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: iommu/arm-smmu-v3: Correcci\u00f3n del bloqueo suave activado por arm_smmu_mm_invalidate_range Cuando se ejecuta un caso SVA, se activa el siguiente bloqueo suave: ----------- -------------------------------------------------- ------- perro guardi\u00e1n: ERROR: bloqueo suave - \u00a1CPU#244 bloqueada durante 26 segundos! pstate: 83400009 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc: arm_smmu_cmdq_issue_cmdlist+0x178/0xa50 lr: arm_smmu_cmdq_issue_cmdlist+0x150/0xa50 sp: ffff8000d83ef290 x29: ffff8000 d83ef290 x28: 000000003b9aca00 x27: 0000000000000000 x26: ffff8000d83ef3c0 x25: da86c0812194a0e8 x24: 0000000000000000 x23: 0000000000000040 x22: ffff8000d83ef340 x21: ffff0000c63980c0 x20: 0000000000000001 x19: ffff0000c6398080 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: ffff3000b4a3bbb0 x14: ffff3000b4a30888 x13: ffff3000 b4a3cf60 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9: ffffc08120e4d6bc x8: 0000000000000000 x7: 0000000000000000 x6: 0000000000048cfa x5: 00000000000000000 x4: 0000000000000001 x3: 0000000 00000000a x2: 0000000080000000 x1: 0000000000000000 x0: 0000000000000001 Rastreo de llamadas: arm_smmu_cmdq_issue_cmdlist+0x178/0xa50 __arm_smmu_tlb_inv_range+0x118/0x254 arm_smmu_tlb_inv_range_asid+0x6c/0x130 arm_smmu_mm_invalidate_range+0xa0/ 0xa4 __mmu_notifier_invalidate_range_end+0x88/0x120 unmap_vmas+0x194/0x1e0 unmap_region+0xb4/0x144 do_mas_align_munmap+0x290/0x490 do_mas_munmap+0xbc/0x124 __vm_munmap+0xa8/0x19c __arm64_sy s_munmap+0x28/0x50 invoke_syscall+0x78/0x11c el0_svc_common.constprop.0+0x58/0x1c0 do_el0_svc+0x34/0x60 el0_svc+0x2c/0xd4 el0t_64_sync_handler+0x114/0x140 el0t_64_sync+0x1a4/0x1a8 ------------------------------ -------------------------------------- Tenga en cuenta que desde 6.6-rc1 el nombre de arm_smmu_mm_invalidate_range anterior se cambia a \"arm_smmu_mm_arch_invalidate_secondary_tlbs\", pero el problema persiste. El commit 06ff87bae8d3 (\"arm64: mm: eliminar funciones no utilizadas y prototipos variables\") solucion\u00f3 un bloqueo similar en el lado de la MMU de la CPU. Sin embargo, tambi\u00e9n le puede ocurrir a SMMU, ya que arm_smmu_mm_arch_invalidate_ secondary_tlbs() se llama normalmente junto a la funci\u00f3n de descarga tlb de MMU, por ejemplo, tlb_flush_mmu_tlbonly { tlb_flush { __flush_tlb_range { // comprobar MAX_TLBI_OPS } } mmu_notifier_arch_invalidate_ secondary_tlbs { arm_smmu_mm_arch_invalidate_segundo ary_tlbs { // no marca MAX_TLBI_OPS } } } Clonar un CMDQ_MAX_TLBI_OPS de MAX_TLBI_OPS en tlbflush.h, ya que en un caso SVA SMMU usa la tabla de p\u00e1ginas de la CPU, por lo que tiene sentido alinearse con el c\u00f3digo tlbflush. Luego, reemplace los comandos TLBI por p\u00e1gina con un \u00fanico comando TLBI por asid, si el tama\u00f1o de la solicitud alcanza este umbral."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-56xx/CVE-2023-5617.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5617",
"sourceIdentifier": "security.vulnerabilities@hitachivantara.com",
"published": "2024-02-28T23:15:08.260",
"lastModified": "2024-02-28T23:15:08.260",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-60xx/CVE-2023-6090.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6090",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-29T06:15:46.237",
"lastModified": "2024-02-29T06:15:46.237",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 7.3.11.\n\n"
},
{
"lang": "es",
"value": "Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Mollie Mollie Payments para WooCommerce. Este problema afecta a Mollie Payments para WooCommerce: desde n/a hasta 7.3.11."
}
],
"metrics": {

