From 0d23346775bc386a0da5ec5ce813ab3a2671c28b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 2 Dec 2024 14:00:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/12xxx/CVE-2024-12015.json | 78 ++++++++++++++++++++-- 2024/12xxx/CVE-2024-12016.json | 18 ++++++ 2024/12xxx/CVE-2024-12017.json | 18 ++++++ 2024/37xxx/CVE-2024-37094.json | 8 +-- 2024/51xxx/CVE-2024-51636.json | 8 +-- 2024/52xxx/CVE-2024-52457.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52458.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52459.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52460.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52461.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52462.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52463.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52464.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52465.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52466.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52467.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52468.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52469.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52476.json | 113 ++++++++++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52477.json | 113 ++++++++++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52478.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52479.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52482.json | 113 ++++++++++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52483.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52484.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52486.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52487.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52489.json | 113 ++++++++++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52491.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52492.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52493.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52494.json | 84 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52502.json | 85 ++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52503.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53105.json | 92 ++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53106.json | 114 +++++++++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53107.json | 92 ++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53108.json | 93 +++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53109.json | 103 +++++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53110.json | 114 +++++++++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53111.json | 92 ++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53112.json | 114 +++++++++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53113.json | 114 +++++++++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53114.json | 82 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53115.json | 92 ++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53116.json | 92 ++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53117.json | 92 ++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53118.json | 92 ++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53119.json | 114 +++++++++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53120.json | 114 +++++++++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53121.json | 114 +++++++++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53707.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53708.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53709.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53710.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53711.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53712.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53713.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53714.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53715.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53716.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53717.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53718.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53719.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53720.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53721.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53722.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53723.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53724.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53725.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53726.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53727.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53728.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53729.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53741.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53751.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53753.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53754.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53755.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53759.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53761.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53762.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53765.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53769.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53770.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53775.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53776.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53777.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53779.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53780.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53781.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53782.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53784.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53789.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53792.json | 85 ++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53793.json | 85 ++++++++++++++++++++++-- 96 files changed, 7875 insertions(+), 376 deletions(-) create mode 100644 2024/12xxx/CVE-2024-12016.json create mode 100644 2024/12xxx/CVE-2024-12017.json diff --git a/2024/12xxx/CVE-2024-12015.json b/2024/12xxx/CVE-2024-12015.json index 01dcc68783c..d2dbb24bcea 100644 --- a/2024/12xxx/CVE-2024-12015.json +++ b/2024/12xxx/CVE-2024-12015.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12015", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The 'Project Manager' WordPress Plugin is affected by an authenticated SQL injection vulnerability in the 'orderby' parameter in the '/pm/v2/activites' route." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WeDevs", + "product": { + "product_data": [ + { + "product_name": "WP Project Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.tenable.com/security/research/tra-2024-47", + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2024-47" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/12xxx/CVE-2024-12016.json b/2024/12xxx/CVE-2024-12016.json new file mode 100644 index 00000000000..4e7eedebed5 --- /dev/null +++ b/2024/12xxx/CVE-2024-12016.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12016", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12017.json b/2024/12xxx/CVE-2024-12017.json new file mode 100644 index 00000000000..4d1a6f90046 --- /dev/null +++ b/2024/12xxx/CVE-2024-12017.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12017", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/37xxx/CVE-2024-37094.json b/2024/37xxx/CVE-2024-37094.json index ba36f711192..29f12337cb3 100644 --- a/2024/37xxx/CVE-2024-37094.json +++ b/2024/37xxx/CVE-2024-37094.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through 3.2.12." + "value": "Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects MasterStudy LMS: from n/a through 3.2.12." } ] }, @@ -105,17 +105,17 @@ "impact": { "cvss": [ { - "baseScore": 8.2, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", - "baseSeverity": "HIGH", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" } ] diff --git a/2024/51xxx/CVE-2024-51636.json b/2024/51xxx/CVE-2024-51636.json index 5be9e0e86bd..f49f44a7bab 100644 --- a/2024/51xxx/CVE-2024-51636.json +++ b/2024/51xxx/CVE-2024-51636.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in Z.com by GMO GMO Social Connection allows Cross-Site Scripting (XSS).This issue affects GMO Social Connection: from n/a through 1.2." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Z.com by GMO GMO Social Connection allows Cross-Site Scripting (XSS).\n\nThis issue affects GMO Social Connection: from n/a through 1.2." } ] }, @@ -77,17 +77,17 @@ "impact": { "cvss": [ { - "baseScore": 7.1, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "baseSeverity": "HIGH", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" } ] diff --git a/2024/52xxx/CVE-2024-52457.json b/2024/52xxx/CVE-2024-52457.json index 458850a30e6..85a5717a580 100644 --- a/2024/52xxx/CVE-2024-52457.json +++ b/2024/52xxx/CVE-2024-52457.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52457", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Youneeq Youneeq Recommendations allows Reflected XSS.This issue affects Youneeq Recommendations: from n/a through 3.0.7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Youneeq", + "product": { + "product_data": [ + { + "product_name": "Youneeq Recommendations", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "3.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/youneeq-panel/vulnerability/wordpress-youneeq-recommendations-plugin-3-0-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/youneeq-panel/vulnerability/wordpress-youneeq-recommendations-plugin-3-0-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52458.json b/2024/52xxx/CVE-2024-52458.json index 00aea3f5c06..9a7de46dd15 100644 --- a/2024/52xxx/CVE-2024-52458.json +++ b/2024/52xxx/CVE-2024-52458.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52458", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Templines TM Islamic Helper allows Reflected XSS.This issue affects TM Islamic Helper: from n/a through 1.0.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Templines", + "product": { + "product_data": [ + { + "product_name": "TM Islamic Helper", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/tm-islamic-helper/vulnerability/wordpress-tm-islamic-helper-plugin-1-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/tm-islamic-helper/vulnerability/wordpress-tm-islamic-helper-plugin-1-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52459.json b/2024/52xxx/CVE-2024-52459.json index 9369b922842..8b5bc58121b 100644 --- a/2024/52xxx/CVE-2024-52459.json +++ b/2024/52xxx/CVE-2024-52459.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52459", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chameleoni.com Chameleoni Jobs allows Reflected XSS.This issue affects Chameleoni Jobs: from n/a through 2.5.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Chameleoni.com", + "product": { + "product_data": [ + { + "product_name": "Chameleoni Jobs", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.5.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/chameleon-jobs/vulnerability/wordpress-chameleoni-jobs-plugin-2-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/chameleon-jobs/vulnerability/wordpress-chameleoni-jobs-plugin-2-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52460.json b/2024/52xxx/CVE-2024-52460.json index 7beb9f1d1a7..55ebd34ff0b 100644 --- a/2024/52xxx/CVE-2024-52460.json +++ b/2024/52xxx/CVE-2024-52460.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52460", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AtaraPay AtaraPay WooCommerce Payment Gateway allows Reflected XSS.This issue affects AtaraPay WooCommerce Payment Gateway: from n/a through 2.0.13." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AtaraPay", + "product": { + "product_data": [ + { + "product_name": "AtaraPay WooCommerce Payment Gateway", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.0.13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/atarapay-woocommerce/vulnerability/wordpress-atarapay-woocommerce-payment-gateway-plugin-2-0-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/atarapay-woocommerce/vulnerability/wordpress-atarapay-woocommerce-payment-gateway-plugin-2-0-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Le Ngoc Anh (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52461.json b/2024/52xxx/CVE-2024-52461.json index 42b4fe83911..7f1b52074c9 100644 --- a/2024/52xxx/CVE-2024-52461.json +++ b/2024/52xxx/CVE-2024-52461.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52461", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kinsta WordPress Hosting Infinite Slider allows Reflected XSS.This issue affects Infinite Slider: from n/a through 2.0.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kinsta WordPress Hosting", + "product": { + "product_data": [ + { + "product_name": "Infinite Slider", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/infinite-slider/vulnerability/wordpress-infinite-slider-plugin-2-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/infinite-slider/vulnerability/wordpress-infinite-slider-plugin-2-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52462.json b/2024/52xxx/CVE-2024-52462.json index e82c2626f0d..db5c88bf59d 100644 --- a/2024/52xxx/CVE-2024-52462.json +++ b/2024/52xxx/CVE-2024-52462.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52462", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacob Schwartz WP e-Commerce Style Email allows Reflected XSS.This issue affects WP e-Commerce Style Email: from n/a through 0.6.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jacob Schwartz", + "product": { + "product_data": [ + { + "product_name": "WP e-Commerce Style Email", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "0.6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-e-commerce-style-email/vulnerability/wordpress-wp-e-commerce-style-email-plugin-0-6-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/wp-e-commerce-style-email/vulnerability/wordpress-wp-e-commerce-style-email-plugin-0-6-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52463.json b/2024/52xxx/CVE-2024-52463.json index 47d8f9993ae..1e7712a6399 100644 --- a/2024/52xxx/CVE-2024-52463.json +++ b/2024/52xxx/CVE-2024-52463.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52463", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kat Hagan Post By Email allows Reflected XSS.This issue affects Post By Email: from n/a through 1.0.4b." