admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-04-02 15:17:08 +00:00
parent 5dc5b9be54
commit 44011930ae
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
34 changed files with 813 additions and 1627 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
2020/36xxx/CVE-2020-36826.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36826",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in AwesomestCode LiveBot. It has been classified as problematic. Affected is the function parseSend of the file js/parseMessage.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. Upgrading to version 0.1 is able to address this issue. The name of the patch is 57505527f838d1e46e8f93d567ba552a30185bfa. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-257784."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in AwesomestCode LiveBot ausgemacht. Betroffen hiervon ist die Funktion parseSend der Datei js/parseMessage.js. Durch Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden. Ein Aktualisieren auf die Version 0.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 57505527f838d1e46e8f93d567ba552a30185bfa bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AwesomestCode",
"product": {
"product_data": [
{
"product_name": "LiveBot",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257784",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257784"
},
{
"url": "https://vuldb.com/?ctiid.257784",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257784"
},
{
"url": "https://github.com/AwesomestCode/LiveBot/commit/57505527f838d1e46e8f93d567ba552a30185bfa",
"refsource": "MISC",
"name": "https://github.com/AwesomestCode/LiveBot/commit/57505527f838d1e46e8f93d567ba552a30185bfa"
},
{
"url": "https://github.com/AwesomestCode/LiveBot/releases/tag/0.1",
"refsource": "MISC",
"name": "https://github.com/AwesomestCode/LiveBot/releases/tag/0.1"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

5
2021/29xxx/CVE-2021-29155.json
View File

@ -116,6 +116,11 @@
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f528819334881fd622fdadeddb3f7edaed8b7c9b",
"refsource": "MISC",
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f528819334881fd622fdadeddb3f7edaed8b7c9b"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7fedb63a8307dda0ec3b8969a3b233a1dd7ea8e0",
"refsource": "MISC",
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7fedb63a8307dda0ec3b8969a3b233a1dd7ea8e0"
}
]
}

103
2021/47xxx/CVE-2021-47158.json
View File

@ -1,113 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47158",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: sja1105: add error handling in sja1105_setup()\n\nIf any of sja1105_static_config_load(), sja1105_clocking_setup() or\nsja1105_devlink_setup() fails, we can't just return in the middle of\nsja1105_setup() or memory will leak. Add a cleanup path."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8aa9ebccae87",
"version_value": "dd8609f20344"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.2",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.2",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.42",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.9",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/dd8609f203448ca6d58ae71461208b3f6b0329b0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/dd8609f203448ca6d58ae71461208b3f6b0329b0"
},
{
"url": "https://git.kernel.org/stable/c/987e4ab8b8a4fcbf783069e03e7524cd39ffd563",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/987e4ab8b8a4fcbf783069e03e7524cd39ffd563"
},
{
"url": "https://git.kernel.org/stable/c/cec279a898a3b004411682f212215ccaea1cd0fb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cec279a898a3b004411682f212215ccaea1cd0fb"
}
]
},
"generator": {
"engine": "bippy-b4257b672505"
}
}

125
2021/47xxx/CVE-2021-47159.json
View File

@ -1,135 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47159",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: fix a crash if ->get_sset_count() fails\n\nIf ds->ops->get_sset_count() fails then it \"count\" is a negative error\ncode such as -EOPNOTSUPP. Because \"i\" is an unsigned int, the negative\nerror code is type promoted to a very high value and the loop will\ncorrupt memory until the system crashes.\n\nFix this by checking for error codes and changing the type of \"i\" to\njust int."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "badf3ada60ab",
"version_value": "0f2cb08c57ed"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.7",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.193",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.124",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.42",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.9",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0f2cb08c57edefb0e7b5045e0e3e9980a3d3aa37",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0f2cb08c57edefb0e7b5045e0e3e9980a3d3aa37"
},
{
"url": "https://git.kernel.org/stable/c/ce5355f140a7987011388c7e30c4f8fbe180d3e8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ce5355f140a7987011388c7e30c4f8fbe180d3e8"
},
{
"url": "https://git.kernel.org/stable/c/caff86f85512b8e0d9830e8b8b0dfe13c68ce5b6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/caff86f85512b8e0d9830e8b8b0dfe13c68ce5b6"
},
{
"url": "https://git.kernel.org/stable/c/7b22466648a4f8e3e94f57ca428d1531866d1373",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7b22466648a4f8e3e94f57ca428d1531866d1373"
},
{
"url": "https://git.kernel.org/stable/c/a269333fa5c0c8e53c92b5a28a6076a28cde3e83",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a269333fa5c0c8e53c92b5a28a6076a28cde3e83"
}
]
},
"generator": {
"engine": "bippy-b4257b672505"
}
}

