admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-16T15:00:30.142846+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-16 15:00:33 +00:00
parent 13072676f5
commit ed25c60730
93 changed files with 1673 additions and 303 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
CVE-2001/CVE-2001-15xx/CVE-2001-1559.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2001-1559",
"sourceIdentifier": "cve@mitre.org",
"published": "2001-12-31T05:00:00.000",
"lastModified": "2008-09-05T20:26:51.607",
"lastModified": "2024-02-16T14:16:33.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -44,7 +66,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-476"
}
]
}
@ -76,6 +98,7 @@
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0014.html",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit"
]
},
@ -83,12 +106,16 @@
"url": "http://monkey.org/openbsd/archive/tech/0112/msg00015.html",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit"
]
},
{
"url": "http://www.iss.net/security_center/static/7690.php",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

92
CVE-2005/CVE-2005-48xx/CVE-2005-4868.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2005-4868",
"sourceIdentifier": "cve@mitre.org",
"published": "2005-12-31T05:00:00.000",
"lastModified": "2017-08-17T01:29:02.067",
"vulnStatus": "Modified",
"lastModified": "2024-02-16T14:10:26.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -44,13 +66,14 @@
"description": [
{
"lang": "en",
"value": "CWE-200"
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -58,23 +81,34 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2_universal_database:7.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "BE7D9100-F344-49B7-A542-2A7035FBFF41"
"criteria": "cpe:2.3:a:ibm:db2_universal_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE601D37-E6DD-429D-B17F-25E9B6090CCD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2_universal_database:7.2:*:windows:*:*:*:*:*",
"matchCriteriaId": "6EBDEDDF-DBBA-4CD9-8CDE-5182246936D0"
"criteria": "cpe:2.3:a:ibm:db2_universal_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE58350C-327B-4D34-9980-299537134CEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2_universal_database:8.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "39F9063B-982D-46C0-BE50-57DAE0F83174"
"criteria": "cpe:2.3:a:ibm:db2_universal_database:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06038A2B-9391-48D8-92DF-073B27017C41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2_universal_database:8.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "620663C7-8AA1-430F-AF00-32F5EF7C65B6"
"criteria": "cpe:2.3:a:ibm:db2_universal_database:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC2B937D-F6F7-49E5-A58C-CE455A986F9A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
@ -84,22 +118,50 @@
"references": [
{
"url": "http://marc.info/?l=bugtraq&m=110495402231836&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://secunia.com/advisories/12733/",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21181228",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.nextgenss.com/advisories/db205012005F.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "http://www.securityfocus.com/bid/11402",
"source": "cve@mitre.org",
"tags": [
"Patch"
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17605",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

6
CVE-2015/CVE-2015-75xx/CVE-2015-7501.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2015-7501",
"sourceIdentifier": "secalert@redhat.com",
"published": "2017-11-09T17:29:00.203",
"lastModified": "2020-07-15T03:15:12.277",
"lastModified": "2024-02-16T13:15:08.013",
"vulnStatus": "Modified",
"descriptions": [
{
@ -319,6 +319,10 @@
"url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html",
"source": "secalert@redhat.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240216-0010/",
"source": "secalert@redhat.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"source": "secalert@redhat.com"

10
CVE-2020/CVE-2020-17xx/CVE-2020-1745.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-1745",
"sourceIdentifier": "secalert@redhat.com",
"published": "2020-04-28T15:15:13.037",
"lastModified": "2023-11-07T03:19:32.400",
"lastModified": "2024-02-16T13:15:09.207",
"vulnStatus": "Modified",
"descriptions": [
{
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -95,7 +95,7 @@
]
},
{
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
@ -139,6 +139,10 @@
"Not Applicable"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240216-0011/",
"source": "secalert@redhat.com"
},
{
"url": "https://www.cnvd.org.cn/webinfo/show/5415",
"source": "secalert@redhat.com",

12
CVE-2022/CVE-2022-09xx/CVE-2022-0900.json
View File

@ -1,9 +1,9 @@
{
"id": "CVE-2022-0900",
"sourceIdentifier": "cve@usom.gov.tr",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2022-05-23T14:16:26.247",
"lastModified": "2023-09-07T09:15:07.567",
"vulnStatus": "Modified",
"lastModified": "2024-02-16T13:59:33.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "cve@usom.gov.tr",
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -85,7 +85,7 @@
},
"weaknesses": [
{
"source": "cve@usom.gov.tr",
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"description": [
{
@ -126,7 +126,7 @@
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-22-0375",
"source": "cve@usom.gov.tr",
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]

8
CVE-2022/CVE-2022-416xx/CVE-2022-41678.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-41678",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-28T16:15:06.840",
"lastModified": "2023-12-04T19:08:39.233",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-16T13:15:09.380",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -98,6 +98,10 @@
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240216-0004/",
"source": "security@apache.org"
}
]
}

8
CVE-2022/CVE-2022-450xx/CVE-2022-45047.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-45047",
"sourceIdentifier": "security@apache.org",
"published": "2022-11-16T09:15:14.320",
"lastModified": "2023-11-07T03:54:29.477",
"lastModified": "2024-02-16T13:15:09.513",
"vulnStatus": "Modified",
"descriptions": [
{
@ -50,7 +50,7 @@
]
},
{
"source": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
@ -79,6 +79,10 @@
}
],
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240216-0008/",
"source": "security@apache.org"
},
{
"url": "https://www.mail-archive.com/dev%40mina.apache.org/msg39312.html",
"source": "security@apache.org"

26
CVE-2023/CVE-2023-385xx/CVE-2023-38525.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38525",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-08-08T10:15:15.723",
"lastModified": "2023-11-14T11:15:10.190",
"vulnStatus": "Modified",
"lastModified": "2024-02-16T14:15:06.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Parasolid V34.1 (Todas las versiones inferiores a V34.1.258), Parasolid V35.0 (Todas las versiones inferiores a V35.0.254), Parasolid V35.1 (Todas las versiones inferiores a V35.1. 171), Teamcenter Visualization V14.1 (Todas las versiones inferiores a V14.1.0.11), Teamcenter Visualization V14.2 (Todas las versiones inferiores a V14.2.0.6), Teamcenter Visualization V14.3 (Todas las versiones inferiores a V14.3.0.3). Las aplicaciones afectadas contienen una lectura fuera de los l\u00edmites m\u00e1s all\u00e1 del final de una estructura asignada al analizar archivos X_T especialmente dise\u00f1ados. Esto podr\u00eda permitir a un atacante ejecutar c\u00f3digo en el contexto del proceso actual."
}
],
"metrics": {
@ -104,6 +108,13 @@
"versionEndExcluding": "35.1.171",
"matchCriteriaId": "EA7FF725-2396-492A-8B97-CA77B4EFCC48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.1",
"versionEndExcluding": "14.1.0.11",
"matchCriteriaId": "9EF3388B-D057-4DB9-96AE-B6F4678FE5B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
@ -113,13 +124,10 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F859B7F9-2AD8-4B2E-9E26-7DEE54160348"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8048B948-FD64-44FA-B5C3-52966997A1A4"
"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.3",
"versionEndExcluding": "14.3.0.3",
"matchCriteriaId": "99F0D457-7D65-40DC-BCFA-339FA5648709"
}
]
}

