Auto-Update: 2024-11-18T19:00:29.543584+00:00

fkie-cad · Nov 18, 2024 · 88fca70 · 88fca70
1 parent bb009e8
commit 88fca70
Show file tree

Hide file tree

Showing 420 changed files with 5,494 additions and 1,420 deletions.
diff --git a/CVE-2015/CVE-2015-201xx/CVE-2015-20111.json b/CVE-2015/CVE-2015-201xx/CVE-2015-20111.json
@@ -2,16 +2,55 @@
   "id": "CVE-2015-20111",
   "sourceIdentifier": "[email protected]",
   "published": "2024-11-18T04:15:03.987",
-  "lastModified": "2024-11-18T04:15:03.987",
-  "vulnStatus": "Received",
+  "lastModified": "2024-11-18T17:35:00.977",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. In Bitcoin Core before 0.12, remote code execution was possible in conjunction with CVE-2015-6031 exploitation."
+    },
+    {
+      "lang": "es",
+      "value": "En las versiones anteriores a 4c90b87 de Bitcoin Core y otros productos, la ejecuci\u00f3n remota de c\u00f3digo no se puede realizar junto con la explotaci\u00f3n de CVE-2015-6031."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-120"
+        }
+      ]
     }
   ],
-  "metrics": {},
   "references": [
     {
       "url": "https://bitcoincore.org/en/2024/07/03/disclose_upnp_rce/",

diff --git a/CVE-2017/CVE-2017-133xx/CVE-2017-13309.json b/CVE-2017/CVE-2017-133xx/CVE-2017-13309.json
@@ -2,13 +2,17 @@
   "id": "CVE-2017-13309",
   "sourceIdentifier": "[email protected]",
   "published": "2024-11-15T21:15:05.980",
-  "lastModified": "2024-11-15T21:35:00.833",
-  "vulnStatus": "Received",
+  "lastModified": "2024-11-18T17:11:56.587",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "In readEncryptedData of ConscryptEngine.java, there is a possible plaintext leak due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
+    },
+    {
+      "lang": "es",
+      "value": "En readEncryptedData de ConscryptEngine.java, existe una posible fuga de texto plano debido a un cifrado utilizado incorrectamente. Esto podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
     }
   ],
   "metrics": {

diff --git a/CVE-2017/CVE-2017-133xx/CVE-2017-13310.json b/CVE-2017/CVE-2017-133xx/CVE-2017-13310.json
@@ -2,13 +2,17 @@
   "id": "CVE-2017-13310",
   "sourceIdentifier": "[email protected]",
   "published": "2024-11-15T22:15:14.177",
-  "lastModified": "2024-11-15T22:15:14.177",
-  "vulnStatus": "Received",
+  "lastModified": "2024-11-18T17:11:56.587",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation."
+    },
+    {
+      "lang": "es",
+      "value": "En createFromParcel de ViewPager.java, existe un posible problema de serializaci\u00f3n de lectura/escritura que conduce a una omisi\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios donde una aplicaci\u00f3n puede iniciar una actividad con privilegios del sistema sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
     }
   ],
   "metrics": {},

diff --git a/CVE-2017/CVE-2017-133xx/CVE-2017-13311.json b/CVE-2017/CVE-2017-133xx/CVE-2017-13311.json
@@ -2,13 +2,17 @@
   "id": "CVE-2017-13311",
   "sourceIdentifier": "[email protected]",
   "published": "2024-11-15T22:15:14.240",
-  "lastModified": "2024-11-15T22:15:14.240",
-  "vulnStatus": "Received",
+  "lastModified": "2024-11-18T17:11:56.587",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "In the read() function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation."
+    },
+    {
+      "lang": "es",
+      "value": "En la funci\u00f3n read() de ProcessStats.java, existe un posible problema de serializaci\u00f3n de lectura/escritura que conduce a una omisi\u00f3n de permisos. Esto podr\u00eda provocar una escalada local de privilegios donde una aplicaci\u00f3n puede iniciar una actividad con privilegios del sistema sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
     }
   ],
   "metrics": {},