125
2021/47xxx/CVE-2021-47160.json
View File

@ -1,135 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47160",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mt7530: fix VLAN traffic leaks\n\nPCR_MATRIX field was set to all 1's when VLAN filtering is enabled, but\nwas not reset when it is disabled, which may cause traffic leaks:\n\n\tip link add br0 type bridge vlan_filtering 1\n\tip link add br1 type bridge vlan_filtering 1\n\tip link set swp0 master br0\n\tip link set swp1 master br1\n\tip link set br0 type bridge vlan_filtering 0\n\tip link set br1 type bridge vlan_filtering 0\n\t# traffic in br0 and br1 will start leaking to each other\n\nAs port_bridge_{add,del} have set up PCR_MATRIX properly, remove the\nPCR_MATRIX write from mt7530_port_set_vlan_aware."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "83163f7dca56",
"version_value": "ae389812733b"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.16",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.16",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.193",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.124",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.42",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.9",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/ae389812733b1b1e8e07fcc238e41db166b5c78d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ae389812733b1b1e8e07fcc238e41db166b5c78d"
},
{
"url": "https://git.kernel.org/stable/c/4fe4e1f48ba119bdbc7c897c83b04ba0d08f5488",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4fe4e1f48ba119bdbc7c897c83b04ba0d08f5488"
},
{
"url": "https://git.kernel.org/stable/c/b91117b66fe875723a4e79ec6263526fffdb44d2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b91117b66fe875723a4e79ec6263526fffdb44d2"
},
{
"url": "https://git.kernel.org/stable/c/82ae35b6c14feae5f216913d5b433e143c756d4e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/82ae35b6c14feae5f216913d5b433e143c756d4e"
},
{
"url": "https://git.kernel.org/stable/c/474a2ddaa192777522a7499784f1d60691cd831a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/474a2ddaa192777522a7499784f1d60691cd831a"
}
]
},
"generator": {
"engine": "bippy-b4257b672505"
}
}

136
2021/47xxx/CVE-2021-47161.json
View File

@ -1,146 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-47161",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-fsl-dspi: Fix a resource leak in an error handling path\n\n'dspi_request_dma()' should be undone by a 'dspi_release_dma()' call in the\nerror handling path of the probe function, as already done in the remove\nfunction"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "90ba37033cb9",
"version_value": "10a089bae827"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.10",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.10",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.241",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.199",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.124",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.42",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.12.9",
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/10a089bae827ec30ad9b6cb7048020a62fae0cfa",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/10a089bae827ec30ad9b6cb7048020a62fae0cfa"
},
{
"url": "https://git.kernel.org/stable/c/00450ed03a17143e2433b461a656ef9cd17c2f1d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/00450ed03a17143e2433b461a656ef9cd17c2f1d"
},
{
"url": "https://git.kernel.org/stable/c/15d1cc4b4b585f9a2ce72c52cca004d5d735bdf1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/15d1cc4b4b585f9a2ce72c52cca004d5d735bdf1"
},
{
"url": "https://git.kernel.org/stable/c/fe6921e3b8451a537e01c031b8212366bb386e3e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fe6921e3b8451a537e01c031b8212366bb386e3e"
},
{
"url": "https://git.kernel.org/stable/c/12391be4724acc9269e1845ccbd881df37de4b56",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/12391be4724acc9269e1845ccbd881df37de4b56"
},
{
"url": "https://git.kernel.org/stable/c/680ec0549a055eb464dce6ffb4bfb736ef87236e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/680ec0549a055eb464dce6ffb4bfb736ef87236e"
}
]
},
"generator": {
"engine": "bippy-b4257b672505"
}
}

50
2024/1xxx/CVE-2024-1394.json
View File

@ -246,6 +246,34 @@
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:9.2.10-8.el9_3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:5.1.1-2.el9_3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
@ -300,18 +328,6 @@
"defaultStatus": "unknown"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
@ -882,6 +898,16 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:1472"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1501",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:1501"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1502",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:1502"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1394",
"refsource": "MISC",