26
CVE-2023/CVE-2023-385xx/CVE-2023-38526.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38526",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-08-08T10:15:15.817",
"lastModified": "2023-11-14T11:15:10.290",
"vulnStatus": "Modified",
"lastModified": "2024-02-16T14:15:33.800",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Parasolid V34.1 (Todas las versiones inferiores a V34.1.258), Parasolid V35.0 (Todas las versiones inferiores a V35.0.254), Parasolid V35.1 (Todas las versiones inferiores a V35.1. 171), Teamcenter Visualization V14.1 (Todas las versiones inferiores a V14.1.0.11), Teamcenter Visualization V14.2 (Todas las versiones inferiores a V14.2.0.6), Teamcenter Visualization V14.3 (Todas las versiones inferiores a V14.3.0.3). Las aplicaciones afectadas contienen una lectura fuera de los l\u00edmites m\u00e1s all\u00e1 del final de una estructura asignada al analizar archivos X_T especialmente dise\u00f1ados. Esto podr\u00eda permitir a un atacante ejecutar c\u00f3digo en el contexto del proceso actual."
}
],
"metrics": {
@ -104,6 +108,13 @@
"versionEndExcluding": "35.1.171",
"matchCriteriaId": "EA7FF725-2396-492A-8B97-CA77B4EFCC48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.1",
"versionEndExcluding": "14.1.0.11",
"matchCriteriaId": "9EF3388B-D057-4DB9-96AE-B6F4678FE5B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
@ -113,13 +124,10 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F859B7F9-2AD8-4B2E-9E26-7DEE54160348"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8048B948-FD64-44FA-B5C3-52966997A1A4"
"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.3",
"versionEndExcluding": "14.3.0.3",
"matchCriteriaId": "99F0D457-7D65-40DC-BCFA-339FA5648709"
}
]
}

49
CVE-2023/CVE-2023-394xx/CVE-2023-39418.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39418",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-11T13:15:09.963",
"lastModified": "2023-12-20T15:15:09.200",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-16T13:57:03.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -107,24 +107,51 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:7785",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7883",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7884",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7885",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-39418",
@ -152,11 +179,17 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20230915-0002/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5553",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.postgresql.org/support/security/CVE-2023-39418/",

8
CVE-2023/CVE-2023-400xx/CVE-2023-40057.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40057",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-02-15T21:15:08.247",
"lastModified": "2024-02-15T21:15:08.247",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:38:00.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.\n"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Si se explota, esta vulnerabilidad permite que un usuario autenticado abuse de un servicio de SolarWinds, lo que resulta en la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-400xx/CVE-2023-40093.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40093",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T02:15:49.963",
"lastModified": "2024-02-16T02:15:49.963",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En archivos m\u00faltiples, existe una forma posible de que el contenido recortado se incluya en la salida PDF debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-401xx/CVE-2023-40100.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40100",
"sourceIdentifier": "security@android.com",
"published": "2024-02-15T23:15:07.743",
"lastModified": "2024-02-15T23:15:07.743",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:38:00.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In discovery_thread of Dns64Configuration.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En Discovery_thread de Dns64Configuration.cpp, existe una posible corrupci\u00f3n de memoria debido a un use after free. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-401xx/CVE-2023-40104.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40104",
"sourceIdentifier": "security@android.com",
"published": "2024-02-15T23:15:08.017",
"lastModified": "2024-02-15T23:15:08.017",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En los certificados ca, existe una forma posible de leer datos TLS cifrados debido a certificados criptogr\u00e1ficos que no son de confianza. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-401xx/CVE-2023-40105.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40105",
"sourceIdentifier": "security@android.com",
"published": "2024-02-15T23:15:08.083",
"lastModified": "2024-02-15T23:15:08.083",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En backupAgentCreated de ActivityManagerService.java, existe una forma posible de filtrar datos confidenciales debido a una falta de verificaci\u00f3n de permisos. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-401xx/CVE-2023-40106.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40106",
"sourceIdentifier": "security@android.com",
"published": "2024-02-15T23:15:08.137",
"lastModified": "2024-02-15T23:15:08.137",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En sanitizeSbn de NotificationManagerService.java, existe una forma posible de iniciar una actividad desde segundo plano debido a BAL Bypass. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-401xx/CVE-2023-40107.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40107",
"sourceIdentifier": "security@android.com",
"published": "2024-02-15T23:15:08.197",
"lastModified": "2024-02-15T23:15:08.197",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En ARTPWriter de ARTPWriter.cpp, existe un posible use after free debido a datos no inicializados. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-401xx/CVE-2023-40109.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40109",
"sourceIdentifier": "security@android.com",
"published": "2024-02-15T23:15:08.260",
"lastModified": "2024-02-15T23:15:08.260",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."
},
{
"lang": "es",
"value": "En createFromParcel de UsbConfiguration.java, existe un posible inicio de actividad en segundo plano (BAL) debido a una omisi\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-401xx/CVE-2023-40110.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40110",
"sourceIdentifier": "security@android.com",
"published": "2024-02-15T23:15:08.420",
"lastModified": "2024-02-15T23:15:08.420",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple functions of MtpPacket.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."
},
{
"lang": "es",
"value": "En m\u00faltiples funciones de MtpPacket.cpp, existe una posible escritura fuera de los l\u00edmites debido a un MtpPacket.cpp. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-401xx/CVE-2023-40111.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40111",
"sourceIdentifier": "security@android.com",
"published": "2024-02-15T23:15:08.487",
"lastModified": "2024-02-15T23:15:08.487",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of system_server due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."
},
{
"lang": "es",
"value": "En setMediaButtonReceiver de MediaSessionRecord.java, existe una forma posible de enviar un intent pendiente en nombre de system_server debido a un diputado confundido. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-401xx/CVE-2023-40112.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40112",
"sourceIdentifier": "security@android.com",
"published": "2024-02-15T23:15:08.543",
"lastModified": "2024-02-15T23:15:08.543",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of past print jobs or other print-related information, with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En ippSetValueTag de ipp.c, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local de trabajos de impresi\u00f3n anteriores u otra informaci\u00f3n relacionada con la impresi\u00f3n, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-401xx/CVE-2023-40113.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40113",
"sourceIdentifier": "security@android.com",
"published": "2024-02-15T23:15:08.597",
"lastModified": "2024-02-15T23:15:08.597",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En varias ubicaciones, existe una forma posible para que las aplicaciones accedan a datos de mensajes entre usuarios debido a una falta de verificaci\u00f3n de permiso. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-401xx/CVE-2023-40114.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40114",
"sourceIdentifier": "security@android.com",
"published": "2024-02-15T23:15:08.647",
"lastModified": "2024-02-15T23:15:08.647",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple functions of MtpFfsHandle.cpp , there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."
},
{
"lang": "es",
"value": "En m\u00faltiples funciones de MtpFfsHandle.cpp, existe una posible escritura fuera de los l\u00edmites debido a un use after free. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-401xx/CVE-2023-40115.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40115",
"sourceIdentifier": "security@android.com",
"published": "2024-02-15T23:15:08.693",
"lastModified": "2024-02-15T23:15:08.693",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In readLogs of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En readLogs de StatsService.cpp, existe una posible corrupci\u00f3n de memoria debido a un use after free. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-401xx/CVE-2023-40122.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40122",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T02:15:50.513",
"lastModified": "2024-02-16T02:15:50.513",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En applyCustomDescription de SaveUi.java, existe una forma posible de ver las im\u00e1genes de otros usuarios debido a un diputado confundido. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-401xx/CVE-2023-40124.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-40124",
"sourceIdentifier": "security@android.com",
"published": "2024-02-15T23:15:08.743",
"lastModified": "2024-02-15T23:15:08.743",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En varias ubicaciones, existe una posible lectura entre usuarios debido a un agente confundido. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local de fotograf\u00edas u otras im\u00e1genes sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