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kat Hagan", + "product": { + "product_data": [ + { + "product_name": "Post By Email", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.4b" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/post-by-email/vulnerability/wordpress-post-by-email-plugin-1-0-4b-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/post-by-email/vulnerability/wordpress-post-by-email-plugin-1-0-4b-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52464.json b/2024/52xxx/CVE-2024-52464.json index 51a7dd04529..6b72b44c074 100644 --- a/2024/52xxx/CVE-2024-52464.json +++ b/2024/52xxx/CVE-2024-52464.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52464", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anmari amr shortcodes allows Reflected XSS.This issue affects amr shortcodes: from n/a through 1.7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "anmari", + "product": { + "product_data": [ + { + "product_name": "amr shortcodes", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/amr-shortcodes/vulnerability/wordpress-amr-shortcodes-plugin-1-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/amr-shortcodes/vulnerability/wordpress-amr-shortcodes-plugin-1-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Le Ngoc Anh (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52465.json b/2024/52xxx/CVE-2024-52465.json index 888f1c79ccd..defddaee9d9 100644 --- a/2024/52xxx/CVE-2024-52465.json +++ b/2024/52xxx/CVE-2024-52465.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52465", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 LGPD Framework allows Reflected XSS.This issue affects LGPD Framework: from n/a through 2.0.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Data443", + "product": { + "product_data": [ + { + "product_name": "LGPD Framework", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/lgpd-framework/vulnerability/wordpress-lgpd-framework-plugin-2-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/lgpd-framework/vulnerability/wordpress-lgpd-framework-plugin-2-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52466.json b/2024/52xxx/CVE-2024-52466.json index 4108a4a729c..d4bde371a0b 100644 --- a/2024/52xxx/CVE-2024-52466.json +++ b/2024/52xxx/CVE-2024-52466.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52466", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Explara Explara Events allows Reflected XSS.This issue affects Explara Events: from n/a through 0.1.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Explara", + "product": { + "product_data": [ + { + "product_name": "Explara Events", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "0.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/explara-events/vulnerability/wordpress-explara-events-plugin-0-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/explara-events/vulnerability/wordpress-explara-events-plugin-0-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52467.json b/2024/52xxx/CVE-2024-52467.json index 4b20dc2d9d2..b426ef31bf9 100644 --- a/2024/52xxx/CVE-2024-52467.json +++ b/2024/52xxx/CVE-2024-52467.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52467", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech AI Responsive Gallery Album allows Reflected XSS.This issue affects AI Responsive Gallery Album: from n/a through 1.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "August Infotech", + "product": { + "product_data": [ + { + "product_name": "AI Responsive Gallery Album", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ai-responsive-gallery-album/vulnerability/wordpress-ai-responsive-gallery-album-plugin-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/ai-responsive-gallery-album/vulnerability/wordpress-ai-responsive-gallery-album-plugin-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Le Ngoc Anh (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52468.json b/2024/52xxx/CVE-2024-52468.json index c66befcd6c7..536bb67b9be 100644 --- a/2024/52xxx/CVE-2024-52468.json +++ b/2024/52xxx/CVE-2024-52468.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52468", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LeadBoxer LeadBoxer allows Reflected XSS.This issue affects LeadBoxer: from n/a through 1.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LeadBoxer", + "product": { + "product_data": [ + { + "product_name": "LeadBoxer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/leadboxer/vulnerability/wordpress-leadboxer-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/leadboxer/vulnerability/wordpress-leadboxer-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52469.json b/2024/52xxx/CVE-2024-52469.json index ddc89d363db..f57ad7369d3 100644 --- a/2024/52xxx/CVE-2024-52469.json +++ b/2024/52xxx/CVE-2024-52469.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52469", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dhrubok Infotech WooCommerce Price Alert allows Reflected XSS.This issue affects WooCommerce Price Alert: from n/a through 1.0.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dhrubok Infotech", + "product": { + "product_data": [ + { + "product_name": "WooCommerce Price Alert", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/price-alert-woocommerce/vulnerability/wordpress-woocommerce-price-alert-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/price-alert-woocommerce/vulnerability/wordpress-woocommerce-price-alert-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52476.json b/2024/52xxx/CVE-2024-52476.json index 38b432576c6..4d5e8b2066c 100644 --- a/2024/52xxx/CVE-2024-52476.json +++ b/2024/52xxx/CVE-2024-52476.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52476", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in stefanbohacek Fediverse Embeds allows Upload a Web Shell to a Web Server.This issue affects Fediverse Embeds: from n/a through 1.5.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "stefanbohacek", + "product": { + "product_data": [ + { + "product_name": "Fediverse Embeds", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.5.3", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.5.4", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/fediverse-embeds/vulnerability/wordpress-fediverse-embeds-plugin-1-5-3-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/fediverse-embeds/vulnerability/wordpress-fediverse-embeds-plugin-1-5-3-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Fediverse Embeds plugin to the latest available version (at least 1.5.4)." + } + ], + "value": "Update the WordPress Fediverse Embeds plugin to the latest available version (at least 1.5.4)." + } + ], + "credits": [ + { + "lang": "en", + "value": "stealthcopter (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 10, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseSeverity": "CRITICAL", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52477.json b/2024/52xxx/CVE-2024-52477.json index 7eea5a32f29..04b24b42d8a 100644 --- a/2024/52xxx/CVE-2024-52477.json +++ b/2024/52xxx/CVE-2024-52477.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52477", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in No-nonsense Labs Document & Data Automation allows Stored XSS.This issue affects Document & Data Automation: from n/a through 1.6.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "No-nonsense Labs", + "product": { + "product_data": [ + { + "product_name": "Document & Data Automation", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.6.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.6.2", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/document-data-automation/vulnerability/wordpress-document-data-automation-plugin-1-6-1-csrf-to-stored-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/document-data-automation/vulnerability/wordpress-document-data-automation-plugin-1-6-1-csrf-to-stored-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Document & Data Automation plugin to the latest available version (at least 1.6.2)." + } + ], + "value": "Update the WordPress Document & Data Automation plugin to the latest available version (at least 1.6.2)." + } + ], + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52478.json b/2024/52xxx/CVE-2024-52478.json index 47dd67412a5..4f469ce992d 100644 --- a/2024/52xxx/CVE-2024-52478.json +++ b/2024/52xxx/CVE-2024-52478.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52478", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Stored XSS.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ben Marshall", + "product": { + "product_data": [ + { + "product_name": "Jobify - Job Board WordPress Theme", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "4.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/theme/jobify/vulnerability/wordpress-jobify-theme-4-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/theme/jobify/vulnerability/wordpress-jobify-theme-4-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Ananda Dhakal (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52479.json b/2024/52xxx/CVE-2024-52479.json index aac69b566bf..2ff25f2e087 100644 --- a/2024/52xxx/CVE-2024-52479.json +++ b/2024/52xxx/CVE-2024-52479.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52479", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Cross Site Request Forgery.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ben Marshall", + "product": { + "product_data": [ + { + "product_name": "Jobify - Job Board WordPress Theme", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "4.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/theme/jobify/vulnerability/wordpress-jobify-plugin-4-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/theme/jobify/vulnerability/wordpress-jobify-plugin-4-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Ananda Dhakal (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52482.json b/2024/52xxx/CVE-2024-52482.json index 758fa66eb67..e019fd7f147 100644 --- a/2024/52xxx/CVE-2024-52482.json +++ b/2024/52xxx/CVE-2024-52482.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52482", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ortto Ortto allows Reflected XSS.This issue affects Ortto: from n/a through 1.0.19." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ortto", + "product": { + "product_data": [ + { + "product_name": "Ortto", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.0.19", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.0.21", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/autopilot/vulnerability/wordpress-ortto-plugin-1-0-19-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/autopilot/vulnerability/wordpress-ortto-plugin-1-0-19-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Ortto plugin to the latest available version (at least 1.0.21)." + } + ], + "value": "Update the WordPress Ortto plugin to the latest available version (at least 1.0.21)." + } + ], + "credits": [ + { + "lang": "en", + "value": "Le Ngoc Anh (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52483.json b/2024/52xxx/CVE-2024-52483.json index 6d67ad59ba1..6b164009a20 100644 --- a/2024/52xxx/CVE-2024-52483.json +++ b/2024/52xxx/CVE-2024-52483.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52483", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Igor Beni\u0107 LeanPress allows Reflected XSS.This issue affects LeanPress: from n/a through 1.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Igor Beni\u0107", + "product": { + "product_data": [ + { + "product_name": "LeanPress", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/leanpress/vulnerability/wordpress-leanpress-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/leanpress/vulnerability/wordpress-leanpress-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Zlrqh (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52484.json b/2024/52xxx/CVE-2024-52484.json index ee69c73567b..b632243932a 100644 --- a/2024/52xxx/CVE-2024-52484.json +++ b/2024/52xxx/CVE-2024-52484.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52484", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Subhasish Manna Wc Recently viewed products allows Reflected XSS.This issue affects Wc Recently viewed products: from n/a through 1.0.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Subhasish Manna", + "product": { + "product_data": [ + { + "product_name": "Wc Recently viewed products", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wc-recently-viewed-products/vulnerability/wordpress-wc-recently-viewed-products-plugin-1-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/wc-recently-viewed-products/vulnerability/wordpress-wc-recently-viewed-products-plugin-1-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Muhamad Agil Fachrian (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52486.json b/2024/52xxx/CVE-2024-52486.json index 5d1dcf3bfb2..a3330e19a14 100644 --- a/2024/52xxx/CVE-2024-52486.json +++ b/2024/52xxx/CVE-2024-52486.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52486", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SolverWP Elementor Portfolio Builder allows DOM-Based XSS.This issue affects Elementor Portfolio Builder: from n/a through 1.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SolverWP", + "product": { + "product_data": [ + { + "product_name": "Elementor Portfolio Builder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/portfolio-builder-elementor/vulnerability/wordpress-elementor-portfolio-builder-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/portfolio-builder-elementor/vulnerability/wordpress-elementor-portfolio-builder-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Gab (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52487.json b/2024/52xxx/CVE-2024-52487.json index 6a54cdb9c5f..8dae94ba4c3 100644 --- a/2024/52xxx/CVE-2024-52487.json +++ b/2024/52xxx/CVE-2024-52487.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52487", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Ultimate Classified Listings allows Stored XSS.This issue affects Ultimate Classified Listings: from n/a through 1.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WebCodingPlace", + "product": { + "product_data": [ + { + "product_name": "Ultimate Classified Listings", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ultimate-classified-listings/vulnerability/wordpress-ultimate-classified-listings-plugin-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/ultimate-classified-listings/vulnerability/wordpress-ultimate-classified-listings-plugin-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Fariq Fadillah Gusti Insani (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52489.json b/2024/52xxx/CVE-2024-52489.json index 63f17a0906a..37bff64ef26 100644 --- a/2024/52xxx/CVE-2024-52489.json +++ b/2024/52xxx/CVE-2024-52489.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52489", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Udi Dollberg Add Chat App Button allows Stored XSS.This issue affects Add Chat App Button: from n/a through 2.1.