admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-18T15:00:25.190108+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-18 15:00:28 +00:00
parent a78a1aac54
commit f28f81130f
72 changed files with 1879 additions and 212 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2021/CVE-2021-250xx/CVE-2021-25020.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-25020",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-01-03T13:15:08.957",
"lastModified": "2022-01-11T13:27:46.867",
"lastModified": "2024-01-18T14:44:33.163",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -94,9 +94,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ffw:complete_analytics_optimization_suite:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:daan:complete_analytics_optimization_suite:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.1.9",
"matchCriteriaId": "7739F2A7-8C8E-4B43-A062-4E493456C556"
"matchCriteriaId": "0950655A-F550-4056-AF69-CA28ADBC57CE"
}
]
}

8
CVE-2021/CVE-2021-44xx/CVE-2021-4433.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-4433",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-18T01:15:43.460",
"lastModified": "2024-01-18T01:15:43.460",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It has been classified as problematic. Affected is an unknown function of the component HTTP HEAD Rrequest Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250836."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Karjasoft Sami HTTP Server 2.0. Ha sido clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente HTTP HEAD Rrequest Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-250836."
}
],
"metrics": {

91
CVE-2023/CVE-2023-281xx/CVE-2023-28197.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28197",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.853",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T14:49:49.540",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,98 @@
"value": "Se solucion\u00f3 un problema de acceso con restricciones adicionales de sandbox. Este problema se solucion\u00f3 en macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.7.5",
"matchCriteriaId": "4895F6FE-9045-4243-BECA-D63037F63516"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.6.4",
"matchCriteriaId": "AE2C29D7-C8CC-4AA3-A2E4-1FE17737A98B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213675",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213677",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

129
CVE-2023/CVE-2023-323xx/CVE-2023-32366.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32366",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.897",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T14:48:05.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,140 @@
"value": "Se solucion\u00f3 un problema de escritura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 y iPadOS 16.4, iOS 15.7.4 y iPadOS 15.7.4, macOS Monterey 12.6.4. El procesamiento de un archivo de fuente puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.7.4",
"matchCriteriaId": "6342B4CB-4D7D-4FBD-8A5E-E3DABDC7770E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0",
"versionEndExcluding": "16.4",
"matchCriteriaId": "79A85DA3-B374-444F-B9A2-7E4F334C26DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.7.4",
"matchCriteriaId": "C75E4307-6CF3-4835-8E5F-96BF060658C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0",
"versionEndExcluding": "16.4",
"matchCriteriaId": "E33C3BC5-6CFC-4B58-8642-80A9FE00DB24"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.7.5",
"matchCriteriaId": "4895F6FE-9045-4243-BECA-D63037F63516"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.6.4",
"matchCriteriaId": "AE2C29D7-C8CC-4AA3-A2E4-1FE17737A98B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213673",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213675",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213677",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

91
CVE-2023/CVE-2023-323xx/CVE-2023-32378.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32378",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.943",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T14:47:06.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,98 @@
"value": "Se solucion\u00f3 un problema de use after free con una gesti\u00f3n de memoria mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios del kernel."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.7.5",
"matchCriteriaId": "4895F6FE-9045-4243-BECA-D63037F63516"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.6.4",
"matchCriteriaId": "AE2C29D7-C8CC-4AA3-A2E4-1FE17737A98B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213675",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213677",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

91
CVE-2023/CVE-2023-323xx/CVE-2023-32383.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32383",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:47.987",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T14:46:30.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,98 @@
"value": "Este problema se solucion\u00f3 forzando un runtime reforzado en los archivos binarios afectados a nivel del sistema. Este problema se solucion\u00f3 en macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Es posible que una aplicaci\u00f3n pueda inyectar c\u00f3digo en archivos binarios confidenciales incluidos con Xcode."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.7.7",
"matchCriteriaId": "BA5AB1A2-FCA0-4081-804C-687928811E50"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.6.6",
"matchCriteriaId": "057C3BDA-4822-4256-A016-4B32A05DD3B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.4",
"matchCriteriaId": "DA07361B-D827-471F-9443-4BE4265D6A3B"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213758",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213759",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213760",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