6
CVE-2023/CVE-2023-40xx/CVE-2023-4001.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4001",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-15T11:15:08.270",
"lastModified": "2024-02-05T04:15:07.793",
"lastModified": "2024-02-16T13:15:09.737",
"vulnStatus": "Modified",
"descriptions": [
{
@ -181,6 +181,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHLZQ47HM64NDOHMHYO7VIJFYD5ZPPYN/",
"source": "secalert@redhat.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240216-0006/",
"source": "secalert@redhat.com"
}
]
}

28
CVE-2023/CVE-2023-410xx/CVE-2023-41032.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41032",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-09-12T10:15:29.690",
"lastModified": "2024-02-02T06:15:44.910",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-16T14:25:44.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -94,6 +94,20 @@
"versionStartIncluding": "36.0",
"versionEndExcluding": "36.0.142",
"matchCriteriaId": "B2873D5B-2501-4B02-8B68-347B69FC8D43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simcenter_femap:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2301.0",
"versionEndExcluding": "2301.0003",
"matchCriteriaId": "FC710071-C7AC-4ED0-9550-5FBE8FCD37AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simcenter_femap:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2306.0",
"versionEndExcluding": "2306.0001",
"matchCriteriaId": "8E84C2D3-EF31-46E9-884A-7EB00B515D23"
}
]
}
@ -110,11 +124,17 @@
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.bentley.com/advisories/be-2023-0004/",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory"
]
}
]
}

23
CVE-2023/CVE-2023-410xx/CVE-2023-41033.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41033",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-09-12T10:15:29.783",
"lastModified": "2023-11-14T11:15:11.207",
"vulnStatus": "Modified",
"lastModified": "2024-02-16T14:21:36.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -77,6 +77,20 @@
"versionStartIncluding": "36.0",
"versionEndExcluding": "36.0.156",
"matchCriteriaId": "2B357683-F73D-47E7-9750-95D1018D035B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simcenter_femap:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2301.0",
"versionEndExcluding": "2301.0003",
"matchCriteriaId": "FC710071-C7AC-4ED0-9550-5FBE8FCD37AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simcenter_femap:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2306.0",
"versionEndExcluding": "2306.0001",
"matchCriteriaId": "8E84C2D3-EF31-46E9-884A-7EB00B515D23"
}
]
}
@ -93,7 +107,10 @@
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-417xx/CVE-2023-41703.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41703",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-02-12T09:15:10.480",
"lastModified": "2024-02-14T17:15:09.070",
"lastModified": "2024-02-16T14:15:07.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -51,14 +51,6 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/177130/OX-App-Suite-7.10.6-Cross-Site-Scirpting-Denial-Of-Service.html",
"source": "security@open-xchange.com"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/10",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json",
"source": "security@open-xchange.com"

10
CVE-2023/CVE-2023-417xx/CVE-2023-41704.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41704",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-02-12T09:15:10.697",
"lastModified": "2024-02-14T17:15:09.167",
"lastModified": "2024-02-16T14:15:07.930",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -51,14 +51,6 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/177130/OX-App-Suite-7.10.6-Cross-Site-Scirpting-Denial-Of-Service.html",
"source": "security@open-xchange.com"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/10",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json",
"source": "security@open-xchange.com"

22
CVE-2023/CVE-2023-417xx/CVE-2023-41705.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41705",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-02-12T09:15:10.880",
"lastModified": "2024-02-14T17:15:09.240",
"lastModified": "2024-02-16T14:15:08.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -38,15 +38,19 @@
}
]
},
"weaknesses": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/177130/OX-App-Suite-7.10.6-Cross-Site-Scirpting-Denial-Of-Service.html",
"source": "security@open-xchange.com"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/10",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json",
"source": "security@open-xchange.com"

10
CVE-2023/CVE-2023-417xx/CVE-2023-41706.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41706",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-02-12T09:15:11.073",
"lastModified": "2024-02-14T17:15:09.317",
"lastModified": "2024-02-16T14:15:08.103",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -51,14 +51,6 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/177130/OX-App-Suite-7.10.6-Cross-Site-Scirpting-Denial-Of-Service.html",
"source": "security@open-xchange.com"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/10",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json",
"source": "security@open-xchange.com"

10
CVE-2023/CVE-2023-417xx/CVE-2023-41707.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41707",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-02-12T09:15:11.253",
"lastModified": "2024-02-14T17:15:09.390",
"lastModified": "2024-02-16T14:15:08.187",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -51,14 +51,6 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/177130/OX-App-Suite-7.10.6-Cross-Site-Scirpting-Denial-Of-Service.html",
"source": "security@open-xchange.com"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/10",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json",
"source": "security@open-xchange.com"

10
CVE-2023/CVE-2023-417xx/CVE-2023-41708.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41708",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-02-12T09:15:11.470",
"lastModified": "2024-02-14T17:15:09.467",
"lastModified": "2024-02-16T14:15:08.263",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -51,14 +51,6 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/177130/OX-App-Suite-7.10.6-Cross-Site-Scirpting-Denial-Of-Service.html",
"source": "security@open-xchange.com"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/10",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json",
"source": "security@open-xchange.com"

8
CVE-2023/CVE-2023-458xx/CVE-2023-45860.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-45860",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-16T10:15:08.080",
"lastModified": "2024-02-16T10:15:08.080",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem."
},
{
"lang": "es",
"value": "En Hazelcast Platform hasta 5.3.4, existe un problema de seguridad dentro de la asignaci\u00f3n SQL para el conector de origen de archivos CSV. Este problema surge de una verificaci\u00f3n inadecuada de permisos, que podr\u00eda permitir que clientes no autorizados accedan a datos de archivos almacenados en el sistema de archivos de un miembro."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-492xx/CVE-2023-49238.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49238",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T02:15:44.837",
"lastModified": "2024-01-16T15:24:35.707",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-16T13:15:09.633",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -82,6 +82,10 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240216-0003/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-495xx/CVE-2023-49508.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49508",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-16T08:15:39.767",
"lastModified": "2024-02-16T08:15:39.767",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component."
},
{
"lang": "es",
"value": "Vulnerabilidad de Directory Traversal en YetiForceCompany YetiForceCRM versiones 6.4.0 y anteriores permite a un atacante autenticado remoto obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro de licencia en el componente LibraryLicense.php."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-519xx/CVE-2023-51931.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51931",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-16T09:15:08.247",
"lastModified": "2024-02-16T09:15:08.247",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function."
},
{
"lang": "es",
"value": "Un problema en alanclarke URLite v.3.1.0 permite a un atacante provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un payload manipulado para la funci\u00f3n de an\u00e1lisis."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-61xx/CVE-2023-6123.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6123",
"sourceIdentifier": "security@opentext.com",
"published": "2024-02-15T21:15:08.500",
"lastModified": "2024-02-15T21:15:08.500",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:38:00.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization vulnerability affects OpenText ALM Octane\u00a0version 16.2.100 and above.\u00a0The vulnerability could result in a remote code execution attack. \n\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada afecta a OpenText ALM Octane versi\u00f3n 16.2.100 y superiores. La vulnerabilidad podr\u00eda resultar en un ataque de ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