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Udi Dollberg", + "product": { + "product_data": [ + { + "product_name": "Add Chat App Button", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "2.1.5", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.1.8", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/add-whatsapp-button/vulnerability/wordpress-add-chat-app-button-plugin-2-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/add-whatsapp-button/vulnerability/wordpress-add-chat-app-button-plugin-2-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Add Chat App Button plugin to the latest available version (at least 2.1.8)." + } + ], + "value": "Update the WordPress Add Chat App Button plugin to the latest available version (at least 2.1.8)." + } + ], + "credits": [ + { + "lang": "en", + "value": "UKO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 5.9, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52491.json b/2024/52xxx/CVE-2024-52491.json index aa0dcf80d7b..47ea56e5359 100644 --- a/2024/52xxx/CVE-2024-52491.json +++ b/2024/52xxx/CVE-2024-52491.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52491", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sanil Shakya Sticky Social Icons allows Stored XSS.This issue affects Sticky Social Icons: from n/a through 1.2.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sanil Shakya", + "product": { + "product_data": [ + { + "product_name": "Sticky Social Icons", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/sticky-social-icons/vulnerability/wordpress-sticky-social-icons-plugin-1-2-1-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/sticky-social-icons/vulnerability/wordpress-sticky-social-icons-plugin-1-2-1-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "UKO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 5.9, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52492.json b/2024/52xxx/CVE-2024-52492.json index 04f2bc7ed8a..5307f6f0738 100644 --- a/2024/52xxx/CVE-2024-52492.json +++ b/2024/52xxx/CVE-2024-52492.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52492", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gopi Ramasamy Image horizontal reel scroll slideshow allows Stored XSS.This issue affects Image horizontal reel scroll slideshow: from n/a through 13.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Gopi Ramasamy", + "product": { + "product_data": [ + { + "product_name": "Image horizontal reel scroll slideshow", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "13.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/image-horizontal-reel-scroll-slideshow/vulnerability/wordpress-image-horizontal-reel-scroll-slideshow-plugin-13-4-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/image-horizontal-reel-scroll-slideshow/vulnerability/wordpress-image-horizontal-reel-scroll-slideshow-plugin-13-4-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "UKO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 5.9, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52493.json b/2024/52xxx/CVE-2024-52493.json index 83a71bfd693..a99077dbefb 100644 --- a/2024/52xxx/CVE-2024-52493.json +++ b/2024/52xxx/CVE-2024-52493.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52493", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Leuze Meteor Slides allows Stored XSS.This issue affects Meteor Slides: from n/a through 1.5.7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Josh Leuze", + "product": { + "product_data": [ + { + "product_name": "Meteor Slides", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.5.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/meteor-slides/vulnerability/wordpress-meteor-slides-plugin-1-5-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/meteor-slides/vulnerability/wordpress-meteor-slides-plugin-1-5-7-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "UKO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 5.9, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52494.json b/2024/52xxx/CVE-2024-52494.json index 4126469ad67..00b8e8de12d 100644 --- a/2024/52xxx/CVE-2024-52494.json +++ b/2024/52xxx/CVE-2024-52494.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52494", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Varone, Tim Berneman Dynamic \"To Top\" allows Stored XSS.This issue affects Dynamic \"To Top\": from 3.5.2 through n/a." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Matt Varone, Tim Berneman", + "product": { + "product_data": [ + { + "product_name": "Dynamic \"To Top\"", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.5.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/dynamic-to-top/vulnerability/wordpress-dynamic-to-top-plugin-3-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/dynamic-to-top/vulnerability/wordpress-dynamic-to-top-plugin-3-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "UKO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 5.9, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52502.json b/2024/52xxx/CVE-2024-52502.json index 12ff8b920cb..70ca3b60531 100644 --- a/2024/52xxx/CVE-2024-52502.json +++ b/2024/52xxx/CVE-2024-52502.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52502", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imbasynergy ImbaChat allows DOM-Based XSS.This issue affects ImbaChat: from n/a through 3.1.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Imbasynergy", + "product": { + "product_data": [ + { + "product_name": "ImbaChat", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "3.1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/imbachat-widget/vulnerability/wordpress-imbachat-plugin-3-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/imbachat-widget/vulnerability/wordpress-imbachat-plugin-3-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52503.json b/2024/52xxx/CVE-2024-52503.json index 2f6d4ee6c15..d8852145469 100644 --- a/2024/52xxx/CVE-2024-52503.json +++ b/2024/52xxx/CVE-2024-52503.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52503", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tailored Web Services Tailored Tools allows Stored XSS.This issue affects Tailored Tools: from n/a through 1.8.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tailored Web Services", + "product": { + "product_data": [ + { + "product_name": "Tailored Tools", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.8.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/tailored-tools/vulnerability/wordpress-tailored-tools-plugin-1-8-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/tailored-tools/vulnerability/wordpress-tailored-tools-plugin-1-8-4-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "C_T_R_L (Chance) (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53105.json b/2024/53xxx/CVE-2024-53105.json index cc0fd87be5f..90b5b1824ef 100644 --- a/2024/53xxx/CVE-2024-53105.json +++ b/2024/53xxx/CVE-2024-53105.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53105", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: page_alloc: move mlocked flag clearance into free_pages_prepare()\n\nSyzbot reported a bad page state problem caused by a page being freed\nusing free_page() still having a mlocked flag at free_pages_prepare()\nstage:\n\n BUG: Bad page state in process syz.5.504 pfn:61f45\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61f45\n flags: 0xfff00000080204(referenced|workingset|mlocked|node=0|zone=1|lastcpupid=0x7ff)\n raw: 00fff00000080204 0000000000000000 dead000000000122 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\n page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set\n page_owner tracks the page as allocated\n page last allocated via order 0, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), pid 8443, tgid 8442 (syz.5.504), ts 201884660643, free_ts 201499827394\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1537\n prep_new_page mm/page_alloc.c:1545 [inline]\n get_page_from_freelist+0x303f/0x3190 mm/page_alloc.c:3457\n __alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4733\n alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265\n kvm_coalesced_mmio_init+0x1f/0xf0 virt/kvm/coalesced_mmio.c:99\n kvm_create_vm virt/kvm/kvm_main.c:1235 [inline]\n kvm_dev_ioctl_create_vm virt/kvm/kvm_main.c:5488 [inline]\n kvm_dev_ioctl+0x12dc/0x2240 virt/kvm/kvm_main.c:5530\n __do_compat_sys_ioctl fs/ioctl.c:1007 [inline]\n __se_compat_sys_ioctl+0x510/0xc90 fs/ioctl.c:950\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0xb4/0x110 arch/x86/entry/common.c:386\n do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n page last free pid 8399 tgid 8399 stack trace:\n reset_page_owner include/linux/page_owner.h:25 [inline]\n free_pages_prepare mm/page_alloc.c:1108 [inline]\n free_unref_folios+0xf12/0x18d0 mm/page_alloc.c:2686\n folios_put_refs+0x76c/0x860 mm/swap.c:1007\n free_pages_and_swap_cache+0x5c8/0x690 mm/swap_state.c:335\n __tlb_batch_free_encoded_pages mm/mmu_gather.c:136 [inline]\n tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]\n tlb_flush_mmu_free mm/mmu_gather.c:366 [inline]\n tlb_flush_mmu+0x3a3/0x680 mm/mmu_gather.c:373\n tlb_finish_mmu+0xd4/0x200 mm/mmu_gather.c:465\n exit_mmap+0x496/0xc40 mm/mmap.c:1926\n __mmput+0x115/0x390 kernel/fork.c:1348\n exit_mm+0x220/0x310 kernel/exit.c:571\n do_exit+0x9b2/0x28e0 kernel/exit.c:926\n do_group_exit+0x207/0x2c0 kernel/exit.c:1088\n __do_sys_exit_group kernel/exit.c:1099 [inline]\n __se_sys_exit_group kernel/exit.c:1097 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n Modules linked in:\n CPU: 0 UID: 0 PID: 8442 Comm: syz.5.504 Not tainted 6.12.0-rc6-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n Call Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n bad_page+0x176/0x1d0 mm/page_alloc.c:501\n free_page_is_bad mm/page_alloc.c:918 [inline]\n free_pages_prepare mm/page_alloc.c:1100 [inline]\n free_unref_page+0xed0/0xf20 mm/page_alloc.c:2638\n kvm_destroy_vm virt/kvm/kvm_main.c:1327 [inline]\n kvm_put_kvm+0xc75/0x1350 virt/kvm/kvm_main.c:1386\n kvm_vcpu_release+0x54/0x60 virt/kvm/kvm_main.c:4143\n __fput+0x23f/0x880 fs/file_table.c:431\n task_work_run+0x24f/0x310 kernel/task_work.c:239\n exit_task_work include/linux/task_work.h:43 [inline]\n do_exit+0xa2f/0x28e0 kernel/exit.c:939\n do_group_exit+0x207/0x2c0 kernel/exit.c:1088\n __do_sys_exit_group kernel/exit.c:1099 [in\n---truncated---" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "b109b87050df", + "version_value": "7873d11911cd" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.18", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.18", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.11.10", + "lessThanOrEqual": "6.11.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/7873d11911cd1d21e25c354eb130d8c3b5cb3ca5", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7873d11911cd1d21e25c354eb130d8c3b5cb3ca5" + }, + { + "url": "https://git.kernel.org/stable/c/66edc3a5894c74f8887c8af23b97593a0dd0df4d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/66edc3a5894c74f8887c8af23b97593a0dd0df4d" + } + ] + }, + "generator": { + "engine": "bippy-8e903de6a542" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53106.json b/2024/53xxx/CVE-2024-53106.json index 4b40c7e737c..988e35fb0cd 100644 --- a/2024/53xxx/CVE-2024-53106.json +++ b/2024/53xxx/CVE-2024-53106.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53106", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: fix buffer overrun in ima_eventdigest_init_common\n\nFunction ima_eventdigest_init() calls ima_eventdigest_init_common()\nwith HASH_ALGO__LAST which is then used to access the array\nhash_digest_size[] leading to buffer overrun. Have a conditional\nstatement to handle this." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9fab303a2cb3", + "version_value": "e01aae58e818" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.19", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.19", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1.119", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.63", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.11.10", + "lessThanOrEqual": "6.11.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/e01aae58e818503f2ffcd34c6f7dc6f90af1057e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e01aae58e818503f2ffcd34c6f7dc6f90af1057e" + }, + { + "url": "https://git.kernel.org/stable/c/8a84765c62cc0469864e2faee43aae253ad16082", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8a84765c62cc0469864e2faee43aae253ad16082" + }, + { + "url": "https://git.kernel.org/stable/c/1ecf0df5205cfb0907eb7984b8671257965a5232", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/1ecf0df5205cfb0907eb7984b8671257965a5232" + }, + { + "url": "https://git.kernel.org/stable/c/923168a0631bc42fffd55087b337b1b6c54dcff5", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/923168a0631bc42fffd55087b337b1b6c54dcff5" + } + ] + }, + "generator": { + "engine": "bippy-8e903de6a542" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53107.json b/2024/53xxx/CVE-2024-53107.json index 5131a2af85f..87f93aeb9b0 100644 --- a/2024/53xxx/CVE-2024-53107.json +++ b/2024/53xxx/CVE-2024-53107.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53107", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args()\n\nThe \"arg->vec_len\" variable is a u64 that comes from the user at the start\nof the function. The \"arg->vec_len * sizeof(struct page_region))\"\nmultiplication can lead to integer wrapping. Use size_mul() to avoid\nthat.\n\nAlso the size_add/mul() functions work on unsigned long so for 32bit\nsystems we need to ensure that \"arg->vec_len\" fits in an unsigned long." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "52526ca7fdb9", + "version_value": "adee03f8903c" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.7", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.7", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.11.10", + "lessThanOrEqual": "6.11.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/adee03f8903c58a6a559f21388a430211fac8ce9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/adee03f8903c58a6a559f21388a430211fac8ce9" + }, + { + "url": "https://git.kernel.org/stable/c/669b0cb81e4e4e78cff77a5b367c7f70c0c6c05e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/669b0cb81e4e4e78cff77a5b367c7f70c0c6c05e" + } + ] + }, + "generator": { + "engine": "bippy-8e903de6a542" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53108.json b/2024/53xxx/CVE-2024-53108.json index a3ae7dd4148..189803716a9 100644 --- a/2024/53xxx/CVE-2024-53108.json +++ b/2024/53xxx/CVE-2024-53108.json @@ -1,18 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53108", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Adjust VSDB parser for replay feature\n\nAt some point, the IEEE ID identification for the replay check in the\nAMD EDID was added. However, this check causes the following\nout-of-bounds issues when using KASAN:\n\n[ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu]\n[ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383\n\n...