91
CVE-2023/CVE-2023-324xx/CVE-2023-32401.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32401",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.040",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T14:45:33.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,98 @@
"value": "Se solucion\u00f3 un desbordamiento de b\u00fafer mejorando la verificaci\u00f3n de l\u00edmites. Este problema se solucion\u00f3 en macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. El an\u00e1lisis de un documento de Office puede provocar la finalizaci\u00f3n inesperada de una aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.7.7",
"matchCriteriaId": "BA5AB1A2-FCA0-4081-804C-687928811E50"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.6.6",
"matchCriteriaId": "057C3BDA-4822-4256-A016-4B32A05DD3B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.4",
"matchCriteriaId": "DA07361B-D827-471F-9443-4BE4265D6A3B"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213758",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213759",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213760",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-324xx/CVE-2023-32424.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32424",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.087",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T14:44:50.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,88 @@
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en iOS 16.4 y iPadOS 16.4, watchOS 9.4. Un atacante que ya haya logrado la ejecuci\u00f3n del c\u00f3digo del kernel puede omitir las mitigaciones de memoria del kernel."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "EE68C5EC-5829-481D-BFF7-0A501018A3CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "F02C0CA5-8ABA-48C7-BCAE-5CF25435DF87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.4",
"matchCriteriaId": "B5DA93B3-CA76-4932-84EE-40445A6505EA"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213678",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-324xx/CVE-2023-32436.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32436",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.140",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T14:35:09.270",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "El problema se solucion\u00f3 con comprobaciones de l\u00edmites mejoradas. Este problema se solucion\u00f3 en macOS Ventura 13.3. Una aplicaci\u00f3n puede provocar la finalizaci\u00f3n inesperada del sistema o escribir en la memoria del kernel."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.3",
"matchCriteriaId": "F58DAF22-8807-445A-AD05-8510829526CB"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-379xx/CVE-2023-37934.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37934",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-01-10T18:15:45.823",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T13:55:37.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -50,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "1.1.0",
"matchCriteriaId": "5296F4A1-F228-451A-9B42-A418B7DCFFBA"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-226",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-386xx/CVE-2023-38610.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38610",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.357",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T14:34:34.800",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,88 @@
"value": "Se solucion\u00f3 un problema de corrupci\u00f3n de memoria eliminando el c\u00f3digo vulnerable. Este problema se solucion\u00f3 en macOS Sonoma 14, iOS 17 y iPadOS 17. Una aplicaci\u00f3n puede provocar la finalizaci\u00f3n inesperada del sistema o escribir en la memoria del kernel."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "B511B802-B0A2-412D-ADA4-8B783BDF1880"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "E22CC7F9-F302-40B1-9B02-00FBC9805199"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

108
CVE-2023/CVE-2023-386xx/CVE-2023-38612.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38612",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.403",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T14:34:06.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,119 @@
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Monterey 12.7, iOS 16.7 y iPadOS 16.7, iOS 17 y iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. Es posible que una aplicaci\u00f3n pueda acceder a datos de usuario protegidos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7",
"matchCriteriaId": "1CEB5BA1-7092-4ADE-B19F-FD34CB53CCC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7",
"matchCriteriaId": "3FC8EB94-1D4F-4CE8-83D0-9086D1EBBC8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.7",
"matchCriteriaId": "EC267D31-3DA5-4716-9160-2F997F6700A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6",
"matchCriteriaId": "7A78DA60-AE3B-4B3C-B338-97DAFABEBB1F"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213927",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213931",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213932",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-403xx/CVE-2023-40383.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40383",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.460",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T14:33:07.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Se solucion\u00f3 un problema de path handling con una validaci\u00f3n mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.3. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.3",
"matchCriteriaId": "F58DAF22-8807-445A-AD05-8510829526CB"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

95
CVE-2023/CVE-2023-403xx/CVE-2023-40385.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40385",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.503",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T14:32:30.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,102 @@
"value": "Este problema se solucion\u00f3 eliminando el c\u00f3digo vulnerable. Este problema se solucion\u00f3 en macOS Sonoma 14, Safari 17, iOS 17 y iPadOS 17. Un atacante remoto puede ver consultas de DNS filtradas con Private Relay activado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "93FB6D0F-A668-47CF-A63D-755CA3BA259A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "B511B802-B0A2-412D-ADA4-8B783BDF1880"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "E22CC7F9-F302-40B1-9B02-00FBC9805199"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213941",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-403xx/CVE-2023-40394.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40394",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.593",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T14:31:24.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,74 @@
"value": "El problema se abord\u00f3 con una validaci\u00f3n mejorada de las variables ambientales. Este problema se solucion\u00f3 en iOS 16.6 y iPadOS 16.6. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.6",
"matchCriteriaId": "F362BEC4-90C7-4305-BFF9-645FE6C52DFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.6",
"matchCriteriaId": "DB63BAC2-C756-428C-8BAC-BAD39FBE5EF4"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213841",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

