diff --git a/2023/25xxx/CVE-2023-25030.json b/2023/25xxx/CVE-2023-25030.json index e9b9d05193d..4f9ac3fd6c0 100644 --- a/2023/25xxx/CVE-2023-25030.json +++ b/2023/25xxx/CVE-2023-25030.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25030", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Buy Me a Coffee", + "product": { + "product_data": [ + { + "product_name": "Buy Me a Coffee", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.8", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.7", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/buymeacoffee/wordpress-buy-me-a-coffee-plugin-3-7-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/buymeacoffee/wordpress-buy-me-a-coffee-plugin-3-7-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.8 or a higher version." + } + ], + "value": "Update to 3.8 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/38xxx/CVE-2023-38395.json b/2023/38xxx/CVE-2023-38395.json index 8e832cbc5fd..89065dd00ff 100644 --- a/2023/38xxx/CVE-2023-38395.json +++ b/2023/38xxx/CVE-2023-38395.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38395", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Afzal Multani WP Clone Menu.This issue affects WP Clone Menu: from n/a through 1.0.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Afzal Multani", + "product": { + "product_data": [ + { + "product_name": "WP Clone Menu", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/clone-menu/wordpress-wp-clone-menu-plugin-1-0-1-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/clone-menu/wordpress-wp-clone-menu-plugin-1-0-1-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/40xxx/CVE-2023-40209.json b/2023/40xxx/CVE-2023-40209.json index 1ebbdcb0f84..7a1bacca85d 100644 --- a/2023/40xxx/CVE-2023-40209.json +++ b/2023/40xxx/CVE-2023-40209.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40209", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Himalaya Saxena", + "product": { + "product_data": [ + { + "product_name": "Highcompress Image Compressor", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "6.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/high-compress/wordpress-highcompress-image-compressor-plugin-4-0-0-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/high-compress/wordpress-highcompress-image-compressor-plugin-4-0-0-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/40xxx/CVE-2023-40603.json b/2023/40xxx/CVE-2023-40603.json index 1c707da537b..053dd6706c9 100644 --- a/2023/40xxx/CVE-2023-40603.json +++ b/2023/40xxx/CVE-2023-40603.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40603", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Gangesh Matta Simple Org Chart.This issue affects Simple Org Chart: from n/a through 2.3.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Gangesh Matta", + "product": { + "product_data": [ + { + "product_name": "Simple Org Chart", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/simple-org-chart/wordpress-simple-org-chart-plugin-2-3-4-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/simple-org-chart/wordpress-simple-org-chart-plugin-2-3-4-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/40xxx/CVE-2023-40672.json b/2023/40xxx/CVE-2023-40672.json index 91a1bc8a91a..e112aab7770 100644 --- a/2023/40xxx/CVE-2023-40672.json +++ b/2023/40xxx/CVE-2023-40672.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40672", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through 2.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hardik Chavada", + "product": { + "product_data": [ + { + "product_name": "Sticky Social Media Icons", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/sticky-social-media-icons/wordpress-sticky-social-media-icons-plugin-1-4-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/sticky-social-media-icons/wordpress-sticky-social-media-icons-plugin-1-4-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Nguyen Xuan Chien (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/41xxx/CVE-2023-41240.json b/2023/41xxx/CVE-2023-41240.json index 16566ea1696..236321b6d68 100644 --- a/2023/41xxx/CVE-2023-41240.json +++ b/2023/41xxx/CVE-2023-41240.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41240", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Vark Pricing Deals for WooCommerce.This issue affects Pricing Deals for WooCommerce: from n/a through 2.0.3.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Vark", + "product": { + "product_data": [ + { + "product_name": "Pricing Deals for WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.0.