8
CVE-2023/CVE-2023-61xx/CVE-2023-6129.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6129",
"sourceIdentifier": "openssl-security@openssl.org",
"published": "2024-01-09T17:15:12.147",
"lastModified": "2024-01-23T21:32:01.973",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-16T13:15:09.910",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -103,6 +103,10 @@
"Patch"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240216-0009/",
"source": "openssl-security@openssl.org"
},
{
"url": "https://www.openssl.org/news/secadv/20240109.txt",
"source": "openssl-security@openssl.org",

8
CVE-2023/CVE-2023-62xx/CVE-2023-6246.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6246",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-31T14:15:48.420",
"lastModified": "2024-02-15T20:00:45.203",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-16T13:15:10.023",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -190,6 +190,10 @@
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240216-0007/",
"source": "secalert@redhat.com"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6",
"source": "secalert@redhat.com",

8
CVE-2023/CVE-2023-64xx/CVE-2023-6451.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6451",
"sourceIdentifier": "vdp@themissinglink.com.au",
"published": "2024-02-16T04:15:08.090",
"lastModified": "2024-02-16T04:15:08.090",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.\n"
},
{
"lang": "es",
"value": "La clave de m\u00e1quina criptogr\u00e1fica conocida p\u00fablicamente en el Portal Procura de AlayaCare anterior a 9.0.1.2 permite a los atacantes falsificar sus propias cookies de autenticaci\u00f3n y eludir los mecanismos de autenticaci\u00f3n de la aplicaci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-00xx/CVE-2024-0014.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0014",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T02:15:50.580",
"lastModified": "2024-02-16T02:15:50.580",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En startInstall de UpdateFetcher.java, existe una forma posible de activar una actualizaci\u00f3n de configuraci\u00f3n maliciosa debido a un error l\u00f3gico. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-00xx/CVE-2024-0029.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0029",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T02:15:50.633",
"lastModified": "2024-02-16T02:15:50.633",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En varios archivos, existe una forma posible de capturar la pantalla del dispositivo cuando la pol\u00edtica del dispositivo no lo permite debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-00xx/CVE-2024-0030.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0030",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T02:15:50.710",
"lastModified": "2024-02-16T02:15:50.710",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En btif_to_bta_response de btif_gatt_util.cc, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-00xx/CVE-2024-0031.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0031",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T02:15:50.763",
"lastModified": "2024-02-16T02:15:50.763",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En attp_build_read_by_type_value_cmd de att_protocol.cc, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-00xx/CVE-2024-0032.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0032",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T02:15:50.823",
"lastModified": "2024-02-16T02:15:50.823",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In queryChildDocuments of FileSystemProvider.java, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation."
},
{
"lang": "es",
"value": "En queryChildDocuments de FileSystemProvider.java, existe una forma posible de solicitar acceso a directorios que deber\u00edan estar ocultos debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del usuario necesarios. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-00xx/CVE-2024-0033.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0033",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T02:15:50.877",
"lastModified": "2024-02-16T02:15:50.877",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En m\u00faltiples funciones de ashmem-dev.cpp, es posible que falte un sello debido a un ashmem-dev.cpp. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-00xx/CVE-2024-0034.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0034",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T02:15:50.933",
"lastModified": "2024-02-16T02:15:50.933",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En BackgroundLaunchProcessController, existe una forma posible de iniciar actividad arbitraria desde segundo plano debido a BAL Bypass. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-00xx/CVE-2024-0035.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0035",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T02:15:50.980",
"lastModified": "2024-02-16T02:15:50.980",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En onNullBinding de TileLifecycleManager.java, existe una forma posible de iniciar una actividad desde segundo plano debido a que falta una verificaci\u00f3n nula. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-00xx/CVE-2024-0036.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0036",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T02:15:51.047",
"lastModified": "2024-02-16T02:15:51.047",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En startNextMatchingActivity de ActivityTaskManagerService.java, existe una forma posible de evitar las restricciones para iniciar actividades desde segundo plano debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-00xx/CVE-2024-0037.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0037",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T02:15:51.097",
"lastModified": "2024-02-16T02:15:51.097",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En applyCustomDescription de SaveUi.java, existe una forma posible de ver im\u00e1genes que pertenecen a un usuario diferente debido a que falta una verificaci\u00f3n de permiso. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del usuario necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-00xx/CVE-2024-0038.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0038",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T02:15:51.157",
"lastModified": "2024-02-16T02:15:51.157",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En injectInputEventToInputFilter de AccessibilityManagerService.java, existe una posible inyecci\u00f3n de evento de entrada arbitraria debido a una falta de verificaci\u00f3n de permiso. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-00xx/CVE-2024-0040.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0040",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T02:15:51.203",
"lastModified": "2024-02-16T02:15:51.203",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En setParameter de MtpPacket.cpp, existe una posible lectura fuera de los l\u00edmites debido a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-00xx/CVE-2024-0041.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0041",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T02:15:51.253",
"lastModified": "2024-02-16T02:15:51.253",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove the persistent dot with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En removePersistentDot de SystemStatusAnimationSchedulerImpl.kt, existe una posible condici\u00f3n de ejecuci\u00f3n debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda provocar una escalada local de privilegios que no elimine el punto persistente sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},

65
CVE-2024/CVE-2024-01xx/CVE-2024-0168.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0168",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:10.330",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T13:40:44.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges.\n\n"
},
{
"lang": "es",
"value": "Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyecci\u00f3n de comandos en la utilidad svc_oscheck. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad, lo que le permitir\u00eda inyectar comandos arbitrarios del sistema operativo. Esta vulnerabilidad permite a un atacante autenticado ejecutar comandos con privilegios de root."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.0.0.5.094",
"matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-02xx/CVE-2024-0240.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0240",
"sourceIdentifier": "product-security@silabs.com",
"published": "2024-02-15T21:15:08.673",
"lastModified": "2024-02-15T21:15:08.673",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:38:00.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop."
},
{
"lang": "es",
"value": "Una p\u00e9rdida de memoria en la pila Bluetooth de Silicon Labs para productos EFR32 puede provocar que la memoria se agote al enviar notificaciones a varios clientes, lo que provoca que se detengan todas las operaciones de Bluetooth, como la publicidad y el escaneo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-06xx/CVE-2024-0622.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0622",
"sourceIdentifier": "security@opentext.com",
"published": "2024-02-15T21:15:08.860",
"lastModified": "2024-02-15T21:15:08.860",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:38:00.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation vulnerability\u00a0affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on no-Windows platforms. The vulnerability\u00a0could allow local privilege escalation.\u00a0\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de escalada de privilegios local afecta las versiones 12.15 y 12.20-12.25 del producto OpenText Operations Agent cuando se instala en plataformas que no son Windows. La vulnerabilidad podr\u00eda permitir una escalada de privilegios locales."
}
],
"metrics": {

96
CVE-2024/CVE-2024-14xx/CVE-2024-1404.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1404",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-09T23:15:08.243",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T13:53:05.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Linksys WRT54GL 4.30.18 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /SysInfo.htm del componente Web Management Interface es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-253328. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +105,58 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/1",
"source": "cna@vuldb.com"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linksys:wrt54gl_firmware:4.30.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1173CC78-A954-4989-A72C-CF349C7BC4D2"
}
]
},
{
"url": "https://vuldb.com/?ctiid.253328",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?id.253328",
"source": "cna@vuldb.com"
"vulnerable": false,
"criteria": "cpe:2.3:h:linksys:wrt54gl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04AA9149-2F72-4585-8A41-66AE3D573197"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/1",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.253328",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.253328",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
}
]
}