119
CVE-2023/CVE-2023-404xx/CVE-2023-40414.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40414",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.687",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T14:30:39.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,130 @@
"value": "Se solucion\u00f3 un problema de use after free con una gesti\u00f3n de memoria mejorada. Este problema se solucion\u00f3 en watchOS 10, iOS 17 y iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. El procesamiento de contenido web puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "93FB6D0F-A668-47CF-A63D-755CA3BA259A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "B511B802-B0A2-412D-ADA4-8B783BDF1880"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "E22CC7F9-F302-40B1-9B02-00FBC9805199"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.0",
"matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0",
"matchCriteriaId": "93620AD0-115A-4F86-B533-76A190AF41A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0",
"matchCriteriaId": "5A079CEF-8220-487C-B114-30BCC45647D6"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213936",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213937",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213938",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213940",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213941",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-440xx/CVE-2023-44077.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-44077",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-17T20:15:50.517",
"lastModified": "2024-01-17T20:15:50.517",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:11.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka PMP-2636."
},
{
"lang": "es",
"value": "Studio Network Solutions ShareBrowser anterior a 7.0 en macOS maneja mal la verificaci\u00f3n de firmas, tambi\u00e9n conocido como PMP-2636."
}
],
"metrics": {},

66
CVE-2023/CVE-2023-442xx/CVE-2023-44250.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44250",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-01-10T18:15:46.030",
"lastModified": "2024-01-11T13:57:35.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T13:54:40.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -50,10 +70,50 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9010968B-B839-4B7C-BFB5-6BD9CBCEC166"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1491795D-14BA-4D82-9CB0-6FA7D35EB64E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "06FF7838-98E3-4022-95D3-D7B540D98D73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61540F5B-080A-4D44-8BE0-75D7A0DCCB53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17FE168A-0EA4-467C-91D2-87EB6D83917A"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-315",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-483xx/CVE-2023-48339.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48339",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:57.210",
"lastModified": "2024-01-18T03:15:57.210",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In jpg driver, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed"
},
{
"lang": "es",
"value": "En jpg driver, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del Sistema necesarios."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48340.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48340",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:57.287",
"lastModified": "2024-01-18T03:15:57.287",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En video decoder, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48341.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48341",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:57.333",
"lastModified": "2024-01-18T03:15:57.333",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En video decoder, existe una posible lectura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48342.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48342",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:57.380",
"lastModified": "2024-01-18T03:15:57.380",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In media service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed"
},
{
"lang": "es",
"value": "En media service, existe una posible escritura fuera de los l\u00edmites debido a una comprobaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local con privilegios de ejecuci\u00f3n del Sistema necesarios."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48343.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48343",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:57.430",
"lastModified": "2024-01-18T03:15:57.430",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En video decoder, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48344.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48344",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:57.470",
"lastModified": "2024-01-18T03:15:57.470",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En video decoder, existe una posible lectura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48345.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48345",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:57.520",
"lastModified": "2024-01-18T03:15:57.520",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En video decoder, existe una posible lectura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48346.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48346",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:57.560",
"lastModified": "2024-01-18T03:15:57.560",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In video decoder, there is a possible improper input validation. This could lead to local denial of service with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En video decoder, existe una posible validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48347.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48347",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:57.607",
"lastModified": "2024-01-18T03:15:57.607",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En video decoder, existe una posible lectura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48348.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48348",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:57.650",
"lastModified": "2024-01-18T03:15:57.650",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En video decoder, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48349.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48349",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:57.693",
"lastModified": "2024-01-18T03:15:57.693",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En video decoder, existe una posible escritura fuera de los l\u00edmites debido a una comprobaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48350.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48350",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:57.737",
"lastModified": "2024-01-18T03:15:57.737",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En video decoder, existe una posible escritura fuera de los l\u00edmites debido a una comprobaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48351.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48351",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:57.850",
"lastModified": "2024-01-18T03:15:57.850",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En video decoder, existe una posible escritura fuera de los l\u00edmites debido a una comprobaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48352.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48352",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:57.917",
"lastModified": "2024-01-18T03:15:57.917",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In phasecheckserver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En Phasecheckserver, existe una posible escritura fuera de los l\u00edmites debido a una comprobaci\u00f3n de l\u00edmites faltante. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48353.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48353",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:57.960",
"lastModified": "2024-01-18T03:15:57.960",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In vsp driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed"
},
{
"lang": "es",
"value": "En vsp driver, existe un posible use after free debido a un error l\u00f3gico. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local con privilegios de ejecuci\u00f3n del Sistema necesarios."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48354.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48354",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:58.013",
"lastModified": "2024-01-18T03:15:58.013",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In telephone service, there is a possible improper input validation. This could lead to local information disclosure with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En telephone service existe una posible validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48355.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48355",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:58.063",
"lastModified": "2024-01-18T03:15:58.063",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed"
},
{
"lang": "es",
"value": "En jpg driver, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local con privilegios de ejecuci\u00f3n del sistema necesarios."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48356.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48356",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:58.107",
"lastModified": "2024-01-18T03:15:58.107",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed"
},
{
"lang": "es",
"value": "En jpg driver, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local con privilegios de ejecuci\u00f3n del sistema necesarios."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48357.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48357",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:58.150",
"lastModified": "2024-01-18T03:15:58.150",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In vsp driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed"
},
{
"lang": "es",
"value": "En vsp driver, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltante. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local con privilegios de ejecuci\u00f3n del sistema necesarios."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48358.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48358",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:58.193",
"lastModified": "2024-01-18T03:15:58.193",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In drm driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed"
},
{
"lang": "es",
"value": "En drm driver, existe una posible escritura fuera de los l\u00edmites debido a una comprobaci\u00f3n de l\u00edmites faltante. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local con privilegios de ejecuci\u00f3n del sistema necesarios."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-483xx/CVE-2023-48359.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48359",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-01-18T03:15:58.237",
"lastModified": "2024-01-18T03:15:58.237",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In autotest driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges needed"
},
{
"lang": "es",
"value": "En autotest driver, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local con privilegios de ejecuci\u00f3n del sistema necesarios."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-488xx/CVE-2023-48858.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-48858",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-17T20:15:50.573",
"lastModified": "2024-01-17T20:15:50.573",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:11.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary web script or HTML via the login.php? URL part."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-site scripting (XSS) en el c\u00f3digo PHP de la p\u00e1gina de inicio de sesi\u00f3n en Armex ABO.CMS 5.9 permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n a trav\u00e9s de la parte de URL login.php?."
}
],
"metrics": {},