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/pricing-deals-for-woocommerce/wordpress-pricing-deals-for-woocommercepricing-deals-for-woocommerce-plugin-2-0-3-2-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/pricing-deals-for-woocommerce/wordpress-pricing-deals-for-woocommercepricing-deals-for-woocommerce-plugin-2-0-3-2-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "thiennv (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/42xxx/CVE-2023-42883.json b/2023/42xxx/CVE-2023-42883.json index f1b5eddddfc..51952594090 100644 --- a/2023/42xxx/CVE-2023-42883.json +++ b/2023/42xxx/CVE-2023-42883.json @@ -132,6 +132,16 @@ "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214041" }, + { + "url": "https://support.apple.com/kb/HT214034", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214034" + }, + { + "url": "https://support.apple.com/kb/HT214039", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214039" + }, { "url": "http://seclists.org/fulldisclosure/2023/Dec/9", "refsource": "MISC", diff --git a/2023/42xxx/CVE-2023-42890.json b/2023/42xxx/CVE-2023-42890.json index ab99977c4f6..93b8401bc56 100644 --- a/2023/42xxx/CVE-2023-42890.json +++ b/2023/42xxx/CVE-2023-42890.json @@ -127,6 +127,11 @@ "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214041" }, + { + "url": "https://support.apple.com/kb/HT214039", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214039" + }, { "url": "http://seclists.org/fulldisclosure/2023/Dec/9", "refsource": "MISC", diff --git a/2023/42xxx/CVE-2023-42916.json b/2023/42xxx/CVE-2023-42916.json index 725dd82211c..faf1b553438 100644 --- a/2023/42xxx/CVE-2023-42916.json +++ b/2023/42xxx/CVE-2023-42916.json @@ -93,6 +93,11 @@ "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214031" }, + { + "url": "https://support.apple.com/kb/HT214033", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214033" + }, { "url": "http://www.openwall.com/lists/oss-security/2023/12/05/1", "refsource": "MISC", @@ -108,6 +113,11 @@ "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/" }, + { + "url": "https://support.apple.com/kb/HT214034", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214034" + }, { "url": "https://www.debian.org/security/2023/dsa-5575", "refsource": "MISC", diff --git a/2023/42xxx/CVE-2023-42917.json b/2023/42xxx/CVE-2023-42917.json index 76d2921ea61..d5aa23aadb1 100644 --- a/2023/42xxx/CVE-2023-42917.json +++ b/2023/42xxx/CVE-2023-42917.json @@ -93,6 +93,11 @@ "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214031" }, + { + "url": "https://support.apple.com/kb/HT214033", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214033" + }, { "url": "http://www.openwall.com/lists/oss-security/2023/12/05/1", "refsource": "MISC", @@ -108,6 +113,11 @@ "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/" }, + { + "url": "https://support.apple.com/kb/HT214034", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214034" + }, { "url": "https://www.debian.org/security/2023/dsa-5575", "refsource": "MISC", diff --git a/2023/42xxx/CVE-2023-42950.json b/2023/42xxx/CVE-2023-42950.json index 6f1b54e181c..256559dc02a 100644 --- a/2023/42xxx/CVE-2023-42950.json +++ b/2023/42xxx/CVE-2023-42950.json @@ -127,6 +127,11 @@ "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214041" }, + { + "url": "https://support.apple.com/kb/HT214039", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214039" + }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1", "refsource": "MISC", diff --git a/2023/42xxx/CVE-2023-42956.json b/2023/42xxx/CVE-2023-42956.json index 052ec694b46..eef8e96b009 100644 --- a/2023/42xxx/CVE-2023-42956.json +++ b/2023/42xxx/CVE-2023-42956.json @@ -93,6 +93,11 @@ "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214036" }, + { + "url": "https://support.apple.com/kb/HT214039", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214039" + }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1", "refsource": "MISC", diff --git a/2023/44xxx/CVE-2023-44234.json b/2023/44xxx/CVE-2023-44234.json index 006ada948fa..f733395bc84 100644 --- a/2023/44xxx/CVE-2023-44234.json +++ b/2023/44xxx/CVE-2023-44234.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44234", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through 1.7.08." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bastianon Massimo", + "product": { + "product_data": [ + { + "product_name": "WP GPX Map", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.7.08" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-gpx-maps/wordpress-wp-gpx-maps-plugin-1-7-05-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wp-gpx-maps/wordpress-wp-gpx-maps-plugin-1-7-05-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47828.json b/2023/47xxx/CVE-2023-47828.json index a8714910637..e78910abc87 100644 --- a/2023/47xxx/CVE-2023-47828.json +++ b/2023/47xxx/CVE-2023-47828.