96
CVE-2024/CVE-2024-14xx/CVE-2024-1405.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1405",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-10T06:15:46.170",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T13:42:24.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Linksys WRT54GL 4.30.18. Ha sido clasificada como problem\u00e1tica. Una parte desconocida del archivo /wlaninfo.htm del componente Web Management Interface afecta a una parte desconocida. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-253329. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +105,58 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/2",
"source": "cna@vuldb.com"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linksys:wrt54gl_firmware:4.30.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1173CC78-A954-4989-A72C-CF349C7BC4D2"
}
]
},
{
"url": "https://vuldb.com/?ctiid.253329",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?id.253329",
"source": "cna@vuldb.com"
"vulnerable": false,
"criteria": "cpe:2.3:h:linksys:wrt54gl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04AA9149-2F72-4585-8A41-66AE3D573197"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/2",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.253329",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.253329",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2024/CVE-2024-214xx/CVE-2024-21490.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21490",
"sourceIdentifier": "report@snyk.io",
"published": "2024-02-10T05:15:08.650",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T13:42:54.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. \r\r\r**Note:**\r\rThis package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core)."
},
{
"lang": "es",
"value": "Esto afecta a las versiones del paquete angular desde 1.3.0. Una expresi\u00f3n regular utilizada para dividir el valor de la directiva ng-srcset es vulnerable a un tiempo de ejecuci\u00f3n superlineal debido al retroceso. Con una gran cantidad de informaci\u00f3n cuidadosamente elaborada, esto puede resultar en un retroceso catastr\u00f3fico y provocar una denegaci\u00f3n de servicio. **Nota:** Este paquete est\u00e1 en EOL y no recibir\u00e1 ninguna actualizaci\u00f3n para solucionar este problema. Los usuarios deben migrar a [@angular/core](https://www.npmjs.com/package/@angular/core)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113",
"source": "report@snyk.io"
},
"nodes": [
{
"url": "https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos",
"source": "report@snyk.io"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:angular:angular:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "1.3.0",
"matchCriteriaId": "4615CD79-CE8C-46FF-B9CC-633B2AD05D26"
}
]
}
]
}
],
"references": [
{
"url": "https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113",
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos",
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

131
CVE-2024/CVE-2024-216xx/CVE-2024-21624.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21624",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-09T23:15:08.553",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T13:52:53.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize `MessageTemplate` and incorporate user-provided data into templates. The identified vulnerability has been remedied in pull request #2509 and will be included in versions released from 2.2.0. Users are strongly advised to upgrade to these patched versions to safeguard against the vulnerability. A temporary workaround involves filtering underscores before incorporating user input into the message template."
},
{
"lang": "es",
"value": "nonebot2 es un framework de chatbot asincr\u00f3nico de Python multiplataforma escrito en Python. Este aviso de seguridad se refiere a una posible fuga de informaci\u00f3n (por ejemplo, variables de entorno) en casos en los que los desarrolladores utilizan \"MessageTemplate\" e incorporan datos proporcionados por el usuario en plantillas. La vulnerabilidad identificada se solucion\u00f3 en la solicitud de extracci\u00f3n n.\u00b0 2509 y se incluir\u00e1 en las versiones lanzadas a partir de la 2.2.0. Se recomienda encarecidamente a los usuarios que actualicen a estas versiones parcheadas para protegerse contra la vulnerabilidad. Una soluci\u00f3n temporal implica filtrar los guiones bajos antes de incorporar la entrada del usuario en la plantilla del mensaje."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,95 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/nonebot/nonebot2/pull/2509",
"source": "security-advisories@github.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nonebot:nonebot:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.1",
"versionEndExcluding": "2.2.0",
"matchCriteriaId": "48D76A37-92D4-435B-8E50-798D10E7E452"
},
{
"url": "https://github.com/nonebot/nonebot2/security/advisories/GHSA-59j8-776v-xxxg",
"source": "security-advisories@github.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:nonebot:nonebot:2.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "465F6B52-66C6-4227-9EDE-CE2B532DF86F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nonebot:nonebot:2.0.0:alpha16:*:*:*:*:*:*",
"matchCriteriaId": "E33D41DF-25CA-475D-A068-ABB2BB8F0756"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nonebot:nonebot:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6C2A7A44-E383-4FC5-9471-7F7D142EE5B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nonebot:nonebot:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "97E334E2-1BBD-49F4-9DB6-6030539246B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nonebot:nonebot:2.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A73B180B-3EC8-4050-8E2F-F879097D5349"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nonebot:nonebot:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A4940243-0FAD-46CB-83AD-28D131B0C33D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nonebot:nonebot:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "882E455A-7665-4E87-A000-24F3BAD30574"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nonebot:nonebot:2.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3735223E-557B-4B99-849F-EA965A478B12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nonebot:nonebot:2.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4AE1E1EC-D01B-41ED-8268-2725C67E92EC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nonebot:nonebot:2.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "00EAA913-619A-4999-866C-BC7F44E84FA9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nonebot:nonebot:2.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "E3411B5D-14F4-4BA0-AF2A-CBF789F5BEE9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nonebot/nonebot2/pull/2509",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/nonebot/nonebot2/security/advisories/GHSA-59j8-776v-xxxg",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-217xx/CVE-2024-21728.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21728",
"sourceIdentifier": "security@joomla.org",
"published": "2024-02-15T21:15:09.220",
"lastModified": "2024-02-15T21:15:09.220",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:38:00.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTicky (osTicket Bridge) by SmartCalc is a Joomla 3.x extension that provides Joomla fronted integration with osTicket, a popular Support ticket system. The Open Redirect vulnerability allows attackers to control the return parameter in the URL to a base64 malicious URL."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de Open Redirect en osTicky2 inferior a 2.2.8. osTicky (osTicket Bridge) de SmartCalc es una extensi\u00f3n de Joomla 3.x que proporciona integraci\u00f3n frontal de Joomla con osTicket, un popular sistema de tickets de soporte. La vulnerabilidad Open Redirect permite a los atacantes controlar el par\u00e1metro de retorno en la URL a una URL maliciosa base64."
}
],
"metrics": {},

6
CVE-2024/CVE-2024-217xx/CVE-2024-21733.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21733",
"sourceIdentifier": "security@apache.org",
"published": "2024-01-19T11:15:08.043",
"lastModified": "2024-02-01T17:15:10.543",
"lastModified": "2024-02-16T13:15:10.190",
"vulnStatus": "Modified",
"descriptions": [
{
@ -183,6 +183,10 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240216-0005/",
"source": "security@apache.org"
}
]
}

8
CVE-2024/CVE-2024-222xx/CVE-2024-22207.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22207",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-15T16:15:13.437",
"lastModified": "2024-01-23T19:40:46.420",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-16T13:15:10.320",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -103,6 +103,10 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240216-0002/",
"source": "security-advisories@github.com"
}
]
}

