"-Synchronized-Data."

This commit is contained in:
CVE Team 2024-03-07 20:00:33 +00:00
parent 25a1ad8f6d
commit 2f0d55d694
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
25 changed files with 422 additions and 23 deletions

View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "xunruicms <=4.5.1 is vulnerable to Remote Code Execution."
"value": "xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request."
}
]
},

View File

@ -58,6 +58,11 @@
"url": "https://support.apple.com/en-us/HT213488",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213488"
},
{
"url": "https://support.apple.com/kb/HT214084",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214084"
}
]
}

View File

@ -66,6 +66,26 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20231116-0002/",
"url": "https://security.netapp.com/advisory/ntap-20231116-0002/"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT214081",
"url": "https://support.apple.com/kb/HT214081"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT214088",
"url": "https://support.apple.com/kb/HT214088"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT214084",
"url": "https://support.apple.com/kb/HT214084"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT214086",
"url": "https://support.apple.com/kb/HT214086"
}
]
}

View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Teeworlds v0.7.5 was discovered to contain memory leaks."
"value": "A memory leak in the component CConsole::Chain of Teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via opening a crafted file."
}
]
},
@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://gist.github.com/manba-bryant/9ca95d69c65f4d2c55946932c946fb9b",
"url": "https://gist.github.com/manba-bryant/9ca95d69c65f4d2c55946932c946fb9b"
},
{
"refsource": "MISC",
"name": "https://www.redpacketsecurity.com/teeworlds-denial-of-service-cve-2023-31517/",
"url": "https://www.redpacketsecurity.com/teeworlds-denial-of-service-cve-2023-31517/"
}
]
}

View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "redis-7.0.10 was discovered to contain a segmentation violation."
"value": "redis v7.0.10 was discovered to contain a segmentation violation. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors."
}
]
},

View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection."
"value": "TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi."
}
]
},
@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/D2y6p/CVE/blob/main/Totolink/CVE-2023-31729/CVE-2023-31729.md",
"url": "https://github.com/D2y6p/CVE/blob/main/Totolink/CVE-2023-31729/CVE-2023-31729.md"
},
{
"refsource": "MISC",
"name": "https://github.com/D2y6p/CVE/blob/2bac2c96e24229fa99e0254eaac1b8809e424b4b/Totolink/CVE-2023-31729/CVE-2023-31729.md",
"url": "https://github.com/D2y6p/CVE/blob/2bac2c96e24229fa99e0254eaac1b8809e424b4b/Totolink/CVE-2023-31729/CVE-2023-31729.md"
}
]
}

View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue discovered in Langchain before 0.0.225 allows attacker to run arbitrary code via jira.run('other' substring."
"value": "Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper(). This vulnerability allows attackers to execute arbitrary code via providing crafted input."
}
]
},

View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Solon before 2.3.3 allows Deserialization of Untrusted Data."
"value": "A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload."
}
]
},

View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Phicomm k2 v22.6.529.216 is vulnerable to command injection."
"value": "Phicomm k2 v22.6.529.216 was discovered to contain a command injection vulnerability via the function luci.sys.call."
}
]
},

View File

@ -68,6 +68,11 @@
"url": "https://support.apple.com/en-us/HT213983",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213983"
},
{
"url": "https://support.apple.com/kb/HT214084",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214084"
}
]
}

View File

@ -616,6 +616,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2024-3fd1bc9276",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT214084",
"url": "https://support.apple.com/kb/HT214084"
}
]
}

View File

@ -76,6 +76,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240105-0005/",
"url": "https://security.netapp.com/advisory/ntap-20240105-0005/"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT214084",
"url": "https://support.apple.com/kb/HT214084"
}
]
}

View File

@ -96,6 +96,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240105-0005/",
"url": "https://security.netapp.com/advisory/ntap-20240105-0005/"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT214084",
"url": "https://support.apple.com/kb/HT214084"
}
]
}

