From 098416b0c93a7e3457f99c7b4a130966f5baa470 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 Jan 2025 02:00:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/10xxx/CVE-2024-10401.json | 8 +-- 2024/10xxx/CVE-2024-10970.json | 80 +++++++++++++++++++++++-- 2024/13xxx/CVE-2024-13450.json | 18 ++++++ 2024/13xxx/CVE-2024-13451.json | 18 ++++++ 2025/0xxx/CVE-2025-0170.json | 76 ++++++++++++++++++++++-- 2025/0xxx/CVE-2025-0455.json | 103 +++++++++++++++++++++++++++++++-- 2025/0xxx/CVE-2025-0456.json | 103 +++++++++++++++++++++++++++++++-- 2025/0xxx/CVE-2025-0457.json | 103 +++++++++++++++++++++++++++++++-- 8 files changed, 485 insertions(+), 24 deletions(-) create mode 100644 2024/13xxx/CVE-2024-13450.json create mode 100644 2024/13xxx/CVE-2024-13451.json diff --git a/2024/10xxx/CVE-2024-10401.json b/2024/10xxx/CVE-2024-10401.json index 1afd17bfb8a..9d263de66c9 100644 --- a/2024/10xxx/CVE-2024-10401.json +++ b/2024/10xxx/CVE-2024-10401.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } diff --git a/2024/10xxx/CVE-2024-10970.json b/2024/10xxx/CVE-2024-10970.json index 00fbdca49bd..f3a14d615dd 100644 --- a/2024/10xxx/CVE-2024-10970.json +++ b/2024/10xxx/CVE-2024-10970.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10970", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The The Motors \u2013 Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "stylemix", + "product": { + "product_data": [ + { + "product_name": "Motors \u2013 Car Dealer, Classifieds & Listing", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.4.43" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fc58c679-3e87-4bcc-b1bc-718ae52c291a?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fc58c679-3e87-4bcc-b1bc-718ae52c291a?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/motors-car-dealership-classified-listings/tags/1.4.42/includes/functions.php#L939", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/motors-car-dealership-classified-listings/tags/1.4.42/includes/functions.php#L939" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Gregory Stewart" + }, + { + "lang": "en", + "value": "Chance" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/13xxx/CVE-2024-13450.json b/2024/13xxx/CVE-2024-13450.json new file mode 100644 index 00000000000..91747c516d7 --- /dev/null +++ b/2024/13xxx/CVE-2024-13450.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13450", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13451.json b/2024/13xxx/CVE-2024-13451.json new file mode 100644 index 00000000000..0db30df9cfb --- /dev/null +++ b/2024/13xxx/CVE-2024-13451.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13451", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0170.json b/2025/0xxx/CVE-2025-0170.json index 5fce99df315..eba074aa948 100644 --- a/2025/0xxx/CVE-2025-0170.json +++ b/2025/0xxx/CVE-2025-0170.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0170", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sort_by' and 'token' parameters. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "scriptsbundle", + "product": { + "product_data": [ + { + "product_name": "DWT - Directory & Listing WordPress Theme", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d607e7c0-7812-4c77-a763-6095677b3525?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d607e7c0-7812-4c77-a763-6095677b3525?source=cve" + }, + { + "url": "https://scriptsbundle.gitbook.io/dwt-directory-and-listing-wordpress-theme", + "refsource": "MISC", + "name": "https://scriptsbundle.gitbook.io/dwt-directory-and-listing-wordpress-theme" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Istv\u00e1n M\u00e1rton" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/0xxx/CVE-2025-0455.json b/2025/0xxx/CVE-2025-0455.json index 059b6a960c9..5421c55aa89 100644 --- a/2025/0xxx/CVE-2025-0455.json +++ b/2025/0xxx/CVE-2025-0455.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0455", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@cert.org.tw", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NetVision Information", + "product": { + "product_data": [ + { + "product_name": "airPASS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.9.0", + "version_value": "2.9.0.241231" + }, + { + "version_affected": "<", + "version_name": "3.0.0", + "version_value": "3.0.0.241231" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-8357-28308-1.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/tw/cp-132-8357-28308-1.html" + }, + { + "url": "https://www.twcert.org.tw/en/cp-139-8358-143bc-2.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/en/cp-139-8358-143bc-2.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TVN-202501001", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "For v2.9.0.x, please update to version 2.9.0.241231 or later.
For v3.0.0.x, please update to version 3.0.0.241231 or later.\n\n
" + } + ], + "value": "For v2.9.0.x, please update to version 2.9.0.241231 or later.\nFor v3.0.0.x, please update to version 3.0.0.241231 or later." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0456.json b/2025/0xxx/CVE-2025-0456.json index 26e4a971e8f..35a19a88982 100644 --- a/2025/0xxx/CVE-2025-0456.json +++ b/2025/0xxx/CVE-2025-0456.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0456", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@cert.org.tw", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all accounts and passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306 Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NetVision Information", + "product": { + "product_data": [ + { + "product_name": "airPASS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.9.0", + "version_value": "2.9.0.241231" + }, + { + "version_affected": "<", + "version_name": "3.0.0", + "version_value": "3.0.0.241231" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-8359-53aa7-1.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/tw/cp-132-8359-53aa7-1.html" + }, + { + "url": "https://www.twcert.org.tw/en/cp-139-8360-e97b8-2.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/en/cp-139-8360-e97b8-2.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TVN-202501002", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "For v2.9.0.x, please update to version 2.9.0.241231 or later.
For v3.0.0.x, please update to version 3.0.0.241231 or later.\n\n
" + } + ], + "value": "For v2.9.0.x, please update to version 2.9.0.241231 or later.\nFor v3.0.0.x, please update to version 3.0.0.241231 or later." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0457.json b/2025/0xxx/CVE-2025-0457.json index 40d23722d1a..576eccf9216 100644 --- a/2025/0xxx/CVE-2025-0457.json +++ b/2025/0xxx/CVE-2025-0457.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0457", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@cert.org.tw", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NetVision Information", + "product": { + "product_data": [ + { + "product_name": "airPASS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.9.0", + "version_value": "2.9.0.241231" + }, + { + "version_affected": "<", + "version_name": "3.0.0", + "version_value": "3.0.0.241231" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-8361-ff3fb-1.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/tw/cp-132-8361-ff3fb-1.html" + }, + { + "url": "https://www.twcert.org.tw/en/cp-139-8362-efb33-2.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/en/cp-139-8362-efb33-2.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TVN-202501003", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "For v2.9.0.x, please update to version 2.9.0.241231 or later.
For v3.0.0.x, please update to version 3.0.0.241231 or later.\n\n
" + } + ], + "value": "For v2.9.0.x, please update to version 2.9.0.241231 or later.\nFor v3.0.0.x, please update to version 3.0.0.241231 or later." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] }