\n\n[ 27.821207] Memory state around the buggy address:\n[ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 27.821234] >ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 27.821243] ^\n[ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 27.821268] ==================================================================\n\nThis is caused because the ID extraction happens outside of the range of\nthe edid lenght. This commit addresses this issue by considering the\namd_vsdb_block size.\n\n(cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8)" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "0a326fbc8f72" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.6.63", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.11.10", + "lessThanOrEqual": "6.11.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/0a326fbc8f72a320051f27328d4d4e7abdfe68d7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0a326fbc8f72a320051f27328d4d4e7abdfe68d7" + }, + { + "url": "https://git.kernel.org/stable/c/8db867061f4c76505ad62422b65d666b45289217", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8db867061f4c76505ad62422b65d666b45289217" + }, + { + "url": "https://git.kernel.org/stable/c/16dd2825c23530f2259fc671960a3a65d2af69bd", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/16dd2825c23530f2259fc671960a3a65d2af69bd" + } + ] + }, + "generator": { + "engine": "bippy-8e903de6a542" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53109.json b/2024/53xxx/CVE-2024-53109.json index 3383b01cadf..94d9779b2c7 100644 --- a/2024/53xxx/CVE-2024-53109.json +++ b/2024/53xxx/CVE-2024-53109.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53109", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnommu: pass NULL argument to vma_iter_prealloc()\n\nWhen deleting a vma entry from a maple tree, it has to pass NULL to\nvma_iter_prealloc() in order to calculate internal state of the tree, but\nit passed a wrong argument. As a result, nommu kernels crashed upon\naccessing a vma iterator, such as acct_collect() reading the size of vma\nentries after do_munmap().\n\nThis commit fixes this issue by passing a right argument to the\npreallocation call." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "b5df09226450", + "version_value": "8bbf0ab631cd" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.6", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.6", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.63", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.11.10", + "lessThanOrEqual": "6.11.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/8bbf0ab631cdf1dade6745f137cff98751e6ced7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8bbf0ab631cdf1dade6745f137cff98751e6ced7" + }, + { + "url": "https://git.kernel.org/stable/c/aceaf33b7666b72dfb86e0aa977be81e3bcbc727", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/aceaf33b7666b72dfb86e0aa977be81e3bcbc727" + }, + { + "url": "https://git.kernel.org/stable/c/247d720b2c5d22f7281437fd6054a138256986ba", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/247d720b2c5d22f7281437fd6054a138256986ba" + } + ] + }, + "generator": { + "engine": "bippy-8e903de6a542" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53110.json b/2024/53xxx/CVE-2024-53110.json index 1ea460891ff..b5686551a4a 100644 --- a/2024/53xxx/CVE-2024-53110.json +++ b/2024/53xxx/CVE-2024-53110.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53110", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvp_vdpa: fix id_table array not null terminated error\n\nAllocate one extra virtio_device_id as null terminator, otherwise\nvdpa_mgmtdev_get_classes() may iterate multiple times and visit\nundefined memory." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "ffbda8e9df10", + "version_value": "870d68fe17b5" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.19", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.19", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1.119", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.63", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.11.10", + "lessThanOrEqual": "6.11.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/870d68fe17b5d9032049dcad98b5781a344a8657", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/870d68fe17b5d9032049dcad98b5781a344a8657" + }, + { + "url": "https://git.kernel.org/stable/c/c4d64534d4b1c47d2f1ce427497f971ad4735aae", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c4d64534d4b1c47d2f1ce427497f971ad4735aae" + }, + { + "url": "https://git.kernel.org/stable/c/0a886489d274596ad1a80789d3a773503210a615", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0a886489d274596ad1a80789d3a773503210a615" + }, + { + "url": "https://git.kernel.org/stable/c/4e39ecadf1d2a08187139619f1f314b64ba7d947", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4e39ecadf1d2a08187139619f1f314b64ba7d947" + } + ] + }, + "generator": { + "engine": "bippy-8e903de6a542" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53111.json b/2024/53xxx/CVE-2024-53111.json index d93c4951d2e..1bdad03eeb3 100644 --- a/2024/53xxx/CVE-2024-53111.json +++ b/2024/53xxx/CVE-2024-53111.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53111", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mremap: fix address wraparound in move_page_tables()\n\nOn 32-bit platforms, it is possible for the expression `len + old_addr <\nold_end` to be false-positive if `len + old_addr` wraps around. \n`old_addr` is the cursor in the old range up to which page table entries\nhave been moved; so if the operation succeeded, `old_addr` is the *end* of\nthe old region, and adding `len` to it can wrap.\n\nThe overflow causes mremap() to mistakenly believe that PTEs have been\ncopied; the consequence is that mremap() bails out, but doesn't move the\nPTEs back before the new VMA is unmapped, causing anonymous pages in the\nregion to be lost. So basically if userspace tries to mremap() a\nprivate-anon region and hits this bug, mremap() will return an error and\nthe private-anon region's contents appear to have been zeroed.\n\nThe idea of this check is that `old_end - len` is the original start\naddress, and writing the check that way also makes it easier to read; so\nfix the check by rearranging the comparison accordingly.\n\n(An alternate fix would be to refactor this function by introducing an\n\"orig_old_start\" variable or such.)\n\n\nTested in a VM with a 32-bit X86 kernel; without the patch:\n\n```\nuser@horn:~/big_mremap$ cat test.c\n#define _GNU_SOURCE\n#include \n#include \n#include \n#include \n\n#define ADDR1 ((void*)0x60000000)\n#define ADDR2 ((void*)0x10000000)\n#define SIZE 0x50000000uL\n\nint main(void) {\n unsigned char *p1 = mmap(ADDR1, SIZE, PROT_READ|PROT_WRITE,\n MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED_NOREPLACE, -1, 0);\n if (p1 == MAP_FAILED)\n err(1, \"mmap 1\");\n unsigned char *p2 = mmap(ADDR2, SIZE, PROT_NONE,\n MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED_NOREPLACE, -1, 0);\n if (p2 == MAP_FAILED)\n err(1, \"mmap 2\");\n *p1 = 0x41;\n printf(\"first char is 0x%02hhx\\n\", *p1);\n unsigned char *p3 = mremap(p1, SIZE, SIZE,\n MREMAP_MAYMOVE|MREMAP_FIXED, p2);\n if (p3 == MAP_FAILED) {\n printf(\"mremap() failed; first char is 0x%02hhx\\n\", *p1);\n } else {\n printf(\"mremap() succeeded; first char is 0x%02hhx\\n\", *p3);\n }\n}\nuser@horn:~/big_mremap$ gcc -static -o test test.c\nuser@horn:~/big_mremap$ setarch -R ./test\nfirst char is 0x41\nmremap() failed; first char is 0x00\n```\n\nWith the patch:\n\n```\nuser@horn:~/big_mremap$ setarch -R ./test\nfirst char is 0x41\nmremap() succeeded; first char is 0x41\n```" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "af8ca1c14906", + "version_value": "909543dc279a" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.7", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.7", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.11.10", + "lessThanOrEqual": "6.11.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/909543dc279a91122fb08e4653a72b82f0ad28f4", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/909543dc279a91122fb08e4653a72b82f0ad28f4" + }, + { + "url": "https://git.kernel.org/stable/c/a4a282daf1a190f03790bf163458ea3c8d28d217", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a4a282daf1a190f03790bf163458ea3c8d28d217" + } + ] + }, + "generator": { + "engine": "bippy-8e903de6a542" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53112.json b/2024/53xxx/CVE-2024-53112.json index e2254aabaf3..96fd67490a7 100644 --- a/2024/53xxx/CVE-2024-53112.json +++ b/2024/53xxx/CVE-2024-53112.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53112", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: uncache inode which has failed entering the group\n\nSyzbot has reported the following BUG:\n\nkernel BUG at fs/ocfs2/uptodate.c:509!\n...\nCall Trace:\n \n ? __die_body+0x5f/0xb0\n ? die+0x9e/0xc0\n ? do_trap+0x15a/0x3a0\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? do_error_trap+0x1dc/0x2c0\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? __pfx_do_error_trap+0x10/0x10\n ? handle_invalid_op+0x34/0x40\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? exc_invalid_op+0x38/0x50\n ? asm_exc_invalid_op+0x1a/0x20\n ? ocfs2_set_new_buffer_uptodate+0x2e/0x160\n ? ocfs2_set_new_buffer_uptodate+0x144/0x160\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ocfs2_group_add+0x39f/0x15a0\n ? __pfx_ocfs2_group_add+0x10/0x10\n ? __pfx_lock_acquire+0x10/0x10\n ? mnt_get_write_access+0x68/0x2b0\n ? __pfx_lock_release+0x10/0x10\n ? rcu_read_lock_any_held+0xb7/0x160\n ? __pfx_rcu_read_lock_any_held+0x10/0x10\n ? smack_log+0x123/0x540\n ? mnt_get_write_access+0x68/0x2b0\n ? mnt_get_write_access+0x68/0x2b0\n ? mnt_get_write_access+0x226/0x2b0\n ocfs2_ioctl+0x65e/0x7d0\n ? __pfx_ocfs2_ioctl+0x10/0x10\n ? smack_file_ioctl+0x29e/0x3a0\n ? __pfx_smack_file_ioctl+0x10/0x10\n ? lockdep_hardirqs_on_prepare+0x43d/0x780\n ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10\n ? __pfx_ocfs2_ioctl+0x10/0x10\n __se_sys_ioctl+0xfb/0x170\n do_syscall_64+0xf3/0x230\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n \n\nWhen 'ioctl(OCFS2_IOC_GROUP_ADD, ...)' has failed for the particular\ninode in 'ocfs2_verify_group_and_input()', corresponding buffer head\nremains cached and subsequent call to the same 'ioctl()' for the same\ninode issues the BUG() in 'ocfs2_set_new_buffer_uptodate()' (trying\nto cache the same buffer head of that inode). Fix this by uncaching\nthe buffer head with 'ocfs2_remove_from_cache()' on error path in\n'ocfs2_group_add()'." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7909f2bf8353", + "version_value": "620d22598110" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2.6.25", + "status": "affected" + }, + { + "version": "0", + "lessThan": "2.6.25", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1.119", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.63", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.11.10", + "lessThanOrEqual": "6.11.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/620d22598110b0d0cb97a3fcca65fc473ea86e73", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/620d22598110b0d0cb97a3fcca65fc473ea86e73" + }, + { + "url": "https://git.kernel.org/stable/c/843dfc804af4b338ead42331dd58081b428ecdf8", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/843dfc804af4b338ead42331dd58081b428ecdf8" + }, + { + "url": "https://git.kernel.org/stable/c/b751c50e19d66cfb7360c0b55cf17b0722252d12", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b751c50e19d66cfb7360c0b55cf17b0722252d12" + }, + { + "url": "https://git.kernel.org/stable/c/737f34137844d6572ab7d473c998c7f977ff30eb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/737f34137844d6572ab7d473c998c7f977ff30eb" + } + ] + }, + "generator": { + "engine": "bippy-8e903de6a542" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53113.json b/2024/53xxx/CVE-2024-53113.json index 4384ab1700a..c025475a48e 100644 --- a/2024/53xxx/CVE-2024-53113.json +++ b/2024/53xxx/CVE-2024-53113.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53113", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix NULL pointer dereference in alloc_pages_bulk_noprof\n\nWe triggered a NULL pointer dereference for ac.preferred_zoneref->zone in\nalloc_pages_bulk_noprof() when the task is migrated between cpusets.\n\nWhen cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be\n¤t->mems_allowed. when first_zones_zonelist() is called to find\npreferred_zoneref, the ac->nodemask may be modified concurrently if the\ntask is migrated between different cpusets. Assuming we have 2 NUMA Node,\nwhen traversing Node1 in ac->zonelist, the nodemask is 2, and when\ntraversing Node2 in ac->zonelist, the nodemask is 1. As a result, the\nac->preferred_zoneref points to NULL zone.\n\nIn alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a\nallowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading\nto NULL pointer dereference.\n\n__alloc_pages_noprof() fixes this issue by checking NULL pointer in commit\nea57485af8f4 (\"mm, page_alloc: fix check for NULL preferred_zone\") and\ncommit df76cee6bbeb (\"mm, page_alloc: remove redundant checks from alloc\nfastpath\").\n\nTo fix it, check NULL pointer for preferred_zoneref->zone." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "387ba26fb1cb", + "version_value": "6addb2d9501e" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.13", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.13", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1.119", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.63", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.11.10", + "lessThanOrEqual": "6.11.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/6addb2d9501ec866d7b3a3b4e665307c437e9be2", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6addb2d9501ec866d7b3a3b4e665307c437e9be2" + }, + { + "url": "https://git.kernel.org/stable/c/d0f16cec79774c3132df006cf771eddd89d08f58", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d0f16cec79774c3132df006cf771eddd89d08f58" + }, + { + "url": "https://git.kernel.org/stable/c/31502374627ba9ec3e710dbd0bb00457cc6d2c19", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/31502374627ba9ec3e710dbd0bb00457cc6d2c19" + }, + { + "url": "https://git.kernel.org/stable/c/8ce41b0f9d77cca074df25afd39b86e2ee3aa68e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8ce41b0f9d77cca074df25afd39b86e2ee3aa68e" + } + ] + }, + "generator": { + "engine": "bippy-8e903de6a542" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53114.json b/2024/53xxx/CVE-2024-53114.json index bab2328a41e..c2f9da66dbf 100644 --- a/2024/53xxx/CVE-2024-53114.json +++ b/2024/53xxx/CVE-2024-53114.json @@ -1,18 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53114", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client\n\nA number of Zen4 client SoCs advertise the ability to use virtualized\nVMLOAD/VMSAVE, but using these instructions is reported to be a cause\nof a random host reboot.