diff --git a/CVE-2017/CVE-2017-133xx/CVE-2017-13312.json b/CVE-2017/CVE-2017-133xx/CVE-2017-13312.json
@@ -2,13 +2,17 @@
   "id": "CVE-2017-13312",
   "sourceIdentifier": "[email protected]",
   "published": "2024-11-15T22:15:14.300",
-  "lastModified": "2024-11-15T22:15:14.300",
-  "vulnStatus": "Received",
+  "lastModified": "2024-11-18T17:11:56.587",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation."
+    },
+    {
+      "lang": "es",
+      "value": "En createFromParcel de MediaCas.java, existe una posible discrepancia entre la lectura y la escritura de paquetes debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una escalada local de privilegios, donde una aplicaci\u00f3n puede iniciar una actividad con privilegios del sistema sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
     }
   ],
   "metrics": {},

diff --git a/CVE-2017/CVE-2017-133xx/CVE-2017-13313.json b/CVE-2017/CVE-2017-133xx/CVE-2017-13313.json
@@ -2,13 +2,17 @@
   "id": "CVE-2017-13313",
   "sourceIdentifier": "[email protected]",
   "published": "2024-11-15T22:15:14.373",
-  "lastModified": "2024-11-15T22:15:14.373",
-  "vulnStatus": "Received",
+  "lastModified": "2024-11-18T17:11:56.587",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation."
+    },
+    {
+      "lang": "es",
+      "value": "En ElementaryStreamQueue::dequeueAccessUnitMPEG4Video de ESQueue.cpp, existe un posible bucle infinito que conduce al agotamiento de los recursos debido a una comprobaci\u00f3n incorrecta de los l\u00edmites. Esto podr\u00eda provocar una denegaci\u00f3n de servicio remota sin necesidad de privilegios de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
     }
   ],
   "metrics": {},

diff --git a/CVE-2017/CVE-2017-133xx/CVE-2017-13314.json b/CVE-2017/CVE-2017-133xx/CVE-2017-13314.json
@@ -2,13 +2,17 @@
   "id": "CVE-2017-13314",
   "sourceIdentifier": "[email protected]",
   "published": "2024-11-15T22:15:14.440",
-  "lastModified": "2024-11-15T22:15:14.440",
-  "vulnStatus": "Received",
+  "lastModified": "2024-11-18T17:11:56.587",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. User interaction is not needed for exploitation."
+    },
+    {
+      "lang": "es",
+      "value": "En setAllowOnlyVpnForUids de NetworkManagementService.java, existe una posible omisi\u00f3n de la configuraci\u00f3n de seguridad debido a la falta de una verificaci\u00f3n de permisos. Esto podr\u00eda provocar una escalada local de privilegios que permita a los usuarios acceder a redes que no sean VPN, cuando se supone que deben estar restringidos a las redes VPN, sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
     }
   ],
   "metrics": {},

diff --git a/CVE-2019/CVE-2019-252xx/CVE-2019-25220.json b/CVE-2019/CVE-2019-252xx/CVE-2019-25220.json
@@ -2,16 +2,55 @@
   "id": "CVE-2019-25220",
   "sourceIdentifier": "[email protected]",
   "published": "2024-11-18T04:15:04.107",
-  "lastModified": "2024-11-18T04:15:04.107",
-  "vulnStatus": "Received",
+  "lastModified": "2024-11-18T17:35:01.780",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a \"Chain Width Expansion\" attack) because a node does not first verify that a presented chain has enough work before committing to store it."
+    },
+    {
+      "lang": "es",
+      "value": "Bitcoin Core anterior a 24.0.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (falla del demonio) a trav\u00e9s de una inundaci\u00f3n de cadenas de encabezado de baja dificultad (tambi\u00e9n conocido como un ataque de \"expansi\u00f3n del ancho de la cadena\") porque un nodo no verifica primero que una cadena presentada tenga suficiente trabajo antes de comprometerse a almacenarla."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-770"
+        }
+      ]
     }
   ],
-  "metrics": {},
   "references": [
     {
       "url": "https://bitcoincore.org/en/2024/09/18/disclose-headers-oom",