65
CVE-2024/CVE-2024-222xx/CVE-2024-22221.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22221",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:11.043",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T13:40:34.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains SQL Injection vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading to exposure of sensitive information.\n\n"
},
{
"lang": "es",
"value": "Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyecci\u00f3n SQL. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda la exposici\u00f3n de informaci\u00f3n confidencial."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.0.0.5.094",
"matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2024/CVE-2024-222xx/CVE-2024-22222.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22222",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:11.283",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T13:40:22.813",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.\n\n"
},
{
"lang": "es",
"value": "Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo dentro de su utilidad svc_udoctor. Un usuario malintencionado autenticado con acceso local podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de comandos arbitrarios del sistema operativo en el sistema operativo subyacente de la aplicaci\u00f3n, con los privilegios de la aplicaci\u00f3n vulnerable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.0.0.5.094",
"matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2024/CVE-2024-222xx/CVE-2024-22226.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22226",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-12T19:15:12.130",
"lastModified": "2024-02-12T20:39:09.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T13:55:08.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges.\n\n"
},
{
"lang": "es",
"value": "Dell Unity, versiones anteriores a la 5.4, contienen una vulnerabilidad de path traversal en su utilidad svc_supportassist. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad para obtener acceso de escritura no autorizado a los archivos almacenados en el sistema de archivos del servidor, con privilegios elevados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.0.0.5.094",
"matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-224xx/CVE-2024-22425.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22425",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-16T12:15:07.757",
"lastModified": "2024-02-16T12:15:07.757",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell RecoverPoint for Virtual Machines 5.3.x contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner.\n\n"
},
{
"lang": "es",
"value": "Dell RecoverPoint for Virtual Machines 5.3.x contiene una vulnerabilidad de ataque de fuerza bruta/diccionario. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a lanzar un ataque de fuerza bruta o un ataque de diccionario contra el formulario de inicio de sesi\u00f3n de RecoverPoint. Esto permite a los atacantes forzar la contrase\u00f1a de usuarios v\u00e1lidos de forma automatizada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-224xx/CVE-2024-22426.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22426",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-16T12:15:08.537",
"lastModified": "2024-02-16T12:15:08.537",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell RecoverPoint for Virtual Machines 5.3.x contains an OS Command injection vulnerability. An unauthenticated remote\nattacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.\n\n"
},
{
"lang": "es",
"value": "Dell RecoverPoint for Virtual Machines 5.3.x contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a ejecutar comandos arbitrarios del sistema operativo, que se ejecutar\u00e1n en el contexto del usuario ra\u00edz, lo que comprometer\u00eda completamente el sistema."
}
],
"metrics": {

8
CVE-2024/CVE-2024-228xx/CVE-2024-22854.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22854",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-16T09:15:08.533",
"lastModified": "2024-02-16T09:15:08.533",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an injected HTML form."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de inyecci\u00f3n de HTML basada en DOM en la p\u00e1gina principal de Darktrace Threat Visualizer versi\u00f3n 6.1.27 (versi\u00f3n del paquete 61050) y anteriores. Una URL, creada por un atacante remoto y visitada por un usuario autenticado, permite la redirecci\u00f3n abierta y el posible robo de credenciales mediante un formulario HTML inyectado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-234xx/CVE-2024-23476.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23476",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-02-15T21:15:09.353",
"lastModified": "2024-02-15T21:15:09.353",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:38:00.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve the Remote Code Execution.\n"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que SolarWinds Access Rights Manager (ARM) era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Si se explota, esta vulnerabilidad permite que un usuario no autenticado logre la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-234xx/CVE-2024-23477.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23477",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-02-15T21:15:09.603",
"lastModified": "2024-02-15T21:15:09.603",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:38:00.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.\n"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que SolarWinds Access Rights Manager (ARM) era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Si se explota, esta vulnerabilidad permite a un usuario no autenticado lograr una ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-234xx/CVE-2024-23478.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23478",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-02-15T21:15:09.867",
"lastModified": "2024-02-15T21:15:09.867",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:38:00.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution.\n"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que SolarWinds Access Rights Manager (ARM) era susceptible a una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Si se explota, esta vulnerabilidad permite que un usuario autenticado abuse de un servicio de SolarWinds, lo que resulta en la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-234xx/CVE-2024-23479.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23479",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-02-15T21:15:10.213",
"lastModified": "2024-02-15T21:15:10.213",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:38:00.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.\n"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que SolarWinds Access Rights Manager (ARM) era susceptible a una vulnerabilidad de Directory Traversal Remote Code Execution. Si se explota, esta vulnerabilidad permite a un usuario no autenticado lograr una ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

67
CVE-2024/CVE-2024-235xx/CVE-2024-23514.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23514",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-10T09:15:09.010",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T13:42:03.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ClickToTweet.Com Click To Tweet allows Stored XSS.This issue affects Click To Tweet: from n/a through 2.0.14.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en ClickToTweet.Com Click To Tweet permite almacenar XSS. Este problema afecta a Click To Tweet: desde n/a hasta 2.0.14."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/click-to-tweet/wordpress-click-to-tweet-plugin-2-0-14-cross-site-scripting-xss-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clicktotweet:click_to_tweet:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.14",
"matchCriteriaId": "61ADAD7A-FBC3-44FC-94DA-FF1641BD1099"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/click-to-tweet/wordpress-click-to-tweet-plugin-2-0-14-cross-site-scripting-xss-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-235xx/CVE-2024-23516.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23516",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-10T09:15:09.203",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T13:41:48.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calculators World CC BMI Calculator allows Stored XSS.This issue affects CC BMI Calculator: from n/a through 2.0.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Calculators World CC BMI Calculator permite almacenar XSS. Este problema afecta a CC BMI Calculator: desde n/a hasta 2.0.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/cc-bmi-calculator/wordpress-cc-bmi-calculator-plugin-2-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:calculatorsworld:cc_bmi_calculator:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.1",
"matchCriteriaId": "E1D99F25-5BC9-4AF1-943D-FC7460897B3A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cc-bmi-calculator/wordpress-cc-bmi-calculator-plugin-2-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-235xx/CVE-2024-23517.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23517",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-10T09:15:09.393",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T13:41:33.563",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Start Booking Scheduling Plugin \u2013 Online Booking for WordPress allows Stored XSS.This issue affects Scheduling Plugin \u2013 Online Booking for WordPress: from n/a through 3.5.10.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Start Booking Scheduling Plugin \u2013 Online Booking for WordPress permite almacenar XSS. Este problema afecta a Scheduling Plugin \u2013 Online Booking for WordPress: desde n/a hasta 3.5.10."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/calendar-booking/wordpress-scheduling-plugin-online-booking-for-wordpress-plugin-3-5-10-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:startbooking:scheduling_plugin:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.5.10",
"matchCriteriaId": "2199F934-B915-433F-80B2-98FBD2306A3F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/calendar-booking/wordpress-scheduling-plugin-online-booking-for-wordpress-plugin-3-5-10-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-236xx/CVE-2024-23639.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23639",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-09T01:15:09.867",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T13:53:20.800",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are \"simple\" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade."
},
{
"lang": "es",
"value": "Micronaut Framework es un framework Java moderno, de pila completa y basado en JVM, manipulado para crear aplicaciones JVM modulares y f\u00e1cilmente comprobables con soporte para Java, Kotlin y el lenguaje Groovy. Los endpoints de administraci\u00f3n habilitados pero no seguros son susceptibles a ataques de host local. Si bien no son t\u00edpicos de una aplicaci\u00f3n de producci\u00f3n, estos ataques pueden tener un mayor impacto en un entorno de desarrollo donde dichos endpoints pueden activarse sin pensarlo mucho. Un sitio web malicioso o comprometido puede realizar solicitudes HTTP a \"localhost\". Normalmente, dichas solicitudes desencadenar\u00edan una verificaci\u00f3n previa de CORS que impedir\u00eda la solicitud; sin embargo, algunas solicitudes son \"simples\" y no requieren una verificaci\u00f3n previa. Estos endpoints, si est\u00e1n habilitados y no protegidos, son vulnerables a ser activados. Los entornos de producci\u00f3n normalmente desactivan los endpoints no utilizados y protegen/restringen el acceso a los endpoints necesarios. Una v\u00edctima m\u00e1s probable es el desarrollador de su host de desarrollo local, que ha habilitado endpoints sin seguridad para facilitar el desarrollo. Este problema se solucion\u00f3 en la versi\u00f3n 3.8.3. Se recomienda a los usuarios que actualicen."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -54,14 +78,38 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests",
"source": "security-advisories@github.com"
},
"nodes": [
{
"url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf",
"source": "security-advisories@github.com"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:objectcomputing:micronaut:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.8.3",
"matchCriteriaId": "9FE06CE0-3CED-4A8E-8B66-3773C15010BC"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests",
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-236xx/CVE-2024-23674.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23674",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-15T23:15:08.827",
"lastModified": "2024-02-15T23:15:08.827",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:55.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from the card, aka the \"sPACE (Spoofing Password Authenticated Connection Establishment)\" issue. This occurs because of a combination of factors, such as insecure PIN entry (for basic readers) and eid:// deeplinking. The victim must be using a modified eID kernel, which may occur if the victim is tricked into installing a fake version of an official app. NOTE: the BSI position is \"ensuring a secure operational environment at the client side is an obligation of the ID card owner.\""
},
{
"lang": "es",
"value": "El esquema de identificaci\u00f3n electr\u00f3nica Online-Ausweis-Funktion en el documento nacional de identidad alem\u00e1n hasta el 15 de febrero de 2024 permite omitir la autenticaci\u00f3n mediante suplantaci\u00f3n de identidad. Un atacante intermediario puede asumir la identidad de la v\u00edctima para acceder a recursos gubernamentales, m\u00e9dicos y financieros, y tambi\u00e9n puede extraer datos personales de la tarjeta, tambi\u00e9n conocido como el problema \"sPACE (establecimiento de conexi\u00f3n autenticada con contrase\u00f1a suplantada)\". Esto ocurre debido a una combinaci\u00f3n de factores, como la entrada insegura del PIN (para lectores b\u00e1sicos) y los enlaces profundos eid://. La v\u00edctima debe estar utilizando un kernel de eID modificado, lo que puede ocurrir si se enga\u00f1a a la v\u00edctima para que instale una versi\u00f3n falsa de una aplicaci\u00f3n oficial. NOTA: la posici\u00f3n de BSI es \"garantizar un entorno operativo seguro en el lado del cliente es una obligaci\u00f3n del propietario de la tarjeta de identificaci\u00f3n\"."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-243xx/CVE-2024-24377.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24377",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-16T09:15:08.603",
"lastModified": "2024-02-16T09:15:08.603",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script."
},
{
"lang": "es",
"value": "Un problema en idocv v.14.1.3_20231228 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de un script manipulado."
}
],
"metrics": {},