27
CVE-2023/CVE-2023-501xx/CVE-2023-50172.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50172",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:49.583",
"lastModified": "2024-01-12T18:15:46.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T14:28:59.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*",
"matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-514xx/CVE-2023-51463.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51463",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-01-18T11:15:08.173",
"lastModified": "2024-01-18T11:15:08.173",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-514xx/CVE-2023-51464.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51464",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-01-18T11:15:08.827",
"lastModified": "2024-01-18T11:15:08.827",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-58xx/CVE-2023-5806.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5806",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-01-18T13:15:08.770",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection.This issue affects Quality Management System: before v1.2.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"inyecci\u00f3n SQL\") en Mergen Software Quality Management System permite la inyecci\u00f3n SQL. Este problema afecta a Quality Management System: anterior a v1.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0040",
"source": "iletisim@usom.gov.tr"
}
]
}

8
CVE-2023/CVE-2023-59xx/CVE-2023-5914.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5914",
"sourceIdentifier": "secure@citrix.com",
"published": "2024-01-17T21:15:11.413",
"lastModified": "2024-01-17T21:15:11.413",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:11.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\u00a0 Cross-site scripting (XSS)"
},
{
"lang": "es",
"value": "Cross-site scripting (XSS)"
}
],
"metrics": {

8
CVE-2023/CVE-2023-61xx/CVE-2023-6184.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6184",
"sourceIdentifier": "secure@citrix.com",
"published": "2024-01-18T01:15:43.723",
"lastModified": "2024-01-18T01:15:43.723",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting"
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross Site Scripting en Citrix Session Recording permite al atacante realizar Cross Site Scripting"
}
],
"metrics": {

8
CVE-2023/CVE-2023-63xx/CVE-2023-6340.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6340",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2024-01-18T00:15:38.080",
"lastModified": "2024-01-18T00:15:38.080",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SonicWall Capture Client version 3.7.10,\u00a0NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability."
},
{
"lang": "es",
"value": "SonicWall Capture Client versi\u00f3n 3.7.10, NetExtender client versi\u00f3n 10.2.337 y versiones anteriores se instalan con el controlador sfpmonitor.sys. Se ha descubierto que el controlador es vulnerable a la denegaci\u00f3n de servicio (DoS) causada por una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-65xx/CVE-2023-6548.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6548",
"sourceIdentifier": "secure@citrix.com",
"published": "2024-01-17T20:15:50.627",
"lastModified": "2024-01-18T03:15:59.157",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:11.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway\u00a0allows an attacker with\u00a0access\u00a0to NSIP, CLIP or SNIP with management interface to perform\u00a0Authenticated (low privileged) remote code execution on Management Interface."
},
{
"lang": "es",
"value": "El control inadecuado de la generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en NetScaler ADC y NetScaler Gateway permite a un atacante con acceso a NSIP, CLIP o SNIP con interfaz de administraci\u00f3n realizar una ejecuci\u00f3n remota de c\u00f3digo autenticado (con privilegios bajos) en Management Interface."
}
],
"metrics": {