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47828", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mandrill", + "product": { + "product_data": [ + { + "product_name": "wpMandrill", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.33" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wpmandrill/wordpress-wpmandrill-plugin-1-33-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wpmandrill/wordpress-wpmandrill-plugin-1-33-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47845.json b/2023/47xxx/CVE-2023-47845.json index 94d956db15a..2008cd2719f 100644 --- a/2023/47xxx/CVE-2023-47845.json +++ b/2023/47xxx/CVE-2023-47845.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47845", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Lim Kai Yang Grab & Save.This issue affects Grab & Save: from n/a through 1.0.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Lim Kai Yang", + "product": { + "product_data": [ + { + "product_name": "Grab & Save", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/save-grab/wordpress-grab-save-plugin-1-0-4-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/save-grab/wordpress-grab-save-plugin-1-0-4-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dimas Maulana (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48280.json b/2023/48xxx/CVE-2023-48280.json index 9e0b57a5b9c..4cfedc8b550 100644 --- a/2023/48xxx/CVE-2023-48280.json +++ b/2023/48xxx/CVE-2023-48280.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48280", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Consensu.IO Consensu.Io.This issue affects Consensu.Io: from n/a through 1.0.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Consensu.IO", + "product": { + "product_data": [ + { + "product_name": "Consensu.io", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/consensu-io/wordpress-consensu-io-plugin-1-0-1-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/consensu-io/wordpress-consensu-io-plugin-1-0-1-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Skalucy (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/51xxx/CVE-2023-51413.json b/2023/51xxx/CVE-2023-51413.json index 85ef6b142ce..d8cefd002d5 100644 --- a/2023/51xxx/CVE-2023-51413.json +++ b/2023/51xxx/CVE-2023-51413.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-51413", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.29." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/piotnetforms/wordpress-piotnet-forms-plugin-1-0-25-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/piotnetforms/wordpress-piotnet-forms-plugin-1-0-25-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.0.30 or a higher version." + } + ], + "value": "Update to 1.0.30 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/51xxx/CVE-2023-51524.json b/2023/51xxx/CVE-2023-51524.json index 1ceee0a4492..5bf73920a23 100644 --- a/2023/51xxx/CVE-2023-51524.json +++ b/2023/51xxx/CVE-2023-51524.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-51524", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "weForms", + "product": { + "product_data": [ + { + "product_name": "weForms", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.6.19", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.6.18", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/weforms/wordpress-weforms-plugin-1-6-18-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/weforms/wordpress-weforms-plugin-1-6-18-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.6.19 or a higher version." + } + ], + "value": "Update to 1.6.19 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "emad (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/51xxx/CVE-2023-51526.json b/2023/51xxx/CVE-2023-51526.json index 49f5f919a57..760e4410602 100644 --- a/2023/51xxx/CVE-2023-51526.json +++ b/2023/51xxx/CVE-2023-51526.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-51526", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Brett Shumaker Simple Staff List.This issue affects Simple Staff List: from n/a through 2.2.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Brett Shumaker", + "product": { + "product_data": [ + { + "product_name": "Simple Staff List", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.2.5", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.2.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/simple-staff-list/wordpress-simple-staff-list-plugin-2-2-4-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/simple-staff-list/wordpress-simple-staff-list-plugin-2-2-4-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.2.5 or a higher version." + } + ], + "value": "Update to 2.2.5 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/51xxx/CVE-2023-51537.json b/2023/51xxx/CVE-2023-51537.json index 866c888d3b1..717146d3b2d 100644 --- a/2023/51xxx/CVE-2023-51537.json +++ b/2023/51xxx/CVE-2023-51537.