"-Synchronized-Data."

2025-07-29 05:56:59 +00:00 · 2024-05-16 22:00:32 +00:00 · 2024-05-16 22:00:32 +00:00 · 0bbd64c368
commit 0bbd64c368
parent 3306d3d078
11 changed files with 147 additions and 11 deletions
--- a/2021/37xxx/CVE-2021-37384.json
+++ b/2021/37xxx/CVE-2021-37384.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A remote command execution (RCE) vulnerability in the web interface component of Furukawa Electric LatAM 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 allows unauthenticated attackers to send arbitrary commands to the device via unspecified vectors."
+                "value": "RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface."
            }
        ]
    },
--- a/2022/48xxx/CVE-2022-48197.json
+++ b/2022/48xxx/CVE-2022-48197.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+                "value": "** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
            }
        ]
    },
@ -66,6 +66,21 @@
                "refsource": "MISC",
                "name": "http://packetstormsecurity.com/files/171633/Yahoo-User-Interface-TreeView-2.8.2-Cross-Site-Scripting.html",
                "url": "http://packetstormsecurity.com/files/171633/Yahoo-User-Interface-TreeView-2.8.2-Cross-Site-Scripting.html"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://literatejava.com/security/is-it-really-a-cve-reported-xss-in-yui-2-8-2/",
+                "url": "https://literatejava.com/security/is-it-really-a-cve-reported-xss-in-yui-2-8-2/"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/yui/yui2/blob/yui2-2.8.2-8/sandbox/treeview/inc-rightbar.php",
+                "url": "https://github.com/yui/yui2/blob/yui2-2.8.2-8/sandbox/treeview/inc-rightbar.php"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/ryan412/CVE-2022-48197",
+                "url": "https://github.com/ryan412/CVE-2022-48197"
            }
        ]
    }
--- a/2023/31xxx/CVE-2023-31972.json
+++ b/2023/31xxx/CVE-2023-31972.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c."
+                "value": "** DISPUTED ** yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy."
            }
        ]
    },
--- a/2023/31xxx/CVE-2023-31973.json
+++ b/2023/31xxx/CVE-2023-31973.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c."
+                "value": "** DISPUTED ** yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy."
            }
        ]
    },
--- a/2023/31xxx/CVE-2023-31974.json
+++ b/2023/31xxx/CVE-2023-31974.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c."
+                "value": "** DISPUTED ** yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy."
            }
        ]
    },
--- a/2023/31xxx/CVE-2023-31975.json
+++ b/2023/31xxx/CVE-2023-31975.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c."
+                "value": "** DISPUTED ** yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy."
            }
        ]
    },
--- a/2023/37xxx/CVE-2023-37152.json
+++ b/2023/37xxx/CVE-2023-37152.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page."
+                "value": "** DISPUTED ** Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability."
            }
        ]
    },
--- a/2024/3xxx/CVE-2024-3134.json
+++ b/2024/3xxx/CVE-2024-3134.json
@ -1,17 +1,84 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2024-3134",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "security@wordfence.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title_html_tag attribute in all versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "litonice13",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<=",
+                                            "version_name": "*",
+                                            "version_value": "2.0.6.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6106c972-5475-4c19-8630-3a01edc616ad?source=cve",
+                "refsource": "MISC",
+                "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6106c972-5475-4c19-8630-3a01edc616ad?source=cve"
+            },
+            {
+                "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3087193%40master-addons%2Ftrunk&old=3078134%40master-addons%2Ftrunk&sfp_email=&sfph_mail=",
+                "refsource": "MISC",
+                "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3087193%40master-addons%2Ftrunk&old=3078134%40master-addons%2Ftrunk&sfp_email=&sfph_mail="
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "Jo\u00e3o G. Barbosa"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+                "baseScore": 6.4,
+                "baseSeverity": "MEDIUM"
            }
        ]
    }
--- a/2024/5xxx/CVE-2024-5034.json
+++ b/2024/5xxx/CVE-2024-5034.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2024-5034",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2024/5xxx/CVE-2024-5035.json
+++ b/2024/5xxx/CVE-2024-5035.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2024-5035",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2024/5xxx/CVE-2024-5036.json
+++ b/2024/5xxx/CVE-2024-5036.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2024-5036",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}