diff --git a/CVE-2020/CVE-2020-257xx/CVE-2020-25720.json b/CVE-2020/CVE-2020-257xx/CVE-2020-25720.json
@@ -2,13 +2,17 @@
   "id": "CVE-2020-25720",
   "sourceIdentifier": "[email protected]",
   "published": "2024-11-17T11:15:04.320",
-  "lastModified": "2024-11-17T11:15:04.320",
-  "vulnStatus": "Received",
+  "lastModified": "2024-11-18T17:11:17.393",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks."
+    },
+    {
+      "lang": "es",
+      "value": "Se encontr\u00f3 una vulnerabilidad en Samba donde un administrador delegado con permiso para crear objetos en Active Directory puede escribir en todos los atributos del objeto reci\u00e9n creado, incluidos los atributos sensibles a la seguridad, incluso despu\u00e9s de la creaci\u00f3n del objeto. Este problema se produce porque el administrador es el propietario del objeto debido a la falta de una lista de control de acceso (ACL) en el momento de la creaci\u00f3n y, posteriormente, se lo reconoce como el \"propietario creador\". Es posible que no se comprendan bien los derechos importantes que conserva el administrador delegado, lo que puede provocar una escalada de privilegios no deseada o riesgos de seguridad."
     }
   ],
   "metrics": {

diff --git a/CVE-2020/CVE-2020-260xx/CVE-2020-26062.json b/CVE-2020/CVE-2020-260xx/CVE-2020-26062.json
@@ -2,13 +2,17 @@
   "id": "CVE-2020-26062",
   "sourceIdentifier": "[email protected]",
   "published": "2024-11-18T16:15:05.170",
-  "lastModified": "2024-11-18T16:15:05.170",
-  "vulnStatus": "Received",
+  "lastModified": "2024-11-18T17:11:17.393",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability in Cisco&nbsp;Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application.\r\nThe vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad en Cisco Integrated Management Controller podr\u00eda permitir que un atacante remoto no autenticado enumere nombres de usuario v\u00e1lidos dentro de la aplicaci\u00f3n vulnerable. La vulnerabilidad se debe a diferencias en las respuestas de autenticaci\u00f3n enviadas desde la aplicaci\u00f3n como parte de un intento de autenticaci\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando solicitudes de autenticaci\u00f3n a la aplicaci\u00f3n afectada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante confirmar los nombres de las cuentas de usuario administrativas para usarlas en ataques posteriores. No existen workarounds que aborden esta vulnerabilidad."
     }
   ],
   "metrics": {

diff --git a/CVE-2020/CVE-2020-260xx/CVE-2020-26063.json b/CVE-2020/CVE-2020-260xx/CVE-2020-26063.json
@@ -2,13 +2,17 @@
   "id": "CVE-2020-26063",
   "sourceIdentifier": "[email protected]",
   "published": "2024-11-18T16:15:05.460",
-  "lastModified": "2024-11-18T16:15:05.460",
-  "vulnStatus": "Received",
+  "lastModified": "2024-11-18T17:11:17.393",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "A vulnerability in the API endpoints of Cisco&nbsp;Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization.\r\nThe vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affected system.There are no workarounds that address this vulnerability."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad en los puntos finales de API de Cisco Integrated Management Controller podr\u00eda permitir que un atacante remoto autenticado omita la autorizaci\u00f3n y realice acciones en un sistema vulnerable sin autorizaci\u00f3n. La vulnerabilidad se debe a comprobaciones de autorizaci\u00f3n incorrectas en los endpoints de API. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando solicitudes maliciosas a un endpoint de API. Una vulnerabilidad podr\u00eda permitir al atacante descargar archivos o modificar opciones de configuraci\u00f3n limitadas en el sistema afectado. No existen workarounds que aborden esta vulnerabilidad."
     }
   ],
   "metrics": {

diff --git a/CVE-2020/CVE-2020-260xx/CVE-2020-26066.json b/CVE-2020/CVE-2020-260xx/CVE-2020-26066.json
@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2020-26066",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-11-18T17:15:09.437",
+  "lastModified": "2024-11-18T17:15:09.437",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability in the web UI of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system.\r\nThe vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-611"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD",
+      "source": "[email protected]"
+    }
+  ]
+}