From 364a74811bd1805a06bec3756ae4773206e44a82 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 5 Sep 2024 00:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/45xxx/CVE-2024-45429.json | 79 ++++++++++++++++++++++++++++++++-- 2024/45xxx/CVE-2024-45692.json | 72 +++++++++++++++++++++++++++++++ 2 files changed, 147 insertions(+), 4 deletions(-) create mode 100644 2024/45xxx/CVE-2024-45692.json diff --git a/2024/45xxx/CVE-2024-45429.json b/2024/45xxx/CVE-2024-45429.json index be1d72419bc..97677ee3f67 100644 --- a/2024/45xxx/CVE-2024-45429.json +++ b/2024/45xxx/CVE-2024-45429.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45429", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the script may be executed on the web browser of the logged-in user with the same privilege as the attacker's." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WP Engine", + "product": { + "product_data": [ + { + "product_name": "Advanced Custom Fields", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.3.5 and earlier" + } + ] + } + }, + { + "product_name": "Advanced Custom Fields Pro", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.3.5 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.advancedcustomfields.com/blog/acf-6-3-6/", + "refsource": "MISC", + "name": "https://www.advancedcustomfields.com/blog/acf-6-3-6/" + }, + { + "url": "https://wordpress.org/plugins/advanced-custom-fields/", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/advanced-custom-fields/" + }, + { + "url": "https://www.advancedcustomfields.com/", + "refsource": "MISC", + "name": "https://www.advancedcustomfields.com/" + }, + { + "url": "https://jvn.jp/en/jp/JVN67963942/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN67963942/" } ] } diff --git a/2024/45xxx/CVE-2024-45692.json b/2024/45xxx/CVE-2024-45692.json new file mode 100644 index 00000000000..965c56b546b --- /dev/null +++ b/2024/45xxx/CVE-2024-45692.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2024-45692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cispa.de/en/loop-dos", + "refsource": "MISC", + "name": "https://cispa.de/en/loop-dos" + }, + { + "url": "https://webmin.com", + "refsource": "MISC", + "name": "https://webmin.com" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2024/09/04/1", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2024/09/04/1" + } + ] + } +} \ No newline at end of file