\n\nThese instructions aren't intended to be advertised on Zen4 client\nso clear the capability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "00c713f84f47" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.11.10", + "lessThanOrEqual": "6.11.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/00c713f84f477a85e524f34aad8fbd11a1c051f0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/00c713f84f477a85e524f34aad8fbd11a1c051f0" + }, + { + "url": "https://git.kernel.org/stable/c/a5ca1dc46a6b610dd4627d8b633d6c84f9724ef0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a5ca1dc46a6b610dd4627d8b633d6c84f9724ef0" + } + ] + }, + "generator": { + "engine": "bippy-8e903de6a542" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53115.json b/2024/53xxx/CVE-2024-53115.json index 351b5417925..3a1022c12a5 100644 --- a/2024/53xxx/CVE-2024-53115.json +++ b/2024/53xxx/CVE-2024-53115.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53115", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle\n\nThe 'vmw_user_object_buffer' function may return NULL with incorrect\ninputs. To avoid possible null pointer dereference, add a check whether\nthe 'bo' is NULL in the vmw_framebuffer_surface_create_handle." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "d6667f0ddf46", + "version_value": "36f64da08055" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.11", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.11", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.11.10", + "lessThanOrEqual": "6.11.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/36f64da080555175b58d85f99f5f90435e274e56", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/36f64da080555175b58d85f99f5f90435e274e56" + }, + { + "url": "https://git.kernel.org/stable/c/93d1f41a82de382845af460bf03bcb17dcbf08c5", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/93d1f41a82de382845af460bf03bcb17dcbf08c5" + } + ] + }, + "generator": { + "engine": "bippy-8e903de6a542" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53116.json b/2024/53xxx/CVE-2024-53116.json index addd2edbd4d..c9170d3275c 100644 --- a/2024/53xxx/CVE-2024-53116.json +++ b/2024/53xxx/CVE-2024-53116.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53116", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panthor: Fix handling of partial GPU mapping of BOs\n\nThis commit fixes the bug in the handling of partial mapping of the\nbuffer objects to the GPU, which caused kernel warnings.\n\nPanthor didn't correctly handle the case where the partial mapping\nspanned multiple scatterlists and the mapping offset didn't point\nto the 1st page of starting scatterlist. The offset variable was\nnot cleared after reaching the starting scatterlist.\n\nFollowing warning messages were seen.\nWARNING: CPU: 1 PID: 650 at drivers/iommu/io-pgtable-arm.c:659 __arm_lpae_unmap+0x254/0x5a0\n\npc : __arm_lpae_unmap+0x254/0x5a0\nlr : __arm_lpae_unmap+0x2cc/0x5a0\n\nCall trace:\n __arm_lpae_unmap+0x254/0x5a0\n __arm_lpae_unmap+0x108/0x5a0\n __arm_lpae_unmap+0x108/0x5a0\n __arm_lpae_unmap+0x108/0x5a0\n arm_lpae_unmap_pages+0x80/0xa0\n panthor_vm_unmap_pages+0xac/0x1c8 [panthor]\n panthor_gpuva_sm_step_unmap+0x4c/0xc8 [panthor]\n op_unmap_cb.isra.23.constprop.30+0x54/0x80\n __drm_gpuvm_sm_unmap+0x184/0x1c8\n drm_gpuvm_sm_unmap+0x40/0x60\n panthor_vm_exec_op+0xa8/0x120 [panthor]\n panthor_vm_bind_exec_sync_op+0xc4/0xe8 [panthor]\n panthor_ioctl_vm_bind+0x10c/0x170 [panthor]\n drm_ioctl_kernel+0xbc/0x138\n drm_ioctl+0x210/0x4b0\n __arm64_sys_ioctl+0xb0/0xf8\n invoke_syscall+0x4c/0x110\n el0_svc_common.constprop.1+0x98/0xf8\n do_el0_svc+0x24/0x38\n el0_svc+0x34/0xc8\n el0t_64_sync_handler+0xa0/0xc8\n el0t_64_sync+0x174/0x178\n\npanthor : [drm] drm_WARN_ON(unmapped_sz != pgsize * pgcount)\nWARNING: CPU: 1 PID: 650 at drivers/gpu/drm/panthor/panthor_mmu.c:922 panthor_vm_unmap_pages+0x124/0x1c8 [panthor]\n\npc : panthor_vm_unmap_pages+0x124/0x1c8 [panthor]\nlr : panthor_vm_unmap_pages+0x124/0x1c8 [panthor]\n\npanthor : [drm] *ERROR* failed to unmap range ffffa388f000-ffffa3890000 (requested range ffffa388c000-ffffa3890000)" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "647810ec2476", + "version_value": "d3e61af64b77" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.10", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.10", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.11.10", + "lessThanOrEqual": "6.11.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/d3e61af64b770e0038470c81f42bd1d0598f6bcc", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d3e61af64b770e0038470c81f42bd1d0598f6bcc" + }, + { + "url": "https://git.kernel.org/stable/c/3387e043918e154ca08d83954966a8b087fe2835", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3387e043918e154ca08d83954966a8b087fe2835" + } + ] + }, + "generator": { + "engine": "bippy-8e903de6a542" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53117.json b/2024/53xxx/CVE-2024-53117.json index 8337a7dd0c3..b6e6bc48b15 100644 --- a/2024/53xxx/CVE-2024-53117.json +++ b/2024/53xxx/CVE-2024-53117.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53117", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio/vsock: Improve MSG_ZEROCOPY error handling\n\nAdd a missing kfree_skb() to prevent memory leaks." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "581512a6dc93", + "version_value": "50061d7319e2" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.7", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.7", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.11.10", + "lessThanOrEqual": "6.11.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/50061d7319e21165d04e3024354c1b43b6137821", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/50061d7319e21165d04e3024354c1b43b6137821" + }, + { + "url": "https://git.kernel.org/stable/c/60cf6206a1f513512f5d73fa4d3dbbcad2e7dcd6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/60cf6206a1f513512f5d73fa4d3dbbcad2e7dcd6" + } + ] + }, + "generator": { + "engine": "bippy-8e903de6a542" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53118.json b/2024/53xxx/CVE-2024-53118.json index 9f5886574e2..7367200109c 100644 --- a/2024/53xxx/CVE-2024-53118.json +++ b/2024/53xxx/CVE-2024-53118.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53118", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix sk_error_queue memory leak\n\nKernel queues MSG_ZEROCOPY completion notifications on the error queue.\nWhere they remain, until explicitly recv()ed. To prevent memory leaks,\nclean up the queue when the socket is destroyed.\n\nunreferenced object 0xffff8881028beb00 (size 224):\n comm \"vsock_test\", pid 1218, jiffies 4294694897\n hex dump (first 32 bytes):\n 90 b0 21 17 81 88 ff ff 90 b0 21 17 81 88 ff ff ..!.......!.....\n 00 00 00 00 00 00 00 00 00 b0 21 17 81 88 ff ff ..........!.....\n backtrace (crc 6c7031ca):\n [] kmem_cache_alloc_node_noprof+0x2f7/0x370\n [] __alloc_skb+0x132/0x180\n [] sock_omalloc+0x4b/0x80\n [] msg_zerocopy_realloc+0x9e/0x240\n [] virtio_transport_send_pkt_info+0x412/0x4c0\n [] virtio_transport_stream_enqueue+0x43/0x50\n [] vsock_connectible_sendmsg+0x373/0x450\n [] ____sys_sendmsg+0x365/0x3a0\n [] ___sys_sendmsg+0x84/0xd0\n [] __sys_sendmsg+0x47/0x80\n [] do_syscall_64+0x93/0x180\n [] entry_SYSCALL_64_after_hwframe+0x76/0x7e" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "581512a6dc93", + "version_value": "bea4779a45f4" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.7", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.7", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.11.10", + "lessThanOrEqual": "6.11.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/bea4779a45f49275b1e1b1bd9de03cd3727244d8", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/bea4779a45f49275b1e1b1bd9de03cd3727244d8" + }, + { + "url": "https://git.kernel.org/stable/c/fbf7085b3ad1c7cc0677834c90f985f1b4f77a33", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/fbf7085b3ad1c7cc0677834c90f985f1b4f77a33" + } + ] + }, + "generator": { + "engine": "bippy-8e903de6a542" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53119.json b/2024/53xxx/CVE-2024-53119.json index 50ccab83b66..f8bae1daaf1 100644 --- a/2024/53xxx/CVE-2024-53119.json +++ b/2024/53xxx/CVE-2024-53119.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53119", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio/vsock: Fix accept_queue memory leak\n\nAs the final stages of socket destruction may be delayed, it is possible\nthat virtio_transport_recv_listen() will be called after the accept_queue\nhas been flushed, but before the SOCK_DONE flag has been set. As a result,\nsockets enqueued after the flush would remain unremoved, leading to a\nmemory leak.\n\nvsock_release\n __vsock_release\n lock\n virtio_transport_release\n virtio_transport_close\n schedule_delayed_work(close_work)\n sk_shutdown = SHUTDOWN_MASK\n(!) flush accept_queue\n release\n virtio_transport_recv_pkt\n vsock_find_bound_socket\n lock\n if flag(SOCK_DONE) return\n virtio_transport_recv_listen\n child = vsock_create_connected\n (!) vsock_enqueue_accept(child)\n release\nclose_work\n lock\n virtio_transport_do_close\n set_flag(SOCK_DONE)\n virtio_transport_remove_sock\n vsock_remove_sock\n vsock_remove_bound\n release\n\nIntroduce a sk_shutdown check to disallow vsock_enqueue_accept() during\nsocket destruction.\n\nunreferenced object 0xffff888109e3f800 (size 2040):\n comm \"kworker/5:2\", pid 371, jiffies 4294940105\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 28 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00 (..@............\n backtrace (crc 9e5f4e84):\n [] kmem_cache_alloc_noprof+0x2c1/0x360\n [] sk_prot_alloc+0x30/0x120\n [] sk_alloc+0x2c/0x4b0\n [] __vsock_create.constprop.0+0x2a/0x310\n [] virtio_transport_recv_pkt+0x4dc/0x9a0\n [] vsock_loopback_work+0xfd/0x140\n [] process_one_work+0x20c/0x570\n [] worker_thread+0x1bf/0x3a0\n [] kthread+0xdd/0x110\n [] ret_from_fork+0x2d/0x50\n [] ret_from_fork_asm+0x1a/0x30" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3fe356d58efa", + "version_value": "946c7600fa22" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.10", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.10", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1.119", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.63", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.11.10", + "lessThanOrEqual": "6.11.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/946c7600fa2207cc8d3fbc86a518ec56f98a5813", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/946c7600fa2207cc8d3fbc86a518ec56f98a5813" + }, + { + "url": "https://git.kernel.org/stable/c/897617a413e0bf1c6380e3b34b2f28f450508549", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/897617a413e0bf1c6380e3b34b2f28f450508549" + }, + { + "url": "https://git.kernel.org/stable/c/2415345042245de7601dcc6eafdbe3a3dcc9e379", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2415345042245de7601dcc6eafdbe3a3dcc9e379" + }, + { + "url": "https://git.kernel.org/stable/c/d7b0ff5a866724c3ad21f2628c22a63336deec3f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d7b0ff5a866724c3ad21f2628c22a63336deec3f" + } + ] + }, + "generator": { + "engine": "bippy-8e903de6a542" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53120.json b/2024/53xxx/CVE-2024-53120.json index 176fdcffdac..32ef980f80a 100644 --- a/2024/53xxx/CVE-2024-53120.json +++ b/2024/53xxx/CVE-2024-53120.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53120", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: CT: Fix null-ptr-deref in add rule err flow\n\nIn error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add()\ncallback returns error, zone_rule->attr is used uninitiated. Fix it to\nuse attr which has the needed pointer value.\n\nKernel log:\n BUG: kernel NULL pointer dereference, address: 0000000000000110\n RIP: 0010:mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core]\n\u2026\n Call Trace:\n \n ? __die+0x20/0x70\n ? page_fault_oops+0x150/0x3e0\n ? exc_page_fault+0x74/0x140\n ? asm_exc_page_fault+0x22/0x30\n ? mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core]\n ? mlx5_tc_ct_entry_add_rule+0x1d5/0x2f0 [mlx5_core]\n mlx5_tc_ct_block_flow_offload+0xc6a/0xf90 [mlx5_core]\n ? nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table]\n nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table]\n flow_offload_work_handler+0x142/0x320 [nf_flow_table]\n ? finish_task_switch.isra.0+0x15b/0x2b0\n process_one_work+0x16c/0x320\n worker_thread+0x28c/0x3a0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xb8/0xf0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n " } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7fac5c2eced3", + "version_value": "0c7c70ff8b69" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.14", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.14", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1.119", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.63", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.11.10", + "lessThanOrEqual": "6.11.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/0c7c70ff8b696cfedba350411dca736361ef9a0f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0c7c70ff8b696cfedba350411dca736361ef9a0f" + }, + { + "url": "https://git.kernel.org/stable/c/06dc488a593020bd2f006798557d2a32104d8359", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/06dc488a593020bd2f006798557d2a32104d8359" + }, + { + "url": "https://git.kernel.org/stable/c/6030f8bd7902e9e276a0edc09bf11979e4e2bc2e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6030f8bd7902e9e276a0edc09bf11979e4e2bc2e" + }, + { + "url": "https://git.kernel.org/stable/c/e99c6873229fe0482e7ceb7d5600e32d623ed9d9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e99c6873229fe0482e7ceb7d5600e32d623ed9d9" + } + ] + }, + "generator": { + "engine": "bippy-8e903de6a542" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53121.json b/2024/53xxx/CVE-2024-53121.json index 66f5b22aa31..b083e1d7644 100644 --- a/2024/53xxx/CVE-2024-53121.json +++ b/2024/53xxx/CVE-2024-53121.json @@ -1,18 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53121", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: fs, lock FTE when checking if active\n\nThe referenced commits introduced a two-step process for deleting FTEs:\n\n- Lock the FTE, delete it from hardware, set the hardware deletion function\n to NULL and unlock the FTE.