4
CVE-2023/CVE-2023-62xx/CVE-2023-6247.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6247",
"sourceIdentifier": "security@openvpn.net",
"published": "2024-02-29T01:42:34.380",
"lastModified": "2024-02-29T01:42:34.380",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-65xx/CVE-2023-6565.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6565",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:42:39.890",
"lastModified": "2024-02-29T01:42:39.890",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-68xx/CVE-2023-6806.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6806",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:42:45.657",
"lastModified": "2024-02-29T01:42:45.657",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-68xx/CVE-2023-6881.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6881",
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"published": "2024-02-29T01:42:46.890",
"lastModified": "2024-02-29T01:42:46.890",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-69xx/CVE-2023-6917.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6917",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-28T15:15:07.867",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-378"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6917",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983",
"source": "secalert@redhat.com"
}
]
}

4
CVE-2023/CVE-2023-69xx/CVE-2023-6923.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6923",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:42:49.007",
"lastModified": "2024-02-29T01:42:49.007",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-71xx/CVE-2023-7105.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7105",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-29T01:42:53.353",
"lastModified": "2024-02-29T01:42:53.353",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-71xx/CVE-2023-7106.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7106",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-29T01:42:53.563",
"lastModified": "2024-02-29T01:42:53.563",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-71xx/CVE-2023-7107.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7107",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-29T01:42:53.770",
"lastModified": "2024-02-29T01:42:53.770",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-71xx/CVE-2023-7108.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7108",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-29T01:42:53.997",
"lastModified": "2024-02-29T01:42:53.997",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-71xx/CVE-2023-7109.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7109",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-29T01:42:54.193",
"lastModified": "2024-02-29T01:42:54.193",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-71xx/CVE-2023-7110.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7110",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-29T01:42:54.400",
"lastModified": "2024-02-29T01:42:54.400",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-72xx/CVE-2023-7207.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7207",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-02-29T01:42:59.920",
"lastModified": "2024-02-29T01:42:59.920",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-03xx/CVE-2024-0379.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0379",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:10.100",
"lastModified": "2024-02-29T01:43:10.100",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-04xx/CVE-2024-0438.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0438",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:11.853",
"lastModified": "2024-02-29T01:43:11.853",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-04xx/CVE-2024-0442.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0442",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:12.037",
"lastModified": "2024-02-29T01:43:12.037",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-05xx/CVE-2024-0506.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0506",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:17.420",
"lastModified": "2024-02-29T01:43:17.420",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-05xx/CVE-2024-0512.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0512",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:17.710",
"lastModified": "2024-02-29T01:43:17.710",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-05xx/CVE-2024-0513.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0513",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:17.860",
"lastModified": "2024-02-29T01:43:17.860",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-05xx/CVE-2024-0514.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0514",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:18.027",
"lastModified": "2024-02-29T01:43:18.027",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-05xx/CVE-2024-0515.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0515",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:18.197",
"lastModified": "2024-02-29T01:43:18.197",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-05xx/CVE-2024-0516.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0516",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:18.350",
"lastModified": "2024-02-29T01:43:18.350",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:29.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-05xx/CVE-2024-0560.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0560",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-28T17:15:08.340",
"lastModified": "2024-02-28T17:15:08.340",
"vulnStatus": "Received",
"lastModified": "2024-02-29T13:49:47.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

Some files were not shown because too many files have changed in this diff Show More