8
CVE-2023/CVE-2023-65xx/CVE-2023-6549.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6549",
"sourceIdentifier": "secure@citrix.com",
"published": "2024-01-17T21:15:11.690",
"lastModified": "2024-01-18T03:15:59.360",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:11.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service \n"
},
{
"lang": "es",
"value": "La restricci\u00f3n inadecuada de las operaciones dentro de los l\u00edmites de un b\u00fafer de memoria en NetScaler ADC y NetScaler Gateway permite una denegaci\u00f3n de servicio no autenticada"
}
],
"metrics": {

4
CVE-2023/CVE-2023-68xx/CVE-2023-6816.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6816",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T05:15:08.607",
"lastModified": "2024-01-18T12:15:07.947",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-69xx/CVE-2023-6958.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6958",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-18T08:15:39.493",
"lastModified": "2024-01-18T08:15:39.493",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento WP Recipe Maker para WordPress es vulnerable a las Cross-Site Scripting Almacenado a trav\u00e9s de los c\u00f3digos cortos del complemento en todas las versiones hasta la 9.1.0 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2023/CVE-2023-69xx/CVE-2023-6970.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6970",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-18T08:15:39.780",
"lastModified": "2024-01-18T08:15:39.780",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento WP Recipe Maker para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del encabezado 'Referer' en todas las versiones hasta la 9.1.0 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2024/CVE-2024-03xx/CVE-2024-0381.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0381",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-18T08:15:40.000",
"lastModified": "2024-01-18T08:15:40.000",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento WP Recipe Maker para WordPress es vulnerable a Cross-Site Scripting almacenado mediante el uso del atributo 'tag' en los c\u00f3digos cortos wprm-recipe-name, wprm-recipe-date y wprm-recipe-counter en todas las versiones hasta 9.1.0, incluido. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

12
CVE-2024/CVE-2024-05xx/CVE-2024-0565.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0565",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-15T20:15:43.630",
"lastModified": "2024-01-16T13:56:05.467",
"lastModified": "2024-01-18T13:15:09.000",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -21,8 +21,8 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
@ -30,10 +30,10 @@
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]

4
CVE-2024/CVE-2024-05xx/CVE-2024-0580.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0580",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-18T09:15:07.960",
"lastModified": "2024-01-18T09:15:07.960",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-06xx/CVE-2024-0648.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0648",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-17T23:15:08.197",
"lastModified": "2024-01-17T23:15:08.197",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:11.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. This vulnerability affects unknown code of the file /app/index/controller/Common.php. The manipulation of the argument templateFile leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251374 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Yunyou CMS hasta 2.2.6 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo /app/index/controller/Common.php. La manipulaci\u00f3n del argumento templateFile conduce a una carga sin restricciones. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-251374 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-06xx/CVE-2024-0649.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0649",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-17T23:15:08.660",
"lastModified": "2024-01-17T23:15:08.660",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:11.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ZhiHuiYun up to 4.4.13 and classified as critical. This issue affects the function download_network_image of the file /app/Http/Controllers/ImageController.php of the component Search. The manipulation of the argument url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251375."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en ZhiHuiYun hasta 4.4.13 y clasificada como cr\u00edtica. Este problema afecta la funci\u00f3n download_network_image del archivo /app/Http/Controllers/ImageController.php del componente Search. La manipulaci\u00f3n del argumento URL conduce a server-side request forgery.. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-251375."
}
],
"metrics": {

8
CVE-2024/CVE-2024-06xx/CVE-2024-0650.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0650",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-18T00:15:38.183",
"lastModified": "2024-01-18T00:15:38.183",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Project Worlds Visitor Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file dataset.php of the component URL Handler. The manipulation of the argument name with the input \"><script>alert('torada')</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251376."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Project Worlds Visitor Management System 1.0. Ha sido clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo dataset.php del componente URL Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento name con la entrada \"&gt; conduce a cross site scripting. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n se ha divulgado al p\u00fablico y puede ser utilizada. El identificador de esta vulnerabilidad es VDB-251376."
}
],
"metrics": {