\n- Lock the parent flow group, delete the software copy of the FTE, and\n remove it from the xarray.\n\nHowever, this approach encounters a race condition if a rule with the same\nmatch value is added simultaneously. In this scenario, fs_core may set the\nhardware deletion function to NULL prematurely, causing a panic during\nsubsequent rule deletions.\n\nTo prevent this, ensure the active flag of the FTE is checked under a lock,\nwhich will prevent the fs_core layer from attaching a new steering rule to\nan FTE that is in the process of deletion.\n\n[ 438.967589] MOSHE: 2496 mlx5_del_flow_rules del_hw_func\n[ 438.968205] ------------[ cut here ]------------\n[ 438.968654] refcount_t: decrement hit 0; leaking memory.\n[ 438.969249] WARNING: CPU: 0 PID: 8957 at lib/refcount.c:31 refcount_warn_saturate+0xfb/0x110\n[ 438.970054] Modules linked in: act_mirred cls_flower act_gact sch_ingress openvswitch nsh mlx5_vdpa vringh vhost_iotlb vdpa mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core zram zsmalloc fuse [last unloaded: cls_flower]\n[ 438.973288] CPU: 0 UID: 0 PID: 8957 Comm: tc Not tainted 6.12.0-rc1+ #8\n[ 438.973888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 438.974874] RIP: 0010:refcount_warn_saturate+0xfb/0x110\n[ 438.975363] Code: 40 66 3b 82 c6 05 16 e9 4d 01 01 e8 1f 7c a0 ff 0f 0b c3 cc cc cc cc 48 c7 c7 10 66 3b 82 c6 05 fd e8 4d 01 01 e8 05 7c a0 ff <0f> 0b c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90\n[ 438.976947] RSP: 0018:ffff888124a53610 EFLAGS: 00010286\n[ 438.977446] RAX: 0000000000000000 RBX: ffff888119d56de0 RCX: 0000000000000000\n[ 438.978090] RDX: ffff88852c828700 RSI: ffff88852c81b3c0 RDI: ffff88852c81b3c0\n[ 438.978721] RBP: ffff888120fa0e88 R08: 0000000000000000 R09: ffff888124a534b0\n[ 438.979353] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888119d56de0\n[ 438.979979] R13: ffff888120fa0ec0 R14: ffff888120fa0ee8 R15: ffff888119d56de0\n[ 438.980607] FS: 00007fe6dcc0f800(0000) GS:ffff88852c800000(0000) knlGS:0000000000000000\n[ 438.983984] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 438.984544] CR2: 00000000004275e0 CR3: 0000000186982001 CR4: 0000000000372eb0\n[ 438.985205] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 438.985842] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 438.986507] Call Trace:\n[ 438.986799] \n[ 438.987070] ? __warn+0x7d/0x110\n[ 438.987426] ? refcount_warn_saturate+0xfb/0x110\n[ 438.987877] ? report_bug+0x17d/0x190\n[ 438.988261] ? prb_read_valid+0x17/0x20\n[ 438.988659] ? handle_bug+0x53/0x90\n[ 438.989054] ? exc_invalid_op+0x14/0x70\n[ 438.989458] ? asm_exc_invalid_op+0x16/0x20\n[ 438.989883] ? refcount_warn_saturate+0xfb/0x110\n[ 438.990348] mlx5_del_flow_rules+0x2f7/0x340 [mlx5_core]\n[ 438.990932] __mlx5_eswitch_del_rule+0x49/0x170 [mlx5_core]\n[ 438.991519] ? mlx5_lag_is_sriov+0x3c/0x50 [mlx5_core]\n[ 438.992054] ? xas_load+0x9/0xb0\n[ 438.992407] mlx5e_tc_rule_unoffload+0x45/0xe0 [mlx5_core]\n[ 438.993037] mlx5e_tc_del_fdb_flow+0x2a6/0x2e0 [mlx5_core]\n[ 438.993623] mlx5e_flow_put+0x29/0x60 [mlx5_core]\n[ 438.994161] mlx5e_delete_flower+0x261/0x390 [mlx5_core]\n[ 438.994728] tc_setup_cb_destroy+0xb9/0x190\n[ 438.995150] fl_hw_destroy_filter+0x94/0xc0 [cls_flower]\n[ 438.995650] fl_change+0x11a4/0x13c0 [cls_flower]\n[ 438.996105] tc_new_tfilter+0x347/0xbc0\n[ 438.996503] ? __\n---truncated---" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "718ce4d601db", + "version_value": "bfba288f5319" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.1", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.1", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1.119", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.63", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.11.10", + "lessThanOrEqual": "6.11.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/bfba288f53192db08c68d4c568db9783fb9cb838", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/bfba288f53192db08c68d4c568db9783fb9cb838" + }, + { + "url": "https://git.kernel.org/stable/c/094d1a2121cee1e85ab07d74388f94809dcfb5b9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/094d1a2121cee1e85ab07d74388f94809dcfb5b9" + }, + { + "url": "https://git.kernel.org/stable/c/933ef0d17f012b653e9e6006e3f50c8d0238b5ed", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/933ef0d17f012b653e9e6006e3f50c8d0238b5ed" + }, + { + "url": "https://git.kernel.org/stable/c/9ca314419930f9135727e39d77e66262d5f7bef6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9ca314419930f9135727e39d77e66262d5f7bef6" + } + ] + }, + "generator": { + "engine": "bippy-8e903de6a542" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53707.json b/2024/53xxx/CVE-2024-53707.json index 3a5ac7f6e95..01e28d11328 100644 --- a/2024/53xxx/CVE-2024-53707.json +++ b/2024/53xxx/CVE-2024-53707.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53707", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ahmet \u0130mamo\u011flu Ahmeti Wp G\u00fczel S\u00f6zler allows Cross Site Request Forgery.This issue affects Ahmeti Wp G\u00fczel S\u00f6zler: from n/a through 4.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ahmet \u0130mamo\u011flu", + "product": { + "product_data": [ + { + "product_name": "Ahmeti Wp G\u00fczel S\u00f6zler", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ahmeti-wp-guzel-sozler/vulnerability/wordpress-ahmeti-wp-guezel-soezler-plugin-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/ahmeti-wp-guzel-sozler/vulnerability/wordpress-ahmeti-wp-guezel-soezler-plugin-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "thiennv (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53708.json b/2024/53xxx/CVE-2024-53708.json index e7384cf02c6..464d9e80b42 100644 --- a/2024/53xxx/CVE-2024-53708.json +++ b/2024/53xxx/CVE-2024-53708.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53708", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in AutoQuiz AI Quiz allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AI Quiz: from n/a through 1.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AutoQuiz", + "product": { + "product_data": [ + { + "product_name": "AI Quiz", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/ai-quiz/vulnerability/wordpress-ai-quiz-plugin-1-1-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/ai-quiz/vulnerability/wordpress-ai-quiz-plugin-1-1-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53709.json b/2024/53xxx/CVE-2024-53709.json index 67fa42ede56..31faaac759a 100644 --- a/2024/53xxx/CVE-2024-53709.json +++ b/2024/53xxx/CVE-2024-53709.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53709", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bdevs Generic Elements allows DOM-Based XSS.This issue affects Generic Elements: from n/a through 1.2.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bdevs", + "product": { + "product_data": [ + { + "product_name": "Generic Elements", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/generic-elements-for-elementor/vulnerability/wordpress-generic-elements-plugin-1-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/generic-elements-for-elementor/vulnerability/wordpress-generic-elements-plugin-1-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Gab (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53710.json b/2024/53xxx/CVE-2024-53710.json index b07d1722725..99d7f4684b4 100644 --- a/2024/53xxx/CVE-2024-53710.json +++ b/2024/53xxx/CVE-2024-53710.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53710", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in ITERAS ITERAS allows Stored XSS.This issue affects ITERAS: from n/a through 1.7.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ITERAS", + "product": { + "product_data": [ + { + "product_name": "ITERAS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/iteras/vulnerability/wordpress-iteras-plugin-1-7-0-csrf-to-stored-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/iteras/vulnerability/wordpress-iteras-plugin-1-7-0-csrf-to-stored-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53711.json b/2024/53xxx/CVE-2024-53711.json index 09059dfd688..757de4d3a0d 100644 --- a/2024/53xxx/CVE-2024-53711.json +++ b/2024/53xxx/CVE-2024-53711.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53711", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Jean-Marc BIANCA Hotlink2Watermark allows Stored XSS.This issue affects Hotlink2Watermark: from n/a through 0.3.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jean-Marc BIANCA", + "product": { + "product_data": [ + { + "product_name": "Hotlink2Watermark", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "0.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/hotlink2watermark/vulnerability/wordpress-hotlink2watermark-plugin-0-3-2-csrf-to-stored-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/hotlink2watermark/vulnerability/wordpress-hotlink2watermark-plugin-0-3-2-csrf-to-stored-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53712.json b/2024/53xxx/CVE-2024-53712.json index 90ca95a9501..b2ad2bc0e8d 100644 --- a/2024/53xxx/CVE-2024-53712.json +++ b/2024/53xxx/CVE-2024-53712.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53712", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Kevin McCabe Kevin's allows Stored XSS.This issue affects Kevin's: from n/a through 2.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kevin McCabe", + "product": { + "product_data": [ + { + "product_name": "Kevin's", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/kevins-plugin/vulnerability/wordpress-kevin-s-plugin-2-0-0-csrf-to-stored-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/kevins-plugin/vulnerability/wordpress-kevin-s-plugin-2-0-0-csrf-to-stored-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53713.json b/2024/53xxx/CVE-2024-53713.json index 5132a2556a8..0fe410200a9 100644 --- a/2024/53xxx/CVE-2024-53713.json +++ b/2024/53xxx/CVE-2024-53713.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53713", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Alain Diart for les-sushi-codeurs.fr & Eric Ambrosi for regart.net Silverlight Video Player allows Stored XSS.This issue affects Silverlight Video Player: from n/a through 1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Alain Diart for les-sushi-codeurs.fr & Eric Ambrosi for regart.net", + "product": { + "product_data": [ + { + "product_name": "Silverlight Video Player", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/smooth-streaming-player/vulnerability/wordpress-silverlight-video-player-plugin-1-0-csrf-to-stored-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/smooth-streaming-player/vulnerability/wordpress-silverlight-video-player-plugin-1-0-csrf-to-stored-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53714.json b/2024/53xxx/CVE-2024-53714.json index 912023fb837..7ced2d1be1e 100644 --- a/2024/53xxx/CVE-2024-53714.json +++ b/2024/53xxx/CVE-2024-53714.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53714", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Arrow Design Continue Shopping From Cart allows Stored XSS.This issue affects Continue Shopping From Cart: from n/a through 1.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Arrow Design", + "product": { + "product_data": [ + { + "product_name": "Continue Shopping From Cart", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/continue-shopping-from-cart-page/vulnerability/wordpress-continue-shopping-from-cart-plugin-1-3-csrf-to-stored-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/continue-shopping-from-cart-page/vulnerability/wordpress-continue-shopping-from-cart-plugin-1-3-csrf-to-stored-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53715.json b/2024/53xxx/CVE-2024-53715.json index 778120e09be..a9b6748e591 100644 --- a/2024/53xxx/CVE-2024-53715.json +++ b/2024/53xxx/CVE-2024-53715.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53715", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Simple Travel Map allows Stored XSS.This issue affects Simple Travel Map: from n/a through 0.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Thomas Hoefter", + "product": { + "product_data": [ + { + "product_name": "Simple Travel Map", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/simple-travel-map/vulnerability/wordpress-simple-travel-map-plugin-0-1-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/simple-travel-map/vulnerability/wordpress-simple-travel-map-plugin-0-1-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53716.json b/2024/53xxx/CVE-2024-53716.json index 0f2bcffa64d..0ff213210e4 100644 --- a/2024/53xxx/CVE-2024-53716.json +++ b/2024/53xxx/CVE-2024-53716.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53716", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in overtrue wp auto top allows Stored XSS.This issue affects wp auto top: from n/a through 2.9.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "overtrue", + "product": { + "product_data": [ + { + "product_name": "wp auto top", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.9.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-auto-top/vulnerability/wordpress-wp-auto-top-plugin-2-9-3-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/wp-auto-top/vulnerability/wordpress-wp-auto-top-plugin-2-9-3-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53717.json b/2024/53xxx/CVE-2024-53717.json index 32fb8f8c2bd..c6bbe449a65 100644 --- a/2024/53xxx/CVE-2024-53717.json +++ b/2024/53xxx/CVE-2024-53717.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53717", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Yonatan Reinberg yPHPlista allows Stored XSS.This issue affects yPHPlista: from n/a through 1.1.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Yonatan Reinberg", + "product": { + "product_data": [ + { + "product_name": "yPHPlista", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/yphplista/vulnerability/wordpress-yphplista-plugin-1-1-1-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/yphplista/vulnerability/wordpress-yphplista-plugin-1-1-1-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53718.json b/2024/53xxx/CVE-2024-53718.json index 241ad82fcae..88e6f251730 100644 --- a/2024/53xxx/CVE-2024-53718.json +++ b/2024/53xxx/CVE-2024-53718.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53718", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Multi Feed Reader allows Stored XSS.This issue affects Multi Feed Reader: from n/a through 2.2.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Eric Teubert", + "product": { + "product_data": [ + { + "product_name": "Multi Feed Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.2.