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-51537", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Awesome Support Team", + "product": { + "product_data": [ + { + "product_name": "Awesome Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "6.1.6", + "status": "unaffected" + } + ], + "lessThanOrEqual": "6.1.5", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-1-5-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-1-5-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 6.1.6 or a higher version." + } + ], + "value": "Update to 6.1.6 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Brandon Roldan (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/5xxx/CVE-2023-5090.json b/2023/5xxx/CVE-2023-5090.json index b7c7b7f4a70..c41e5e08b4f 100644 --- a/2023/5xxx/CVE-2023-5090.json +++ b/2023/5xxx/CVE-2023-5090.json @@ -35,6 +35,41 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.69.1.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.69.1.rt14.354.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 6", "version": { @@ -113,6 +148,16 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:3854", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:3854" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:3855", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:3855" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5090", "refsource": "MISC", diff --git a/2023/6xxx/CVE-2023-6134.json b/2023/6xxx/CVE-2023-6134.json index 106d571b318..fb1a80dfba1 100644 --- a/2023/6xxx/CVE-2023-6134.json +++ b/2023/6xxx/CVE-2023-6134.json @@ -98,7 +98,7 @@ } }, { - "product_name": "Red Hat Single Sign-On 7.0", + "product_name": "Red Hat Single Sign-On 7", "version": { "version_data": [ { diff --git a/2023/6xxx/CVE-2023-6291.json b/2023/6xxx/CVE-2023-6291.json index c32cf142729..1f48e6c9773 100644 --- a/2023/6xxx/CVE-2023-6291.json +++ b/2023/6xxx/CVE-2023-6291.json @@ -98,7 +98,7 @@ } }, { - "product_name": "Red Hat Single Sign-On 7.0", + "product_name": "Red Hat Single Sign-On 7", "version": { "version_data": [ { diff --git a/2023/6xxx/CVE-2023-6356.json b/2023/6xxx/CVE-2023-6356.json index 7c2097a5eab..849515064fb 100644 --- a/2023/6xxx/CVE-2023-6356.json +++ b/2023/6xxx/CVE-2023-6356.json @@ -91,6 +91,27 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-477.58.1.el8_8", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9", "version": { @@ -258,6 +279,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1248" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:3810", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:3810" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6356", "refsource": "MISC", diff --git a/2023/6xxx/CVE-2023-6484.json b/2023/6xxx/CVE-2023-6484.json index 5b8e526c1a9..946ce4fac3f 100644 --- a/2023/6xxx/CVE-2023-6484.json +++ b/2023/6xxx/CVE-2023-6484.json @@ -98,7 +98,7 @@ } }, { - "product_name": "Red Hat Single Sign-On 7.0", + "product_name": "Red Hat Single Sign-On 7", "version": { "version_data": [ { diff --git a/2023/6xxx/CVE-2023-6535.json b/2023/6xxx/CVE-2023-6535.json index b684594fa0e..8a9df0f9930 100644 --- a/2023/6xxx/CVE-2023-6535.json +++ b/2023/6xxx/CVE-2023-6535.json @@ -91,6 +91,27 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-477.58.1.el8_8", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9", "version": { @@ -258,6 +279,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1248" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:3810", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:3810" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6535", "refsource": "MISC", diff --git a/2023/6xxx/CVE-2023-6536.json b/2023/6xxx/CVE-2023-6536.json index 293ae67b54e..dad58a7554a 100644 --- a/2023/6xxx/CVE-2023-6536.json +++ b/2023/6xxx/CVE-2023-6536.json @@ -91,6 +91,27 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-477.58.1.el8_8", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9", "version": { @@ -258,6 +279,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1248" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:3810", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:3810" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6536", "refsource": "MISC", diff --git a/2023/6xxx/CVE-2023-6927.json b/2023/6xxx/CVE-2023-6927.json index 97d3f36bc80..281aed84949 100644 --- a/2023/6xxx/CVE-2023-6927.json +++ b/2023/6xxx/CVE-2023-6927.json @@ -70,7 +70,7 @@ } }, { - "product_name": "Red Hat Single Sign-On 7.0", + "product_name": "Red Hat Single Sign-On 7", "version": { "version_data": [ { diff --git a/2024/23xxx/CVE-2024-23206.json b/2024/23xxx/CVE-2024-23206.json index d20f933ba3e..afa8325b4e2 100644 --- a/2024/23xxx/CVE-2024-23206.json +++ b/2024/23xxx/CVE-2024-23206.json @@ -142,11 +142,26 @@ "refsource": "MISC", "name": "https://support.apple.com/kb/HT214063" }, + { + "url": "https://support.apple.com/kb/HT214059", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214059" + }, { "url": "https://support.apple.com/kb/HT214061", "refsource": "MISC", "name": "https://support.apple.com/kb/HT214061" }, + { + "url": "https://support.apple.com/kb/HT214055", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214055" + }, + { + "url": "https://support.apple.com/kb/HT214056", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214056" + }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/27", "refsource": "MISC", diff --git a/2024/23xxx/CVE-2024-23213.json b/2024/23xxx/CVE-2024-23213.json index 5df9870af77..6cc8eb49a58 100644 --- a/2024/23xxx/CVE-2024-23213.json +++ b/2024/23xxx/CVE-2024-23213.json @@ -142,11 +142,26 @@ "refsource": "MISC", "name": "https://support.apple.com/kb/HT214063" }, + { + "url": "https://support.apple.com/kb/HT214059", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214059" + }, { "url": "https://support.apple.com/kb/HT214061", "refsource": "MISC", "name": "https://support.apple.com/kb/HT214061" }, + { + "url": "https://support.apple.com/kb/HT214055", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214055" + }, + { + "url": "https://support.apple.com/kb/HT214056", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214056" + }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/27", "refsource": "MISC", diff --git a/2024/23xxx/CVE-2024-23214.json b/2024/23xxx/CVE-2024-23214.json index 5972326464f..94791093419 100644 --- a/2024/23xxx/CVE-2024-23214.json +++ b/2024/23xxx/CVE-2024-23214.json @@ -86,6 +86,11 @@ "refsource": "MISC", "name": "https://support.apple.com/kb/HT214063" }, + { + "url": "https://support.apple.com/kb/HT214059", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214059" + }, { "url": "https://support.apple.com/kb/HT214061", "refsource": "MISC", diff --git a/2024/23xxx/CVE-2024-23222.json b/2024/23xxx/CVE-2024-23222.json index 95989689a9c..62a75d0dac0 100644 --- a/2024/23xxx/CVE-2024-23222.json +++ b/2024/23xxx/CVE-2024-23222.json @@ -98,6 +98,11 @@ "refsource": "MISC", "name": "https://support.apple.com/kb/HT214063" }, + { + "url": "https://support.apple.com/kb/HT214059", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214059" + }, { "url": "https://support.apple.com/kb/HT214057", "refsource": "MISC", @@ -112,6 +117,16 @@ "url": "https://support.apple.com/kb/HT214061", "refsource": "MISC", "name": "https://support.apple.com/kb/HT214061" + }, + { + "url": "https://support.apple.com/kb/HT214055", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214055" + }, + { + "url": "https://support.apple.com/kb/HT214056", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214056" } ] } diff --git a/2024/23xxx/CVE-2024-23271.json b/2024/23xxx/CVE-2024-23271.json index 8cac19363b0..6b537cf397a 100644 --- a/2024/23xxx/CVE-2024-23271.json +++ b/2024/23xxx/CVE-2024-23271.json @@ -132,10 +132,25 @@ "refsource": "MISC", "name": "https://support.apple.com/kb/HT214060" }, + { + "url": "https://support.apple.com/kb/HT214059", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214059" + }, { "url": "https://support.apple.com/kb/HT214061", "refsource": "MISC", "name": "https://support.apple.com/kb/HT214061" + }, + { + "url": "https://support.apple.com/kb/HT214055", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214055" + }, + { + "url": "https://support.apple.com/kb/HT214056", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT214056" } ] } diff --git a/2024/2xxx/CVE-2024-2092.json b/2024/2xxx/CVE-2024-2092.json index 1a0d1c37c89..a6bb221d273 100644 --- a/2024/2xxx/CVE-2024-2092.json +++ b/2024/2xxx/CVE-2024-2092.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2092", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "webtechstreet", + "product": { + "product_data": [ + { + "product_name": "Elementor Addon Elements", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.13.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67790c0b-c078-4955-a175-977a695392fc?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67790c0b-c078-4955-a175-977a695392fc?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/twitter/widgets/twitter.php#L712", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/twitter/widgets/twitter.php#L712" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3077362%40addon-elements-for-elementor-page-builder%2Ftrunk&old=3058768%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3077362%40addon-elements-for-elementor-page-builder%2Ftrunk&old=3058768%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wesley" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/2xxx/CVE-2024-2199.json b/2024/2xxx/CVE-2024-2199.json index 747f1017555..43a100bd3a2 100644 --- a/2024/2xxx/CVE-2024-2199.json +++ b/2024/2xxx/CVE-2024-2199.json @@ -35,6 +35,48 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:1.3.11.1-5.el7_9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:2.4.5-8.el9_4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Directory Server 11", "version": { @@ -74,19 +116,6 @@ ] } }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat Enterprise Linux 8", "version": { @@ -99,19 +128,6 @@ } ] } - }, - { - "product_name": "Red Hat Enterprise Linux 9", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } } ] } @@ -121,6 +137,16 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:3591", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:3591" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:3837", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:3837" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-2199", "refsource": "MISC", diff --git a/2024/2xxx/CVE-2024-2905.json b/2024/2xxx/CVE-2024-2905.json index e5103761bc7..d7b9d7b5496 100644 --- a/2024/2xxx/CVE-2024-2905.json +++ b/2024/2xxx/CVE-2024-2905.json @@ -35,6 +35,27 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:2024.3-3.el9_4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "version": { @@ -69,19 +90,6 @@ ] } }, - { - "product_name": "Red Hat Enterprise Linux 9", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat OpenShift Container Platform 4", "version": { @@ -108,6 +116,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:3401" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:3823", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:3823" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-2905", "refsource": "MISC", diff --git a/2024/2xxx/CVE-2024-2947.json b/2024/2xxx/CVE-2024-2947.json index 59d8addee7a..079ce4d2e75 100644 --- a/2024/2xxx/CVE-2024-2947.json +++ b/2024/2xxx/CVE-2024-2947.json @@ -56,6 +56,41 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:311.2-1.el9_4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:311.2-1.el9_4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 7", "version": { @@ -68,19 +103,6 @@ } ] } - }, - { - "product_name": "Red Hat Enterprise Linux 9", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } } ] } @@ -95,6 +117,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:3667" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:3843", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:3843" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-2947", "refsource": "MISC", diff --git a/2024/35xxx/CVE-2024-35655.json b/2024/35xxx/CVE-2024-35655.json index 6ff8e4c9883..4b4548e5ed8 100644 --- a/2024/35xxx/CVE-2024-35655.json +++ b/2024/35xxx/CVE-2024-35655.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brave Brave Popup Builder allows Stored XSS.This issue affects Brave Popup Builder: from n/a through 0.6.8." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brave Brave Popup Builder allows Stored XSS.This issue affects Brave Popup Builder: from n/a through 0.6.9." } ] }, @@ -40,9 +40,24 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "0.6.8" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "7.0.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "0.6.9", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } } ] } @@ -68,6 +83,19 @@ "source": { "discovery": "EXTERNAL" }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 7.0.0 or a higher version." + } + ], + "value": "Update to\u00a07.0.0 or a higher version." + } + ], "credits": [ { "lang": "en", diff --git a/2024/36xxx/CVE-2024-36014.json b/2024/36xxx/CVE-2024-36014.json index 57c69d553c6..ff7b9cb07d9 100644 --- a/2024/36xxx/CVE-2024-36014.json +++ b/2024/36xxx/CVE-2024-36014.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "8cbc5caf36ef", - "version_value": "b77620730f61" + "version_value": "e4b52d493833" }, { "version_value": "not down converted", @@ -57,6 +57,18 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.1.93", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.33", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.8.12", "lessThanOrEqual": "6.8.*", @@ -90,6 +102,16 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/e4b52d49383306ef73fd1bd9102538beebb0fe07", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e4b52d49383306ef73fd1bd9102538beebb0fe07" + }, + { + "url": "https://git.kernel.org/stable/c/335cc45ef2b81b68be63c698b4f867a530bdf7a5", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/335cc45ef2b81b68be63c698b4f867a530bdf7a5" + }, { "url": "https://git.kernel.org/stable/c/b77620730f614059db2470e8ebab3e725280fc6d", "refsource": "MISC", diff --git a/2024/36xxx/CVE-2024-36015.json b/2024/36xxx/CVE-2024-36015.json index 2aac55c6e46..3eed3afb134 100644 --- a/2024/36xxx/CVE-2024-36015.json +++ b/2024/36xxx/CVE-2024-36015.