8
CVE-2024/CVE-2024-06xx/CVE-2024-0651.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0651",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-18T01:15:43.890",
"lastModified": "2024-01-18T01:15:43.890",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search-visitor.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251377 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en PHPGurukul Company Visitor Management System 1.0. Ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo search-visitor.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-251377."
}
],
"metrics": {

8
CVE-2024/CVE-2024-06xx/CVE-2024-0652.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0652",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-18T01:15:44.133",
"lastModified": "2024-01-18T01:15:44.133",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file search-visitor.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251378 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en PHPGurukul Company Visitor Management System 1.0. Ha sido calificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo search-visitor.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a cross site scripting. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-251378 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-06xx/CVE-2024-0654.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0654",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-18T01:15:44.347",
"lastModified": "2024-01-18T01:15:44.347",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Affected is an unknown function of the file mainscripts/Util.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-251382 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en DeepFaceLab preentrenado DF.wf.288res.384.92.72.22 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo mainscripts/Util.py es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la deserializaci\u00f3n. Se requiere acceso local para abordar este ataque. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-251382 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-06xx/CVE-2024-0655.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0655",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-18T03:15:59.433",
"lastModified": "2024-01-18T03:15:59.433",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Novel-Plus 4.3.0-RC1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /novel/bookSetting/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251383."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Novel-Plus 4.3.0-RC1 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /novel/bookSetting/list es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento sort conduce a la inyecci\u00f3n de SQL. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-251383."
}
],
"metrics": {

59
CVE-2024/CVE-2024-06xx/CVE-2024-0669.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0669",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-18T13:15:09.177",
"lastModified": "2024-01-18T13:41:52.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de Cross-Frame Scripting en Plone CMS que afecta a la versi\u00f3n inferior a 6.0.5. Un atacante podr\u00eda almacenar una URL maliciosa para que la abra un administrador y ejecutar un elemento iframe malicioso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms",
"source": "cve-coordination@incibe.es"
}
]
}

59
CVE-2024/CVE-2024-216xx/CVE-2024-21666.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21666",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-11T01:15:45.623",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T13:20:45.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:customer_management_framework:*:*:*:*:*:pimcore:*:*",
"versionEndExcluding": "4.0.6",
"matchCriteriaId": "09473711-86C6-485C-B865-015EEF9172BE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/customer-data-framework/blob/b4af625ef327c58d05ef7cdf145fa749d2d4195e/src/Controller/Admin/DuplicatesController.php#L43",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/pimcore/customer-data-framework/commit/c33c0048390ef0cf98b801d46a81d0762243baa6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-c38c-c8mh-vq68",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
}
]
}

58
CVE-2024/CVE-2024-216xx/CVE-2024-21667.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21667",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-11T01:15:45.810",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T13:12:45.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:customer_management_framework:*:*:*:*:*:pimcore:*:*",
"versionEndExcluding": "4.0.6",
"matchCriteriaId": "09473711-86C6-485C-B865-015EEF9172BE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/customer-data-framework/blob/b4af625ef327c58d05ef7cdf145fa749d2d4195e/src/Controller/Admin/GDPRDataController.php#L38",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/pimcore/customer-data-framework/commit/6c34515be2ba39dceee7da07a1abf246309ccd77",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-g273-wppx-82w4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

58
CVE-2024/CVE-2024-221xx/CVE-2024-22190.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22190",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-11T02:15:48.250",
"lastModified": "2024-01-11T13:57:26.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-18T13:48:07.553",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitpython_project:gitpython:*:*:*:*:*:python:*:*",
"versionEndExcluding": "3.1.41",
"matchCriteriaId": "3EFC0264-B10D-4EAA-B78B-FDDEE26A4B8A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/gitpython-developers/GitPython/pull/1792",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-223xx/CVE-2024-22317.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-22317",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-01-18T14:15:07.970",
"lastModified": "2024-01-18T14:15:07.970",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279143",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7108661",
"source": "psirt@us.ibm.com"
}
]
}