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/multi-feed-reader/vulnerability/wordpress-multi-feed-reader-plugin-2-2-4-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/multi-feed-reader/vulnerability/wordpress-multi-feed-reader-plugin-2-2-4-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Joshua Chan (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53719.json b/2024/53xxx/CVE-2024-53719.json index 0e678e39034..a95fcc1e39b 100644 --- a/2024/53xxx/CVE-2024-53719.json +++ b/2024/53xxx/CVE-2024-53719.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53719", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Zajax \u2013 Ajax Navigation allows Stored XSS.This issue affects Zajax \u2013 Ajax Navigation: from n/a through 0.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "onigetoc", + "product": { + "product_data": [ + { + "product_name": "Zajax \u2013 Ajax Navigation", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/zajax-ajax-navigation/vulnerability/wordpress-zajax-ajax-navigation-plugin-0-4-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/zajax-ajax-navigation/vulnerability/wordpress-zajax-ajax-navigation-plugin-0-4-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53720.json b/2024/53xxx/CVE-2024-53720.json index f3eae8895f1..1ba5069d537 100644 --- a/2024/53xxx/CVE-2024-53720.json +++ b/2024/53xxx/CVE-2024-53720.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53720", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in ole1986 , MachineITSvcs WP-ISPConfig 3 allows Stored XSS.This issue affects WP-ISPConfig 3: from n/a through 1.5.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ole1986 , MachineITSvcs", + "product": { + "product_data": [ + { + "product_name": "WP-ISPConfig 3", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.5.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-ispconfig3/vulnerability/wordpress-wp-ispconfig-3-plugin-1-5-6-csrf-to-stored-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/wp-ispconfig3/vulnerability/wordpress-wp-ispconfig-3-plugin-1-5-6-csrf-to-stored-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53721.json b/2024/53xxx/CVE-2024-53721.json index e9e1113091e..5ca71bf9ce5 100644 --- a/2024/53xxx/CVE-2024-53721.json +++ b/2024/53xxx/CVE-2024-53721.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53721", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stachethemes Advanced Event Manager allows Stored XSS.This issue affects Advanced Event Manager: from n/a through 1.1.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Stachethemes", + "product": { + "product_data": [ + { + "product_name": "Advanced Event Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/advanced-event-manager/vulnerability/wordpress-advanced-event-manager-plugin-1-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/advanced-event-manager/vulnerability/wordpress-advanced-event-manager-plugin-1-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53722.json b/2024/53xxx/CVE-2024-53722.json index 436a34392cc..b71381a21ae 100644 --- a/2024/53xxx/CVE-2024-53722.json +++ b/2024/53xxx/CVE-2024-53722.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53722", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rockemmusic Favicon My Blog allows Stored XSS.This issue affects Favicon My Blog: from n/a through 1.0.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockemmusic", + "product": { + "product_data": [ + { + "product_name": "Favicon My Blog", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/favicon-my-blog/vulnerability/wordpress-favicon-my-blog-plugin-1-0-2-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/favicon-my-blog/vulnerability/wordpress-favicon-my-blog-plugin-1-0-2-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53723.json b/2024/53xxx/CVE-2024-53723.json index 3109cc3185b..e8fa656adaf 100644 --- a/2024/53xxx/CVE-2024-53723.json +++ b/2024/53xxx/CVE-2024-53723.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in A.Cihangir BALTACI Google Plus Share and +1 Button allows Stored XSS.This issue affects Google Plus Share and +1 Button: from n/a through 1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "A.Cihangir BALTACI", + "product": { + "product_data": [ + { + "product_name": "Google Plus Share and +1 Button", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/google-plus-share-and-plusone-button/vulnerability/wordpress-google-plus-share-and-1-button-plugin-1-0-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/google-plus-share-and-plusone-button/vulnerability/wordpress-google-plus-share-and-1-button-plugin-1-0-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53724.json b/2024/53xxx/CVE-2024-53724.json index 462ff976f19..ea3c9139cac 100644 --- a/2024/53xxx/CVE-2024-53724.json +++ b/2024/53xxx/CVE-2024-53724.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53724", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ronny L. Bull IceStats allows Stored XSS.This issue affects IceStats: from n/a through 1.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ronny L. Bull", + "product": { + "product_data": [ + { + "product_name": "IceStats", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/icestats/vulnerability/wordpress-icestats-plugin-1-3-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/icestats/vulnerability/wordpress-icestats-plugin-1-3-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53725.json b/2024/53xxx/CVE-2024-53725.json index c68966b509d..8c958d8d9de 100644 --- a/2024/53xxx/CVE-2024-53725.json +++ b/2024/53xxx/CVE-2024-53725.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53725", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Script-Recipes Post Hits Counter allows Reflected XSS.This issue affects Post Hits Counter: from n/a through 2.8.23." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Script-Recipes", + "product": { + "product_data": [ + { + "product_name": "Post Hits Counter", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.8.23" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/hits-counter/vulnerability/wordpress-post-hits-counter-plugin-2-8-23-csrf-to-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/hits-counter/vulnerability/wordpress-post-hits-counter-plugin-2-8-23-csrf-to-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53726.json b/2024/53xxx/CVE-2024-53726.json index e1ec49a7864..2f24dc20592 100644 --- a/2024/53xxx/CVE-2024-53726.json +++ b/2024/53xxx/CVE-2024-53726.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53726", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Realty Candy RealtyCandy IDX Broker Extended allows Stored XSS.This issue affects RealtyCandy IDX Broker Extended: from n/a through 1.5.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Realty Candy", + "product": { + "product_data": [ + { + "product_name": "RealtyCandy IDX Broker Extended", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/realtycandy-idx-broker-extended/vulnerability/wordpress-realtycandy-idx-broker-extended-plugin-1-5-1-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/realtycandy-idx-broker-extended/vulnerability/wordpress-realtycandy-idx-broker-extended-plugin-1-5-1-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53727.json b/2024/53xxx/CVE-2024-53727.json index f89dfba28f6..39784d887fd 100644 --- a/2024/53xxx/CVE-2024-53727.json +++ b/2024/53xxx/CVE-2024-53727.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53727", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in LinkLaunder.com LinkLaunder SEO allows Stored XSS.This issue affects LinkLaunder SEO: from n/a through 0.92.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LinkLaunder.com", + "product": { + "product_data": [ + { + "product_name": "LinkLaunder SEO", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "0.92.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/linklaunder-seo-plugin/vulnerability/wordpress-linklaunder-seo-plugin-0-92-1-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/linklaunder-seo-plugin/vulnerability/wordpress-linklaunder-seo-plugin-0-92-1-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53728.json b/2024/53xxx/CVE-2024-53728.json index bae67fba561..2e4cdad214f 100644 --- a/2024/53xxx/CVE-2024-53728.json +++ b/2024/53xxx/CVE-2024-53728.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53728", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in SEO-K\u00fcche Internet Marketing GmbH & Co. KG Protect Your Content allows Stored XSS.This issue affects Protect Your Content: from n/a through 1.0.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SEO-K\u00fcche Internet Marketing GmbH & Co. KG", + "product": { + "product_data": [ + { + "product_name": "Protect Your Content", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/protect-your-content/vulnerability/wordpress-protect-your-content-plugin-1-0-2-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/protect-your-content/vulnerability/wordpress-protect-your-content-plugin-1-0-2-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53729.json b/2024/53xxx/CVE-2024-53729.json index acb9e745b36..0a35773b589 100644 --- a/2024/53xxx/CVE-2024-53729.json +++ b/2024/53xxx/CVE-2024-53729.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53729", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Plumeria Web Design Blizzard Quotes allows Stored XSS.This issue affects Blizzard Quotes: from n/a through 1.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Plumeria Web Design", + "product": { + "product_data": [ + { + "product_name": "Blizzard Quotes", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/blizzard-quotes/vulnerability/wordpress-blizzard-quotes-plugin-1-3-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/blizzard-quotes/vulnerability/wordpress-blizzard-quotes-plugin-1-3-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53741.json b/2024/53xxx/CVE-2024-53741.json index 28b95c0cbfe..27465f88508 100644 --- a/2024/53xxx/CVE-2024-53741.json +++ b/2024/53xxx/CVE-2024-53741.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53741", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Garrett Grimm Simple Popup allows DOM-Based XSS.This issue affects Simple Popup: from n/a through 4.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Garrett Grimm", + "product": { + "product_data": [ + { + "product_name": "Simple Popup", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "4.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/simple-popup-plugin/vulnerability/wordpress-simple-popup-plugin-4-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/simple-popup-plugin/vulnerability/wordpress-simple-popup-plugin-4-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "theviper17 (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53751.json b/2024/53xxx/CVE-2024-53751.json index cd8df03ecb7..16325e896c9 100644 --- a/2024/53xxx/CVE-2024-53751.json +++ b/2024/53xxx/CVE-2024-53751.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53751", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Abdul Hakeem Build App Online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through 1.0.22." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Abdul Hakeem", + "product": { + "product_data": [ + { + "product_name": "Build App Online", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.22" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/build-app-online/vulnerability/wordpress-build-app-online-plugin-1-0-22-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/build-app-online/vulnerability/wordpress-build-app-online-plugin-1-0-22-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Muhamad Agil Fachrian (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53753.json b/2024/53xxx/CVE-2024-53753.json index 70e45e69c95..45b1422c95e 100644 --- a/2024/53xxx/CVE-2024-53753.json +++ b/2024/53xxx/CVE-2024-53753.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53753", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in CultBooking CultBooking Hotel Booking Engine allows Stored XSS.This issue affects CultBooking Hotel Booking Engine: from n/a through 2.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CultBooking", + "product": { + "product_data": [ + { + "product_name": "CultBooking Hotel Booking Engine", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/cultbooking-booking-engine/vulnerability/wordpress-cultbooking-hotel-booking-engine-plugin-2-1-csrf-to-stored-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/cultbooking-booking-engine/vulnerability/wordpress-cultbooking-hotel-booking-engine-plugin-2-1-csrf-to-stored-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53754.json b/2024/53xxx/CVE-2024-53754.json index 8211f29b449..a6603105400 100644 --- a/2024/53xxx/CVE-2024-53754.json +++ b/2024/53xxx/CVE-2024-53754.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53754", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Arrow Design Out Of Stock Badge allows Cross Site Request Forgery.This issue affects Out Of Stock Badge: from n/a through 1.3.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Arrow Design", + "product": { + "product_data": [ + { + "product_name": "Out Of Stock Badge", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/out-of-stock-badge/vulnerability/wordpress-out-of-stock-badge-plugin-1-3-1-csrf-to-stored-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/out-of-stock-badge/vulnerability/wordpress-out-of-stock-badge-plugin-1-3-1-csrf-to-stored-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53755.json b/2024/53xxx/CVE-2024-53755.json index 19611b3e0c4..dd5b91c8d95 100644 --- a/2024/53xxx/CVE-2024-53755.json +++ b/2024/53xxx/CVE-2024-53755.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53755", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Andrea Pernici Third Party Cookie Eraser allows Stored XSS.This issue affects Third Party Cookie Eraser: from n/a through 1.0.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Andrea Pernici", + "product": { + "product_data": [ + { + "product_name": "Third Party Cookie Eraser", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/third-party-cookie-eraser/vulnerability/wordpress-third-party-cookie-eraser-plugin-1-0-2-csrf-to-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/third-party-cookie-eraser/vulnerability/wordpress-third-party-cookie-eraser-plugin-1-0-2-csrf-to-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53759.json b/2024/53xxx/CVE-2024-53759.json index 26713bef2b5..bef1e73d2fc 100644 --- a/2024/53xxx/CVE-2024-53759.json +++ b/2024/53xxx/CVE-2024-53759.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53759", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Planet Studio team ArCa Payment Gateway allows Stored XSS.This issue affects ArCa Payment Gateway: from n/a through 1.3.