admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-12-04 13:00:36 +00:00
parent b6c91afb88
commit 107919df2f
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 227 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
2023/40xxx/CVE-2023-40735.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BUTTERFLY BUTTON PROJECT - BUTTERFLY BUTTON (Architecture flaw) allows loss of plausible deniability and confidentiality.\nThis issue affects BUTTERFLY BUTTON: As of 2023-08-21."
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cavo \u2013 Connecting for a Safer World BUTTERFLY BUTTON (Architecture flaw) allows loss of plausible deniability and confidentiality.This issue affects BUTTERFLY BUTTON: As of 2023-08-21."
}
]
},
@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "BUTTERFLY BUTTON PROJECT",
"vendor_name": "Cavo \u2013 Connecting for a Safer World",
"product": {
"product_data": [
{
@ -40,16 +40,8 @@
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "As of 2023-08-21"
}
],
"defaultStatus": "affected"
}
"version_affected": "=",
"version_value": "As of 2023-08-21"
}
]
}

73
2024/10xxx/CVE-2024-10576.json
View File

@ -1,18 +1,81 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10576",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cvd@cert.pl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Infinix devices contain a pre-loaded \"com.transsion.agingfunction\" application, that\u00a0exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions.\u00a0\n\nAfter multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-925 Improper Verification of Intent by Broadcast Receiver",
"cweId": "CWE-925"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Infinix Mobile",
"product": {
"product_data": [
{
"product_name": "com.transsion.agingfunction",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.pl/en/posts/2024/12/CVE-2024-10576/",
"refsource": "MISC",
"name": "https://cert.pl/en/posts/2024/12/CVE-2024-10576/"
},
{
"url": "https://cert.pl/posts/2024/12/CVE-2024-10576/",
"refsource": "MISC",
"name": "https://cert.pl/posts/2024/12/CVE-2024-10576/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Szymon Chadam"
}
]
}

86
2024/11xxx/CVE-2024-11935.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11935",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018class\u2019 parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "neotrendy",
"product": {
"product_data": [
{
"product_name": "Email Address Obfuscation",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b777b19-ca0a-4082-80ee-e18a31ba6308?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b777b19-ca0a-4082-80ee-e18a31ba6308?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/email-address-obfuscation/trunk/email-address-obfuscation.php#L38",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/email-address-obfuscation/trunk/email-address-obfuscation.php#L38"
},
{
"url": "https://wordpress.org/plugins/email-address-obfuscation/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/email-address-obfuscation/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3201993/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3201993/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Youcef Hamdani"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

18
2024/12xxx/CVE-2024-12147.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12147",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

45
2024/52xxx/CVE-2024-52277.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "** INITIAL LIMITED RELEASE **\nUser Interface (UI) Misrepresentation of Critical Information vulnerability in [WITHHELD] allows Content Spoofing.This issue affects [WITHHELD]: through [WITHHELD]."
"value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.This issue affects DocuSeal: through 1.8.1, >1.8.1."
}
]
},
@ -32,17 +32,31 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "[WITHHELD]",
"vendor_name": "DocuSeal",
"product": {
"product_data": [
{
"product_name": "[WITHHELD]",
"product_name": "DocuSeal",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.8.1"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.8.1",
"status": "affected",
"version": "0",
"versionType": "git"
},
{
"status": "affected",
"version": ">1.8.1",
"versionType": "git"
}
],
"defaultStatus": "affected"
}
}
]
}
@ -59,6 +73,21 @@
"url": "https://www.vulsec.org/advisories",
"refsource": "MISC",
"name": "https://www.vulsec.org/advisories"
},
{
"url": "https://github.com/docusealco/docuseal",
"refsource": "MISC",
"name": "https://github.com/docusealco/docuseal"
},
{
"url": "https://docuseal.com/",
"refsource": "MISC",
"name": "https://docuseal.com/"
},
{
"url": "https://docuseal.eu/",
"refsource": "MISC",
"name": "https://docuseal.eu/"
}
]
},
@ -75,10 +104,10 @@
{
"base64": false,
"type": "text/html",
"value": "[WITHHELD]"
"value": "<ul><li>If other party initiated e-signing - Download the PDF file for a security professionals/educated persons inspection</li><li>If possible -&nbsp;Download the PDF file and perform full flattening (of the entire document, not just form fields)</li></ul><br>"
}
],
"value": "[WITHHELD]"
"value": "* If other party initiated e-signing - Download the PDF file for a security professionals/educated persons inspection\n * If possible -\u00a0Download the PDF file and perform full flattening (of the entire document, not just form fields)"
}
],
"exploit": [

18
2025/0xxx/CVE-2025-0050.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0050",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}