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "9a69645dde11", - "version_value": "fbf740aeb86a" + "version_value": "df9329247dbb" }, { "version_value": "not down converted", @@ -57,6 +57,24 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.1.93", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.33", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.4", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.10-rc1", "lessThanOrEqual": "*", @@ -78,6 +96,21 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/df9329247dbbf00f6057e002139ab3fa529ad828", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/df9329247dbbf00f6057e002139ab3fa529ad828" + }, + { + "url": "https://git.kernel.org/stable/c/ec3468221efec6660ff656e9ebe51ced3520fc57", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ec3468221efec6660ff656e9ebe51ced3520fc57" + }, + { + "url": "https://git.kernel.org/stable/c/5d5b24edad1107a2ffa99058f20f6aeeafeb5d39", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5d5b24edad1107a2ffa99058f20f6aeeafeb5d39" + }, { "url": "https://git.kernel.org/stable/c/fbf740aeb86a4fe82ad158d26d711f2f3be79b3e", "refsource": "MISC", diff --git a/2024/36xxx/CVE-2024-36016.json b/2024/36xxx/CVE-2024-36016.json index c20e8033cfc..5481d587db3 100644 --- a/2024/36xxx/CVE-2024-36016.json +++ b/2024/36xxx/CVE-2024-36016.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "e1eaea46bb40", - "version_value": "f126ce7305fe" + "version_value": "46f52c89a7e7" }, { "version_value": "not down converted", @@ -57,6 +57,18 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.1.93", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.33", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.8.12", "lessThanOrEqual": "6.8.*", @@ -90,6 +102,16 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/46f52c89a7e7d2691b97a9728e4591d071ca8abc", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/46f52c89a7e7d2691b97a9728e4591d071ca8abc" + }, + { + "url": "https://git.kernel.org/stable/c/774d83b008eccb1c48c14dc5486e7aa255731350", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/774d83b008eccb1c48c14dc5486e7aa255731350" + }, { "url": "https://git.kernel.org/stable/c/f126ce7305fe88f49cdabc6db4168b9318898ea3", "refsource": "MISC", diff --git a/2024/36xxx/CVE-2024-36968.json b/2024/36xxx/CVE-2024-36968.json index 547e4253cde..3a81380503e 100644 --- a/2024/36xxx/CVE-2024-36968.json +++ b/2024/36xxx/CVE-2024-36968.json @@ -75,6 +75,12 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.9.4", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.10-rc1", "lessThanOrEqual": "*", @@ -111,6 +117,11 @@ "refsource": "MISC", "name": "https://git.kernel.org/stable/c/d2b2f7d3936dc5990549bc36ab7ac7ac37f22c30" }, + { + "url": "https://git.kernel.org/stable/c/4d3dbaa252257d20611c3647290e6171f1bbd6c8", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4d3dbaa252257d20611c3647290e6171f1bbd6c8" + }, { "url": "https://git.kernel.org/stable/c/a5b862c6a221459d54e494e88965b48dcfa6cc44", "refsource": "MISC", diff --git a/2024/36xxx/CVE-2024-36971.json b/2024/36xxx/CVE-2024-36971.json index e87c729b50f..18c919586d9 100644 --- a/2024/36xxx/CVE-2024-36971.json +++ b/2024/36xxx/CVE-2024-36971.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "a87cb3e48ee8", - "version_value": "92f1655aa2b2" + "version_value": "b8af8e6118a6" }, { "version_value": "not down converted", @@ -57,6 +57,12 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.9.4", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.10-rc2", "lessThanOrEqual": "*", @@ -78,6 +84,11 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/b8af8e6118a6605f0e495a58d591ca94a85a50fc", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b8af8e6118a6605f0e495a58d591ca94a85a50fc" + }, { "url": "https://git.kernel.org/stable/c/92f1655aa2b2294d0b49925f3b875a634bd3b59e", "refsource": "MISC", diff --git a/2024/36xxx/CVE-2024-36972.json b/2024/36xxx/CVE-2024-36972.json index e5bdd3d82c5..6e13fda59d4 100644 --- a/2024/36xxx/CVE-2024-36972.json +++ b/2024/36xxx/CVE-2024-36972.json @@ -38,10 +38,20 @@ "product_name": "Linux", "version": { "version_data": [ + { + "version_affected": "<", + "version_name": "e0e09186d882", + "version_value": "4bf6964451c3" + }, + { + "version_affected": "<", + "version_name": "b74aa9ce13d0", + "version_value": "d59ae9314b97" + }, { "version_affected": "<", "version_name": "1279f9d9dec2", - "version_value": "9841991a446c" + "version_value": "4708f49add84" }, { "version_value": "not down converted", @@ -57,6 +67,24 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.1.93", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.33", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.4", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.10-rc1", "lessThanOrEqual": "*", @@ -78,6 +106,21 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/4bf6964451c3cb411fbaa1ae8b214b3d97a59bf1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4bf6964451c3cb411fbaa1ae8b214b3d97a59bf1" + }, + { + "url": "https://git.kernel.org/stable/c/d59ae9314b97e01c76a4171472441e55721ba636", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d59ae9314b97e01c76a4171472441e55721ba636" + }, + { + "url": "https://git.kernel.org/stable/c/4708f49add84a57ce0ccc7bf9a6269845c631cc3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4708f49add84a57ce0ccc7bf9a6269845c631cc3" + }, { "url": "https://git.kernel.org/stable/c/9841991a446c87f90f66f4b9fee6fe934c1336a2", "refsource": "MISC", diff --git a/2024/38xxx/CVE-2024-38266.json b/2024/38xxx/CVE-2024-38266.json new file mode 100644 index 00000000000..fad3a542ba4 --- /dev/null +++ b/2024/38xxx/CVE-2024-38266.