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Planet Studio team", + "product": { + "product_data": [ + { + "product_name": "ArCa Payment Gateway", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/arca-payment-gateway/vulnerability/wordpress-arca-payment-gateway-plugin-1-3-1-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/arca-payment-gateway/vulnerability/wordpress-arca-payment-gateway-plugin-1-3-1-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53761.json b/2024/53xxx/CVE-2024-53761.json index 2233655ad86..b7870a28415 100644 --- a/2024/53xxx/CVE-2024-53761.json +++ b/2024/53xxx/CVE-2024-53761.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53761", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in P. Roy WP Revisions Manager allows Cross Site Request Forgery.This issue affects WP Revisions Manager: from n/a through 1.0.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "P. Roy", + "product": { + "product_data": [ + { + "product_name": "WP Revisions Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-revisions-manager/vulnerability/wordpress-wp-revisions-manager-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/wp-revisions-manager/vulnerability/wordpress-wp-revisions-manager-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Marek Mikita (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53762.json b/2024/53xxx/CVE-2024-53762.json index b6da971ccfe..c3d02cb74bc 100644 --- a/2024/53xxx/CVE-2024-53762.json +++ b/2024/53xxx/CVE-2024-53762.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53762", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Faster Themes FastBook \u2013 Responsive Appointment Booking and Scheduling System allows Stored XSS.This issue affects FastBook \u2013 Responsive Appointment Booking and Scheduling System: from n/a through 1.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Faster Themes", + "product": { + "product_data": [ + { + "product_name": "FastBook \u2013 Responsive Appointment Booking and Scheduling System", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/fastbook-responsive-appointment-booking-and-scheduling-system/vulnerability/wordpress-fastbook-plugin-1-1-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/fastbook-responsive-appointment-booking-and-scheduling-system/vulnerability/wordpress-fastbook-plugin-1-1-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53765.json b/2024/53xxx/CVE-2024-53765.json index 9e29be87090..615ca350534 100644 --- a/2024/53xxx/CVE-2024-53765.json +++ b/2024/53xxx/CVE-2024-53765.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53765", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Think201 Mins To Read allows Stored XSS.This issue affects Mins To Read: from n/a through 1.2.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Think201", + "product": { + "product_data": [ + { + "product_name": "Mins To Read", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/mins-to-read/vulnerability/wordpress-mins-to-read-plugin-1-2-2-csrf-to-stored-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/mins-to-read/vulnerability/wordpress-mins-to-read-plugin-1-2-2-csrf-to-stored-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53769.json b/2024/53xxx/CVE-2024-53769.json index 63ce455a561..6ccca4ab4af 100644 --- a/2024/53xxx/CVE-2024-53769.json +++ b/2024/53xxx/CVE-2024-53769.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53769", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ludovic RIAUDEL Custom Post Type to Map Store allows Stored XSS.This issue affects Custom Post Type to Map Store: from n/a through 1.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ludovic RIAUDEL", + "product": { + "product_data": [ + { + "product_name": "Custom Post Type to Map Store", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/cpt-to-map-store/vulnerability/wordpress-custom-post-type-to-map-store-plugin-1-1-0-csrf-to-stored-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/cpt-to-map-store/vulnerability/wordpress-custom-post-type-to-map-store-plugin-1-1-0-csrf-to-stored-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53770.json b/2024/53xxx/CVE-2024-53770.json index 3a994a61b93..e72cb3c3b50 100644 --- a/2024/53xxx/CVE-2024-53770.json +++ b/2024/53xxx/CVE-2024-53770.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53770", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Peter MacIntyre RingCentral Communications allows Stored XSS.This issue affects RingCentral Communications: from n/a through 1.6.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Peter MacIntyre", + "product": { + "product_data": [ + { + "product_name": "RingCentral Communications", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/rccp-free/vulnerability/wordpress-ringcentral-communications-plugin-1-6-1-csrf-to-stored-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/rccp-free/vulnerability/wordpress-ringcentral-communications-plugin-1-6-1-csrf-to-stored-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53775.json b/2024/53xxx/CVE-2024-53775.json index 50ed71b3428..a7a154f0db4 100644 --- a/2024/53xxx/CVE-2024-53775.json +++ b/2024/53xxx/CVE-2024-53775.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53775", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in TannerRitchie Web Applications/DancePress DancePress (TRWA) allows Cross Site Request Forgery.This issue affects DancePress (TRWA): from n/a through 3.1.11." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TannerRitchie Web Applications/DancePress", + "product": { + "product_data": [ + { + "product_name": "DancePress (TRWA)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "3.1.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/dancepress-trwa/vulnerability/wordpress-dancepress-trwa-plugin-3-1-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/dancepress-trwa/vulnerability/wordpress-dancepress-trwa-plugin-3-1-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "thiennv (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53776.json b/2024/53xxx/CVE-2024-53776.json index 3a36d8d14c4..d488470dc64 100644 --- a/2024/53xxx/CVE-2024-53776.json +++ b/2024/53xxx/CVE-2024-53776.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53776", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Raphael Heide Donate Me allows Stored XSS.This issue affects Donate Me: from n/a through 1.2.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Raphael Heide", + "product": { + "product_data": [ + { + "product_name": "Donate Me", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/donate-me/vulnerability/wordpress-donate-me-plugin-1-2-5-csrf-to-stored-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/donate-me/vulnerability/wordpress-donate-me-plugin-1-2-5-csrf-to-stored-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53777.json b/2024/53xxx/CVE-2024-53777.json index de2bc8566df..5f1dc236c36 100644 --- a/2024/53xxx/CVE-2024-53777.json +++ b/2024/53xxx/CVE-2024-53777.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53777", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Alberto Reineri Simple Header and Footer allows Stored XSS.This issue affects Simple Header and Footer: from n/a through 1.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Alberto Reineri", + "product": { + "product_data": [ + { + "product_name": "Simple Header and Footer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/simple-header-and-footer/vulnerability/wordpress-simple-header-and-footer-plugin-1-0-0-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/simple-header-and-footer/vulnerability/wordpress-simple-header-and-footer-plugin-1-0-0-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53779.json b/2024/53xxx/CVE-2024-53779.json index efba61beff5..a1305351a0f 100644 --- a/2024/53xxx/CVE-2024-53779.json +++ b/2024/53xxx/CVE-2024-53779.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53779", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Max Engel Yahoo! WebPlayer allows Stored XSS.This issue affects Yahoo! WebPlayer: from n/a through 2.0.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Max Engel", + "product": { + "product_data": [ + { + "product_name": "Yahoo! WebPlayer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/yahoo-media-player/vulnerability/wordpress-yahoo-webplayer-plugin-2-0-6-csrf-to-stored-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/yahoo-media-player/vulnerability/wordpress-yahoo-webplayer-plugin-2-0-6-csrf-to-stored-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53780.json b/2024/53xxx/CVE-2024-53780.json index 42a61308847..e3e04acbb54 100644 --- a/2024/53xxx/CVE-2024-53780.json +++ b/2024/53xxx/CVE-2024-53780.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53780", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rajeev Chauhan Load More Posts allows Stored XSS.This issue affects Load More Posts: from n/a through 1.4.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rajeev Chauhan", + "product": { + "product_data": [ + { + "product_name": "Load More Posts", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/load-more-posts/vulnerability/wordpress-load-more-posts-plugin-1-4-0-csrf-to-stored-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/load-more-posts/vulnerability/wordpress-load-more-posts-plugin-1-4-0-csrf-to-stored-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53781.json b/2024/53xxx/CVE-2024-53781.json index e4384ccd7bd..e4a71319b2d 100644 --- a/2024/53xxx/CVE-2024-53781.json +++ b/2024/53xxx/CVE-2024-53781.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53781", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Home Junction SpatialMatch IDX allows Stored XSS.This issue affects SpatialMatch IDX: from n/a through 3.0.9." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Home Junction", + "product": { + "product_data": [ + { + "product_name": "SpatialMatch IDX", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "3.0.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/spatialmatch-free-lifestyle-search/vulnerability/wordpress-spatialmatch-idx-plugin-3-0-9-csrf-to-stored-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/spatialmatch-free-lifestyle-search/vulnerability/wordpress-spatialmatch-idx-plugin-3-0-9-csrf-to-stored-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53782.json b/2024/53xxx/CVE-2024-53782.json index 71cc29fbf30..21ef7a9e347 100644 --- a/2024/53xxx/CVE-2024-53782.json +++ b/2024/53xxx/CVE-2024-53782.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53782", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in CMSaccount Photo Video Store allows Cross-Site Scripting (XSS).This issue affects Photo Video Store: from n/a through 21.07." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CMSaccount", + "product": { + "product_data": [ + { + "product_name": "Photo Video Store", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "21.07" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/photo-video-store/vulnerability/wordpress-photo-video-store-plugin-21-07-csrf-to-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/photo-video-store/vulnerability/wordpress-photo-video-store-plugin-21-07-csrf-to-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53784.json b/2024/53xxx/CVE-2024-53784.json index fccab5e7c2f..f25df6b359d 100644 --- a/2024/53xxx/CVE-2024-53784.json +++ b/2024/53xxx/CVE-2024-53784.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53784", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in E-goi Smart Marketing SMS and Newsletters Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Marketing SMS and Newsletters Forms: from n/a through 5.0.9." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "E-goi", + "product": { + "product_data": [ + { + "product_name": "Smart Marketing SMS and Newsletters Forms", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "5.0.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/smart-marketing-for-wp/vulnerability/wordpress-smart-marketing-sms-and-newsletters-forms-plugin-5-0-9-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/smart-marketing-for-wp/vulnerability/wordpress-smart-marketing-sms-and-newsletters-forms-plugin-5-0-9-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53789.json b/2024/53xxx/CVE-2024-53789.json index 45e7ad1b468..c55addebcf2 100644 --- a/2024/53xxx/CVE-2024-53789.json +++ b/2024/53xxx/CVE-2024-53789.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53789", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ritesh Sanap Advanced What should we write next about allows Stored XSS.This issue affects Advanced What should we write next about: from n/a through 1.0.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ritesh Sanap", + "product": { + "product_data": [ + { + "product_name": "Advanced What should we write next about", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/advanced-what-should-we-write-about-next/vulnerability/wordpress-advanced-what-should-we-write-next-about-plugin-1-0-3-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/advanced-what-should-we-write-about-next/vulnerability/wordpress-advanced-what-should-we-write-next-about-plugin-1-0-3-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Joshua Chan (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53792.json b/2024/53xxx/CVE-2024-53792.json index e48de5ea7db..5c8329c4f4b 100644 --- a/2024/53xxx/CVE-2024-53792.json +++ b/2024/53xxx/CVE-2024-53792.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53792", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kiboko Labs Watu Quiz allows SQL Injection.This issue affects Watu Quiz: from n/a through 3.4.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kiboko Labs", + "product": { + "product_data": [ + { + "product_name": "Watu Quiz", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "3.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/watu/vulnerability/wordpress-watu-quiz-plugin-3-4-2-sql-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/watu/vulnerability/wordpress-watu-quiz-plugin-3-4-2-sql-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 8.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53793.json b/2024/53xxx/CVE-2024-53793.json index 6bda1171793..1afd56e4d7a 100644 --- a/2024/53xxx/CVE-2024-53793.json +++ b/2024/53xxx/CVE-2024-53793.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53793", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in eDoc Intelligence LLC eDoc Easy Tables allows Blind SQL Injection.This issue affects eDoc Easy Tables: from n/a through 1.29." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "eDoc Intelligence LLC", + "product": { + "product_data": [ + { + "product_name": "eDoc Easy Tables", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.29" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/edoc-easy-tables/vulnerability/wordpress-edoc-easy-tables-plugin-1-29-csrf-to-sql-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/edoc-easy-tables/vulnerability/wordpress-edoc-easy-tables-plugin-1-29-csrf-to-sql-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 8.2, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] }