8
CVE-2024/CVE-2024-224xx/CVE-2024-22410.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22410",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-17T21:15:11.887",
"lastModified": "2024-01-17T21:15:11.887",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:11.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute arbitrary code. It is the view of the blockchain development team that the threat posed by a hypothetical binary planting attack is minimal and represents a low-security risk. The vulnerable DLL files are from the Windows networking subsystem, the Visual C++ runtime, and low-level cryptographic primitives. Collectively these dependencies are required for a large ecosystem of applications, ranging from enterprise-level security applications to game engines, and don\u2019t represent a fundamental lack of security or oversight in the design and implementation of Creditcoin. The blockchain team takes the stance that running Creditcoin on Windows is officially unsupported and at best should be thought of as experimental."
},
{
"lang": "es",
"value": "Creditcoin es una red que permite transacciones de cr\u00e9dito entre blockchain. El binario de Windows del nodo Creditcoin carga un conjunto de archivos DLL proporcionados por Microsoft al inicio. Si un usuario malintencionado tiene acceso para sobrescribir el directorio de archivos del programa, es posible reemplazar estas DLL y ejecutar c\u00f3digo arbitrario. La opini\u00f3n del equipo de desarrollo de blockchain es que la amenaza que plantea un hipot\u00e9tico ataque de plantaci\u00f3n binaria es m\u00ednima y representa un riesgo de baja seguridad. Los archivos DLL vulnerables provienen del subsistema de red de Windows, el runtime de Visual C++ y primitivas criptogr\u00e1ficas de bajo nivel. En conjunto, estas dependencias son necesarias para un gran ecosistema de aplicaciones, que van desde aplicaciones de seguridad de nivel empresarial hasta motores de juegos, y no representan una falta fundamental de seguridad o supervisi\u00f3n en el dise\u00f1o e implementaci\u00f3n de Creditcoin. El equipo de blockchain adopta la postura de que ejecutar Creditcoin en Windows no es oficialmente compatible y, en el mejor de los casos, deber\u00eda considerarse experimental."
}
],
"metrics": {

8
CVE-2024/CVE-2024-224xx/CVE-2024-22414.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22414",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-17T21:15:12.100",
"lastModified": "2024-01-17T21:15:12.100",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:11.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the `/user/<user>` page allows a user's comments to execute arbitrary javascript code. The html template `user.html` contains the following code snippet to render comments made by a user: `<div class=\"content\" tag=\"content\">{{comment[2]|safe}}</div>`. Use of the \"safe\" tag causes flask to _not_ escape the rendered content. To remediate this, simply remove the `|safe` tag from the HTML above. No fix is is available and users are advised to manually edit their installation."
},
{
"lang": "es",
"value": "flaskBlog es una aplicaci\u00f3n de blog sencilla creada con Flask. El almacenamiento y la representaci\u00f3n inadecuados de la p\u00e1gina `/user/` permiten que los comentarios de un usuario ejecuten c\u00f3digo javascript arbitrario. La plantilla html `user.html` contiene el siguiente fragmento de c\u00f3digo para representar los comentarios realizados por un usuario: `{{comment[2]|safe}}` . El uso de la etiqueta \"safe\" hace que flask _not_ escape del contenido renderizado. Para remediar esto, simplemente elimine la etiqueta `|safe` del HTML anterior. No hay ninguna soluci\u00f3n disponible y se recomienda a los usuarios que editen manualmente su instalaci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-224xx/CVE-2024-22416.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22416",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-18T00:15:38.397",
"lastModified": "2024-01-18T00:15:38.397",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade."
},
{
"lang": "es",
"value": "pyLoad es un administrador de descargas gratuito y de c\u00f3digo abierto escrito en Python puro. La API `pyload` permite realizar cualquier llamada a la API mediante solicitudes GET. Dado que la cookie de sesi\u00f3n no est\u00e1 configurada en \"SameSite: strict\", esto abre la librer\u00eda a graves posibilidades de ataque a trav\u00e9s de un ataque de Cross-Site Request Forgery (CSRF). Como resultado, cualquier llamada a la API puede realizarse mediante un ataque CSRF por parte de un usuario no autenticado. Este problema se solucion\u00f3 en la versi\u00f3n `0.5.0b3.dev78`. Se recomienda a todos los usuarios que actualicen."
}
],
"metrics": {

4
CVE-2024/CVE-2024-235xx/CVE-2024-23525.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23525",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-18T00:15:38.590",
"lastModified": "2024-01-18T12:15:08.110",
"vulnStatus": "Received",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