55
CVE-2024/CVE-2024-247xx/CVE-2024-24712.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24712",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-10T08:15:07.570",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T14:48:04.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login WordPress allows Stored XSS.This issue affects Heateor Social Login WordPress: from n/a through 1.1.30.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Team Heator Heator Social Login WordPress permite almacenar XSS. Este problema afecta a Heateor Social Login WordPress: desde n/a hasta 1.1.30."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/heateor-social-login/wordpress-heateor-social-login-plugin-1-1-30-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:heateor:social_login:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.31",
"matchCriteriaId": "7B21B228-74B4-4764-AFBA-02CD847E039A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/heateor-social-login/wordpress-heateor-social-login-plugin-1-1-30-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-248xx/CVE-2024-24828.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24828",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-09T23:15:09.837",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T13:43:33.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. A user may then run the malicious executable without realising it has been modified. This package is deprecated. Therefore, there will not be a patch provided for this vulnerability. To check if your executable build by pkg depends on native code and is vulnerable, run the executable and check if `/tmp/pkg/` was created. Users should transition to actively maintained alternatives. We would recommend investigating Node.js 21\u2019s support for single executable applications. Given the decision to deprecate the pkg package, there are no official workarounds or remediations provided by our team. Users should prioritize migrating to other packages that offer similar functionality with enhanced security."
},
{
"lang": "es",
"value": "pkg es una herramienta de dise\u00f1o para agrupar proyectos de Node.js en archivos ejecutables. Cualquier paquete de c\u00f3digo nativo creado por `pkg` se escribe en un directorio codificado. En sistemas Unix, este es `/tmp/pkg/*` que es un directorio compartido para todos los usuarios en el mismo sistema local. Los nombres de los paquetes dentro de este directorio no son \u00fanicos, son predecibles. Un atacante que tiene acceso al mismo sistema local tiene la capacidad de reemplazar los ejecutables genuinos en el directorio compartido con ejecutables maliciosos del mismo nombre. Luego, un usuario puede ejecutar el ejecutable malicioso sin darse cuenta de que ha sido modificado. Este paquete est\u00e1 en desuso. Por lo tanto, no se proporcionar\u00e1 ning\u00fan parche para esta vulnerabilidad. Para verificar si su ejecutable compilado por pkg depende del c\u00f3digo nativo y es vulnerable, ejecute el ejecutable y verifique si se cre\u00f3 `/tmp/pkg/`. Los usuarios deben hacer la transici\u00f3n a alternativas mantenidas activamente. Recomendamos investigar la compatibilidad de Node.js 21 con aplicaciones ejecutables \u00fanicas. Dada la decisi\u00f3n de dejar de usar el paquete pkg, nuestro equipo no ha proporcionado soluciones ni soluciones oficiales. Los usuarios deben priorizar la migraci\u00f3n a otros paquetes que ofrezcan funciones similares con seguridad mejorada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,38 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/vercel/pkg/security/advisories/GHSA-22r3-9w55-cj54",
"source": "security-advisories@github.com"
},
"nodes": [
{
"url": "https://nodejs.org/api/single-executable-applications.html",
"source": "security-advisories@github.com"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vercel:pkg:*:*:*:*:*:node.js:*:*",
"versionEndIncluding": "5.8.1",
"matchCriteriaId": "A83852BC-5291-4916-A376-52D0CB5766AE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vercel/pkg/security/advisories/GHSA-22r3-9w55-cj54",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://nodejs.org/api/single-executable-applications.html",
"source": "security-advisories@github.com",
"tags": [
"Product"
]
}
]
}

