diff --git a/2024/48xxx/CVE-2024-48091.json b/2024/48xxx/CVE-2024-48091.json index 3e9d1cc31b2..011e711ea5d 100644 --- a/2024/48xxx/CVE-2024-48091.json +++ b/2024/48xxx/CVE-2024-48091.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48091", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48091", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tallysolutions.com/download/", + "refsource": "MISC", + "name": "https://tallysolutions.com/download/" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/singhmanpreet493/0f1df7fa4e744a3317877ab85d187937#file-gistfile1-txt", + "url": "https://gist.github.com/singhmanpreet493/0f1df7fa4e744a3317877ab85d187937#file-gistfile1-txt" } ] } diff --git a/2024/52xxx/CVE-2024-52881.json b/2024/52xxx/CVE-2024-52881.json index 2eeb74ca377..d066335968e 100644 --- a/2024/52xxx/CVE-2024-52881.json +++ b/2024/52xxx/CVE-2024-52881.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-52881", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-52881", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.audiocodes.com/solutions-products/products/management-products-solutions/one-voice-operations-center", + "url": "https://www.audiocodes.com/solutions-products/products/management-products-solutions/one-voice-operations-center" + }, + { + "refsource": "MISC", + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-079.txt", + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-079.txt" } ] } diff --git a/2024/52xxx/CVE-2024-52882.json b/2024/52xxx/CVE-2024-52882.json index 90373243905..ed22bcc872f 100644 --- a/2024/52xxx/CVE-2024-52882.json +++ b/2024/52xxx/CVE-2024-52882.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-52882", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-52882", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code (XSS) to attack logged-in administrator sessions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.audiocodes.com/solutions-products/products/management-products-solutions/one-voice-operations-center", + "url": "https://www.audiocodes.com/solutions-products/products/management-products-solutions/one-voice-operations-center" + }, + { + "refsource": "MISC", + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-076.txt", + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-076.txt" } ] } diff --git a/2024/52xxx/CVE-2024-52883.json b/2024/52xxx/CVE-2024-52883.json index 19cc63185df..2dc8e6e1416 100644 --- a/2024/52xxx/CVE-2024-52883.json +++ b/2024/52xxx/CVE-2024-52883.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-52883", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-52883", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.audiocodes.com/solutions-products/products/management-products-solutions/one-voice-operations-center", + "url": "https://www.audiocodes.com/solutions-products/products/management-products-solutions/one-voice-operations-center" + }, + { + "refsource": "MISC", + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-075.txt", + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-075.txt" } ] } diff --git a/2024/52xxx/CVE-2024-52884.json b/2024/52xxx/CVE-2024-52884.json index c9b5c7f279d..ee1cd796276 100644 --- a/2024/52xxx/CVE-2024-52884.json +++ b/2024/52xxx/CVE-2024-52884.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-52884", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-52884", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.audiocodes.com/solutions-products/products/session-border-controllers-sbcs", + "url": "https://www.audiocodes.com/solutions-products/products/session-border-controllers-sbcs" + }, + { + "refsource": "MISC", + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-078.txt", + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-078.txt" } ] } diff --git a/2024/55xxx/CVE-2024-55213.json b/2024/55xxx/CVE-2024-55213.json index 65c000b2299..eca60f5a720 100644 --- a/2024/55xxx/CVE-2024-55213.json +++ b/2024/55xxx/CVE-2024-55213.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-55213", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-55213", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://dhtmlx.com/docs/products/demoApps/dhtmlxFileExplorerDemo/", + "refsource": "MISC", + "name": "https://dhtmlx.com/docs/products/demoApps/dhtmlxFileExplorerDemo/" + }, + { + "refsource": "MISC", + "name": "https://packetstorm.news/files/id/189020", + "url": "https://packetstorm.news/files/id/189020" } ] } diff --git a/2024/55xxx/CVE-2024-55214.json b/2024/55xxx/CVE-2024-55214.json index 947498cb447..0bb91943efc 100644 --- a/2024/55xxx/CVE-2024-55214.json +++ b/2024/55xxx/CVE-2024-55214.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-55214", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-55214", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://dhtmlx.com", + "url": "https://dhtmlx.com" + }, + { + "refsource": "MISC", + "name": "https://packetstorm.news/files/id/189018", + "url": "https://packetstorm.news/files/id/189018" } ] } diff --git a/2024/57xxx/CVE-2024-57248.json b/2024/57xxx/CVE-2024-57248.json index 1f079e187a6..90266daa3ea 100644 --- a/2024/57xxx/CVE-2024-57248.json +++ b/2024/57xxx/CVE-2024-57248.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57248", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57248", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass access controls, and upload malicious files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.gleamtech.com/filevista", + "refsource": "MISC", + "name": "https://www.gleamtech.com/filevista" + }, + { + "refsource": "MISC", + "name": "https://packetstorm.news/files/id/189021", + "url": "https://packetstorm.news/files/id/189021" } ] } diff --git a/2024/57xxx/CVE-2024-57249.json b/2024/57xxx/CVE-2024-57249.json index 24aa2beafc0..9a3028cd637 100644 --- a/2024/57xxx/CVE-2024-57249.json +++ b/2024/57xxx/CVE-2024-57249.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57249", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57249", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Cookie header, in the request. This bypasses the authentication process and grants attackers access to sensitive image files without proper login credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.gleamtech.com/filevista", + "refsource": "MISC", + "name": "https://www.gleamtech.com/filevista" + }, + { + "refsource": "MISC", + "name": "https://packetstorm.news/files/id/189019", + "url": "https://packetstorm.news/files/id/189019" } ] } diff --git a/2024/57xxx/CVE-2024-57610.json b/2024/57xxx/CVE-2024-57610.json index d10ace8d463..cbd374aaae2 100644 --- a/2024/57xxx/CVE-2024-57610.json +++ b/2024/57xxx/CVE-2024-57610.