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38266", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38267.json b/2024/38xxx/CVE-2024-38267.json new file mode 100644 index 00000000000..ac066dbf560 --- /dev/null +++ b/2024/38xxx/CVE-2024-38267.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38267", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38268.json b/2024/38xxx/CVE-2024-38268.json new file mode 100644 index 00000000000..f142d59c50f --- /dev/null +++ b/2024/38xxx/CVE-2024-38268.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38268", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38269.json b/2024/38xxx/CVE-2024-38269.json new file mode 100644 index 00000000000..206bc6ecb9f --- /dev/null +++ b/2024/38xxx/CVE-2024-38269.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38269", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38270.json b/2024/38xxx/CVE-2024-38270.json new file mode 100644 index 00000000000..6029dfcfd3b --- /dev/null +++ b/2024/38xxx/CVE-2024-38270.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38270", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38271.json b/2024/38xxx/CVE-2024-38271.json new file mode 100644 index 00000000000..4ce3c5e4e2d --- /dev/null +++ b/2024/38xxx/CVE-2024-38271.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38271", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38272.json b/2024/38xxx/CVE-2024-38272.json new file mode 100644 index 00000000000..c0f2c83a78d --- /dev/null +++ b/2024/38xxx/CVE-2024-38272.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38272", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3657.json b/2024/3xxx/CVE-2024-3657.json index fbe9e94c0e0..455419db2a6 100644 --- a/2024/3xxx/CVE-2024-3657.json +++ b/2024/3xxx/CVE-2024-3657.json @@ -35,6 +35,48 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:1.3.11.1-5.el7_9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:2.4.5-8.el9_4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Directory Server 11", "version": { @@ -74,19 +116,6 @@ ] } }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat Enterprise Linux 8", "version": { @@ -99,19 +128,6 @@ } ] } - }, - { - "product_name": "Red Hat Enterprise Linux 9", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } } ] } @@ -121,6 +137,16 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:3591", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:3591" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:3837", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:3837" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-3657", "refsource": "MISC", diff --git a/2024/4xxx/CVE-2024-4845.json b/2024/4xxx/CVE-2024-4845.json index 5cc8a621542..86a843d996b 100644 --- a/2024/4xxx/CVE-2024-4845.json +++ b/2024/4xxx/CVE-2024-4845.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-4845", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the \u2018options[list_id]\u2019 parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "icegram", + "product": { + "product_data": [ + { + "product_name": "Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.7.22" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21be2215-8ce0-438e-94e0-6a350b8cc952?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21be2215-8ce0-438e-94e0-6a350b8cc952?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3098321/email-subscribers", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3098321/email-subscribers" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Arkadiusz Hydzik" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/5xxx/CVE-2024-5898.json b/2024/5xxx/CVE-2024-5898.json new file mode 100644 index 00000000000..794e3b6298d --- /dev/null +++ b/2024/5xxx/CVE-2024-5898.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5898", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5899.json b/2024/5xxx/CVE-2024-5899.json new file mode 100644 index 00000000000..7363685c169 --- /dev/null +++ b/2024/5xxx/CVE-2024-5899.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5899", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5900.json b/2024/5xxx/CVE-2024-5900.json new file mode 100644 index 00000000000..b4710ca63c2 --- /dev/null +++ b/2024/5xxx/CVE-2024-5900.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5900", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5901.json b/2024/5xxx/CVE-2024-5901.json new file mode 100644 index 00000000000..e83a7d20f32 --- /dev/null +++ b/2024/5xxx/CVE-2024-5901.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5901", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file