61
CVE-2024/CVE-2024-249xx/CVE-2024-24927.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24927",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-12T06:15:08.030",
"lastModified": "2024-02-12T14:20:03.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T13:41:18.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/brooklyn/wordpress-brooklyn-theme-4-9-7-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:unitedthemes:brooklyn:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.9.7.6",
"matchCriteriaId": "0F7A0654-602C-4738-B649-F4F8E8296DD3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/brooklyn/wordpress-brooklyn-theme-4-9-7-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-249xx/CVE-2024-24928.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24928",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-12T06:15:08.313",
"lastModified": "2024-02-12T14:20:03.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T13:41:04.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/content-cards/wordpress-content-cards-plugin-0-9-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:content_cards_project:content_cards:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.9.7",
"matchCriteriaId": "7D0F6B16-637D-4454-B187-89C795FB7B5D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/content-cards/wordpress-content-cards-plugin-0-9-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-251xx/CVE-2024-25123.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25123",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-15T22:15:48.060",
"lastModified": "2024-02-15T22:15:48.060",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:38:00.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "MSS (Mission Support System) is an open source package designed for planning atmospheric research flights. In file: `index.py`, there is a method that is vulnerable to path manipulation attack. By modifying file paths, an attacker can acquire sensitive information from different resources. The `filename` variable is joined with other variables to form a file path in `_file`. However, `filename` is a route parameter that can capture path type values i.e. values including slashes (\\). So it is possible for an attacker to manipulate the file being read by assigning a value containing ../ to `filename` and so the attacker may be able to gain access to other files on the host filesystem. This issue has been addressed in MSS version 8.3.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "MSS (Mission Support System) es un paquete de c\u00f3digo abierto dise\u00f1ado para planificar vuelos de investigaci\u00f3n atmosf\u00e9rica. En el archivo: `index.py`, hay un m\u00e9todo que es vulnerable a un ataque de manipulaci\u00f3n de ruta. Al modificar las rutas de los archivos, un atacante puede adquirir informaci\u00f3n confidencial de diferentes recursos. La variable `filename` se une con otras variables para formar una ruta de archivo en `_file`. Sin embargo, \"filename\" es un par\u00e1metro de ruta que puede capturar valores de tipo de ruta, es decir, valores que incluyen barras (\\). Por lo tanto, es posible que un atacante manipule el archivo que se est\u00e1 leyendo asignando un valor que contenga ../ a \"nombre de archivo\" y, por lo tanto, el atacante puede obtener acceso a otros archivos en el sistema de archivos del host. Este problema se solucion\u00f3 en la versi\u00f3n 8.3.3 de MSS. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-254xx/CVE-2024-25413.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25413",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-16T02:15:51.307",
"lastModified": "2024-02-16T02:15:51.307",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n del lado del servidor XSLT en la funci\u00f3n Importar trabajos de FireBear Enhanced Import And Export v3.8.6 permite a los atacantes ejecutar comandos arbitrarios a trav\u00e9s de un archivo XSLT manipulado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-254xx/CVE-2024-25414.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25414",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-16T02:15:51.363",
"lastModified": "2024-02-16T02:15:51.363",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos arbitrarios en /admin/upgrade de CSZ CMS v1.3.0 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo Zip manipulado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-254xx/CVE-2024-25415.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25415",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-16T02:15:51.443",
"lastModified": "2024-02-16T02:15:51.443",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) en /admin/define_language.php de CE Phoenix v1.0.8.20 permite a atacantes ejecutar c\u00f3digo PHP de su elecci\u00f3n inyectando un payload manipulado en el archivo english.php."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-254xx/CVE-2024-25466.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25466",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-16T09:15:08.663",
"lastModified": "2024-02-16T09:15:08.663",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:37:51.433",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component."
},
{
"lang": "es",
"value": "La vulnerabilidad de Directory Traversal en React Native Document Picker anterior a v.9.1.1 y corregida en v.9.1.1 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el componente de librer\u00eda de Android."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-255xx/CVE-2024-25502.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25502",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-15T20:15:45.483",
"lastModified": "2024-02-15T20:15:45.483",
"vulnStatus": "Received",
"lastModified": "2024-02-16T13:38:00.047",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component."
},
{
"lang": "es",
"value": "Vulnerabilidad de Directory Traversal en flusity CMS v.2.4 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del componente download_backup.php."
}
],
"metrics": {},

35
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-16T13:00:32.416527+00:00
2024-02-16T15:00:30.142846+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-16T12:15:08.537000+00:00
2024-02-16T14:48:04.207000+00:00
```
### Last Data Feed Release
@ -34,16 +34,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `0`
* [CVE-2024-22425](CVE-2024/CVE-2024-224xx/CVE-2024-22425.json) (`2024-02-16T12:15:07.757`)
* [CVE-2024-22426](CVE-2024/CVE-2024-224xx/CVE-2024-22426.json) (`2024-02-16T12:15:08.537`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `92`
* [CVE-2024-25502](CVE-2024/CVE-2024-255xx/CVE-2024-25502.json) (`2024-02-16T13:38:00.047`)
* [CVE-2024-0240](CVE-2024/CVE-2024-02xx/CVE-2024-0240.json) (`2024-02-16T13:38:00.047`)
* [CVE-2024-0622](CVE-2024/CVE-2024-06xx/CVE-2024-0622.json) (`2024-02-16T13:38:00.047`)
* [CVE-2024-21728](CVE-2024/CVE-2024-217xx/CVE-2024-21728.json) (`2024-02-16T13:38:00.047`)
* [CVE-2024-23476](CVE-2024/CVE-2024-234xx/CVE-2024-23476.json) (`2024-02-16T13:38:00.047`)
* [CVE-2024-23477](CVE-2024/CVE-2024-234xx/CVE-2024-23477.json) (`2024-02-16T13:38:00.047`)
* [CVE-2024-23478](CVE-2024/CVE-2024-234xx/CVE-2024-23478.json) (`2024-02-16T13:38:00.047`)
* [CVE-2024-23479](CVE-2024/CVE-2024-234xx/CVE-2024-23479.json) (`2024-02-16T13:38:00.047`)
* [CVE-2024-25123](CVE-2024/CVE-2024-251xx/CVE-2024-25123.json) (`2024-02-16T13:38:00.047`)
* [CVE-2024-22222](CVE-2024/CVE-2024-222xx/CVE-2024-22222.json) (`2024-02-16T13:40:22.813`)
* [CVE-2024-22221](CVE-2024/CVE-2024-222xx/CVE-2024-22221.json) (`2024-02-16T13:40:34.093`)
* [CVE-2024-0168](CVE-2024/CVE-2024-01xx/CVE-2024-0168.json) (`2024-02-16T13:40:44.663`)
* [CVE-2024-24928](CVE-2024/CVE-2024-249xx/CVE-2024-24928.json) (`2024-02-16T13:41:04.027`)
* [CVE-2024-24927](CVE-2024/CVE-2024-249xx/CVE-2024-24927.json) (`2024-02-16T13:41:18.167`)
* [CVE-2024-23517](CVE-2024/CVE-2024-235xx/CVE-2024-23517.json) (`2024-02-16T13:41:33.563`)
* [CVE-2024-23516](CVE-2024/CVE-2024-235xx/CVE-2024-23516.json) (`2024-02-16T13:41:48.350`)
* [CVE-2024-23514](CVE-2024/CVE-2024-235xx/CVE-2024-23514.json) (`2024-02-16T13:42:03.290`)
* [CVE-2024-1405](CVE-2024/CVE-2024-14xx/CVE-2024-1405.json) (`2024-02-16T13:42:24.347`)
* [CVE-2024-21490](CVE-2024/CVE-2024-214xx/CVE-2024-21490.json) (`2024-02-16T13:42:54.890`)
* [CVE-2024-24828](CVE-2024/CVE-2024-248xx/CVE-2024-24828.json) (`2024-02-16T13:43:33.407`)
* [CVE-2024-21624](CVE-2024/CVE-2024-216xx/CVE-2024-21624.json) (`2024-02-16T13:52:53.357`)
* [CVE-2024-1404](CVE-2024/CVE-2024-14xx/CVE-2024-1404.json) (`2024-02-16T13:53:05.760`)
* [CVE-2024-23639](CVE-2024/CVE-2024-236xx/CVE-2024-23639.json) (`2024-02-16T13:53:20.800`)
* [CVE-2024-22226](CVE-2024/CVE-2024-222xx/CVE-2024-22226.json) (`2024-02-16T13:55:08.217`)
* [CVE-2024-24712](CVE-2024/CVE-2024-247xx/CVE-2024-24712.json) (`2024-02-16T14:48:04.207`)
## Download and Usage