42
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-18T13:00:24.492725+00:00
2024-01-18T15:00:25.190108+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-18T12:15:08.110000+00:00
2024-01-18T14:49:49.540000+00:00
```
### Last Data Feed Release
@ -29,23 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236288
236291
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `3`
* [CVE-2023-51463](CVE-2023/CVE-2023-514xx/CVE-2023-51463.json) (`2024-01-18T11:15:08.173`)
* [CVE-2023-51464](CVE-2023/CVE-2023-514xx/CVE-2023-51464.json) (`2024-01-18T11:15:08.827`)
* [CVE-2023-5806](CVE-2023/CVE-2023-58xx/CVE-2023-5806.json) (`2024-01-18T13:15:08.770`)
* [CVE-2024-0669](CVE-2024/CVE-2024-06xx/CVE-2024-0669.json) (`2024-01-18T13:15:09.177`)
* [CVE-2024-22317](CVE-2024/CVE-2024-223xx/CVE-2024-22317.json) (`2024-01-18T14:15:07.970`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `68`
* [CVE-2023-6816](CVE-2023/CVE-2023-68xx/CVE-2023-6816.json) (`2024-01-18T12:15:07.947`)
* [CVE-2024-23525](CVE-2024/CVE-2024-235xx/CVE-2024-23525.json) (`2024-01-18T12:15:08.110`)
* [CVE-2023-38610](CVE-2023/CVE-2023-386xx/CVE-2023-38610.json) (`2024-01-18T14:34:34.800`)
* [CVE-2023-32436](CVE-2023/CVE-2023-324xx/CVE-2023-32436.json) (`2024-01-18T14:35:09.270`)
* [CVE-2023-32424](CVE-2023/CVE-2023-324xx/CVE-2023-32424.json) (`2024-01-18T14:44:50.053`)
* [CVE-2023-32401](CVE-2023/CVE-2023-324xx/CVE-2023-32401.json) (`2024-01-18T14:45:33.753`)
* [CVE-2023-32383](CVE-2023/CVE-2023-323xx/CVE-2023-32383.json) (`2024-01-18T14:46:30.137`)
* [CVE-2023-32378](CVE-2023/CVE-2023-323xx/CVE-2023-32378.json) (`2024-01-18T14:47:06.280`)
* [CVE-2023-32366](CVE-2023/CVE-2023-323xx/CVE-2023-32366.json) (`2024-01-18T14:48:05.697`)
* [CVE-2023-28197](CVE-2023/CVE-2023-281xx/CVE-2023-28197.json) (`2024-01-18T14:49:49.540`)
* [CVE-2024-21667](CVE-2024/CVE-2024-216xx/CVE-2024-21667.json) (`2024-01-18T13:12:45.593`)
* [CVE-2024-0565](CVE-2024/CVE-2024-05xx/CVE-2024-0565.json) (`2024-01-18T13:15:09.000`)
* [CVE-2024-21666](CVE-2024/CVE-2024-216xx/CVE-2024-21666.json) (`2024-01-18T13:20:45.647`)
* [CVE-2024-0655](CVE-2024/CVE-2024-06xx/CVE-2024-0655.json) (`2024-01-18T13:41:52.450`)
* [CVE-2024-0381](CVE-2024/CVE-2024-03xx/CVE-2024-0381.json) (`2024-01-18T13:41:52.450`)
* [CVE-2024-0580](CVE-2024/CVE-2024-05xx/CVE-2024-0580.json) (`2024-01-18T13:41:52.450`)
* [CVE-2024-0650](CVE-2024/CVE-2024-06xx/CVE-2024-0650.json) (`2024-01-18T13:42:01.673`)
* [CVE-2024-22416](CVE-2024/CVE-2024-224xx/CVE-2024-22416.json) (`2024-01-18T13:42:01.673`)
* [CVE-2024-23525](CVE-2024/CVE-2024-235xx/CVE-2024-23525.json) (`2024-01-18T13:42:01.673`)
* [CVE-2024-0651](CVE-2024/CVE-2024-06xx/CVE-2024-0651.json) (`2024-01-18T13:42:01.673`)
* [CVE-2024-0652](CVE-2024/CVE-2024-06xx/CVE-2024-0652.json) (`2024-01-18T13:42:01.673`)
* [CVE-2024-0654](CVE-2024/CVE-2024-06xx/CVE-2024-0654.json) (`2024-01-18T13:42:01.673`)
* [CVE-2024-22410](CVE-2024/CVE-2024-224xx/CVE-2024-22410.json) (`2024-01-18T13:42:11.613`)
* [CVE-2024-22414](CVE-2024/CVE-2024-224xx/CVE-2024-22414.json) (`2024-01-18T13:42:11.613`)
* [CVE-2024-0648](CVE-2024/CVE-2024-06xx/CVE-2024-0648.json) (`2024-01-18T13:42:11.613`)
* [CVE-2024-0649](CVE-2024/CVE-2024-06xx/CVE-2024-0649.json) (`2024-01-18T13:42:11.613`)
* [CVE-2024-22190](CVE-2024/CVE-2024-221xx/CVE-2024-22190.json) (`2024-01-18T13:48:07.553`)
## Download and Usage