View File

@ -1,17 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0203",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digits_save_settings' function. This makes it possible for unauthenticated attackers to modify the default role of registered users to elevate user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "UnitedOver",
"product": {
"product_data": [
{
"product_name": "Digits: WordPress Mobile Number Signup and Login",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/84f2afb4-f1c6-4313-8958-38f1b5140a67?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/84f2afb4-f1c6-4313-8958-38f1b5140a67?source=cve"
},
{
"url": "https://digits.unitedover.com/changelog/",
"refsource": "MISC",
"name": "https://digits.unitedover.com/changelog/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

View File

@ -79,13 +79,13 @@
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"baseScore": 7.7,
"baseSeverity": "HIGH"
}
]
}

View File

@ -85,6 +85,11 @@
"url": "http://seclists.org/fulldisclosure/2024/Jan/36",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Jan/36"
},
{
"url": "https://support.apple.com/kb/HT214082",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214082"
}
]
}

View File

@ -107,6 +107,21 @@
"url": "http://seclists.org/fulldisclosure/2024/Jan/39",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Jan/39"
},
{
"url": "https://support.apple.com/kb/HT214082",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214082"
},
{
"url": "https://support.apple.com/kb/HT214083",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214083"
},
{
"url": "https://support.apple.com/kb/HT214085",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214085"
}
]
}

View File

@ -129,6 +129,21 @@
"url": "http://seclists.org/fulldisclosure/2024/Jan/40",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Jan/40"
},
{
"url": "https://support.apple.com/kb/HT214082",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214082"
},
{
"url": "https://support.apple.com/kb/HT214083",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214083"
},
{
"url": "https://support.apple.com/kb/HT214085",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214085"
}
]
}

View File

@ -63,6 +63,36 @@
"url": "https://support.apple.com/en-us/HT214082",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT214082"
},
{
"url": "https://support.apple.com/kb/HT214083",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214083"
},
{
"url": "https://support.apple.com/kb/HT214088",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214088"
},
{
"url": "https://support.apple.com/kb/HT214084",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214084"
},
{
"url": "https://support.apple.com/kb/HT214086",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214086"
},
{
"url": "https://support.apple.com/kb/HT214085",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214085"
},
{
"url": "https://support.apple.com/kb/HT214087",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214087"
}
]
}

View File

@ -58,6 +58,26 @@
"url": "https://support.apple.com/en-us/HT214081",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT214081"
},
{
"url": "https://support.apple.com/kb/HT214088",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214088"
},
{
"url": "https://support.apple.com/kb/HT214084",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214084"
},
{
"url": "https://support.apple.com/kb/HT214086",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214086"
},
{
"url": "https://support.apple.com/kb/HT214087",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214087"
}
]
}

View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2127",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "softaculous",
"product": {
"product_data": [
{
"product_name": "Page Builder: Pagelayer \u2013 Drag and Drop website builder",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.8.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/98bff131-dee2-4549-9167-69dc3f8d6b9d?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/98bff131-dee2-4549-9167-69dc3f8d6b9d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045444%40pagelayer&new=3045444%40pagelayer&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045444%40pagelayer&new=3045444%40pagelayer&sfp_email=&sfph_mail="
}
]
},
"credits": [
{
"lang": "en",
"value": "wesley"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2128",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpdevteam",
"product": {
"product_data": [
{
"product_name": "EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.9.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6189368d-5925-4c84-9f0f-694b9ebcd45e?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6189368d-5925-4c84-9f0f-694b9ebcd45e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/embedpress/tags/3.9.10/EmbedPress/Elementor/Widgets/Embedpress_Pdf.php#L688",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/embedpress/tags/3.9.10/EmbedPress/Elementor/Widgets/Embedpress_Pdf.php#L688"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045489%40embedpress&new=3045489%40embedpress&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045489%40embedpress&new=3045489%40embedpress&sfp_email=&sfph_mail="
}
]
},
"credits": [
{
"lang": "en",
"value": "wesley"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2299",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2300",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2301",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}