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of service for legitimate users." + "value": "** DISPUTED ** A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of service for legitimate users. The Supplier's position is that the Sylius core software is not intended to address brute-force attacks; instead, customers deploying a Sylius-based system are supposed to use \"firewalls, rate-limiting middleware, or authentication providers\" for that functionality." } ] }, diff --git a/2024/57xxx/CVE-2024-57707.json b/2024/57xxx/CVE-2024-57707.json index a865a3b08e8..2715b48c036 100644 --- a/2024/57xxx/CVE-2024-57707.json +++ b/2024/57xxx/CVE-2024-57707.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57707", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57707", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/shigophilo/CVE/blob/main/DataEase-v1-code-execute.md", + "refsource": "MISC", + "name": "https://github.com/shigophilo/CVE/blob/main/DataEase-v1-code-execute.md" } ] } diff --git a/2024/7xxx/CVE-2024-7419.json b/2024/7xxx/CVE-2024-7419.json index d0db1d98463..452a7e1f8b2 100644 --- a/2024/7xxx/CVE-2024-7419.json +++ b/2024/7xxx/CVE-2024-7419.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7419", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to inject arbitrary PHP code into form fields that get executed on the server during the export, potentially leading to a complete site compromise. \r\nAs a prerequisite, the custom export field should include fields containing user-supplied data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WP All Import", + "product": { + "product_data": [ + { + "product_name": "WP All Export Pro", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.9.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/40b57370-4fd7-4316-9e99-a3f1d34616e8?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/40b57370-4fd7-4316-9e99-a3f1d34616e8?source=cve" + }, + { + "url": "https://www.wpallimport.com/upgrade-to-wp-all-export-pro/", + "refsource": "MISC", + "name": "https://www.wpallimport.com/upgrade-to-wp-all-export-pro/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 8.3, + "baseSeverity": "HIGH" } ] } diff --git a/2024/9xxx/CVE-2024-9661.json b/2024/9xxx/CVE-2024-9661.json index de54d29673b..d56fc2e92f9 100644 --- a/2024/9xxx/CVE-2024-9661.json +++ b/2024/9xxx/CVE-2024-9661.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9661", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit function. This makes it possible for unauthenticated attackers to delete imported content (posts, comments, users, etc.) via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Soflyy", + "product": { + "product_data": [ + { + "product_name": "WP All Import Pro", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.9.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5f8659a-fb3f-4df3-85a6-979751627a9c?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5f8659a-fb3f-4df3-85a6-979751627a9c?source=cve" + }, + { + "url": "https://www.wpallimport.com", + "refsource": "MISC", + "name": "https://www.wpallimport.com" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/9xxx/CVE-2024-9664.json b/2024/9xxx/CVE-2024-9664.json index 740c7846bc2..c91943f87d9 100644 --- a/2024/9xxx/CVE-2024-9664.json +++ b/2024/9xxx/CVE-2024-9664.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9664", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of untrusted input from an import file. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Soflyy", + "product": { + "product_data": [ + { + "product_name": "WP All Import Pro", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.9.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0099a8d7-827d-4215-9a2b-b3c268fb5e97?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0099a8d7-827d-4215-9a2b-b3c268fb5e97?source=cve" + }, + { + "url": "https://www.wpallimport.com/", + "refsource": "MISC", + "name": "https://www.wpallimport.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH" } ] } diff --git a/2025/1xxx/CVE-2025-1103.json b/2025/1xxx/CVE-2025-1103.json index 249e54d45e6..86655056e6f 100644 --- a/2025/1xxx/CVE-2025-1103.json +++ b/2025/1xxx/CVE-2025-1103.json @@ -1,17 +1,127 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1103", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in D-Link DIR-823X 240126/240802 gefunden. Dabei betrifft es die Funktion set_wifi_blacklists der Datei /goform/set_wifi_blacklists der Komponente HTTP POST Request Handler. Dank Manipulation des Arguments macList mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service", + "cweId": "CWE-404" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "D-Link", + "product": { + "product_data": [ + { + "product_name": "DIR-823X", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "240126" + }, + { + "version_affected": "=", + "version_value": "240802" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.294933", + "refsource": "MISC", + "name": "https://vuldb.com/?id.294933" + }, + { + "url": "https://vuldb.com/?ctiid.294933", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.294933" + }, + { + "url": "https://vuldb.com/?submit.489603", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.489603" + }, + { + "url": "https://tasty-foxtrot-3a8.notion.site/D-link-DIR-823X-set_wifi_blacklists-Vulnerability-1870448e619580e5bf09cf628692f7a9?pvs=73", + "refsource": "MISC", + "name": "https://tasty-foxtrot-3a8.notion.site/D-link-DIR-823X-set_wifi_blacklists-Vulnerability-1870448e619580e5bf09cf628692f7a9?pvs=73" + }, + { + "url": "https://www.dlink.com/", + "refsource": "MISC", + "name": "https://www.dlink.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "hand_king (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.8, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C" } ] } diff --git a/2025/26xxx/CVE-2025-26389.json b/2025/26xxx/CVE-2025-26389.json new file mode 100644 index 00000000000..05843f1c9ef --- /dev/null +++ b/2025/26xxx/CVE-2025-26389.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26389", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26390.json b/2025/26xxx/CVE-2025-26390.json new file mode 100644 index 00000000000..b5678879721 --- /dev/null +++ b/2025/26xxx/CVE-2025-26390.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26390", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file