58
2024/21xxx/CVE-2024-21865.json
View File

@ -1,17 +1,67 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-21865",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of weak credentials"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": " KDDI CORPORATION",
"product": {
"product_data": [
{
"product_name": "HGW BL1500HM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver 002.001.013 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/",
"refsource": "MISC",
"name": "https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93546510/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU93546510/"
}
]
}

58
2024/28xxx/CVE-2024-28041.json
View File

@ -1,17 +1,67 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28041",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary command execution"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "KDDI CORPORATION",
"product": {
"product_data": [
{
"product_name": "HGW BL1500HM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver 002.001.013 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/",
"refsource": "MISC",
"name": "https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93546510/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU93546510/"
}
]
}

58
2024/29xxx/CVE-2024-29009.json
View File

@ -1,17 +1,67 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29009",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Cross-site request forgery (CSRF) vulnerability in easy-popup-show all versions allows a remote unauthenticated attacker to hijack the authentication of the administrator and to perform unintended operations if the administrator views a malicious page while logged in."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ari Susanto",
"product": {
"product_data": [
{
"product_name": "easy-popup-show",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/easy-popup-show/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/easy-popup-show/"
},
{
"url": "https://jvn.jp/en/jp/JVN86206017/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN86206017/"
}
]
}

58
2024/29xxx/CVE-2024-29071.json
View File

@ -1,17 +1,67 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29071",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of weak credentials"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "KDDI CORPORATION",
"product": {
"product_data": [
{
"product_name": "HGW BL1500HM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver 002.001.013 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/",
"refsource": "MISC",
"name": "https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93546510/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU93546510/"
}
]
}

58
2024/29xxx/CVE-2024-29216.json
View File

@ -1,17 +1,67 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29216",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposed IOCTL with Insufficient Access Control"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": " Sangoma Technologies",
"product": {
"product_data": [
{
"product_name": "cg6kwin2k.sys",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "prior to 2.1.7.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sangomakb.atlassian.net/wiki/spaces/DVC/pages/45351279/Natural+Access+Software+Download",
"refsource": "MISC",
"name": "https://sangomakb.atlassian.net/wiki/spaces/DVC/pages/45351279/Natural+Access+Software+Download"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90671953/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU90671953/"
}
]
}

61
2024/29xxx/CVE-2024-29301.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29301",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-29301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-admin.php?admin_id="
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.strongboxit.com/",
"refsource": "MISC",
"name": "https://www.strongboxit.com/"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/177737/Task-Management-System-1.0-SQL-Injection.html",
"url": "https://packetstormsecurity.com/files/177737/Task-Management-System-1.0-SQL-Injection.html"
}
]
}

61
2024/29xxx/CVE-2024-29302.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29302",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-29302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-employee.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.strongboxit.com/",
"refsource": "MISC",
"name": "https://www.strongboxit.com/"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/177737/Task-Management-System-1.0-SQL-Injection.html",
"url": "https://packetstormsecurity.com/files/177737/Task-Management-System-1.0-SQL-Injection.html"
}
]
}

61
2024/29xxx/CVE-2024-29303.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29303",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-29303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.strongboxit.com/",
"refsource": "MISC",
"name": "https://www.strongboxit.com/"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/177737/Task-Management-System-1.0-SQL-Injection.html",
"url": "https://packetstormsecurity.com/files/177737/Task-Management-System-1.0-SQL-Injection.html"
}
]
}

56
2024/29xxx/CVE-2024-29442.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29442",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-29442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/yashpatelphd/CVE-2024-29442",
"url": "https://github.com/yashpatelphd/CVE-2024-29442"
}
]
}

5
2024/2xxx/CVE-2024-2625.json
View File

@ -73,6 +73,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/"
}
]
}

5
2024/2xxx/CVE-2024-2626.json
View File

@ -73,6 +73,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/"
}
]
}

5
2024/2xxx/CVE-2024-2627.json
View File

@ -73,6 +73,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/"
}
]
}

5
2024/2xxx/CVE-2024-2628.json
View File

@ -73,6 +73,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/"
}
]
}

5
2024/2xxx/CVE-2024-2629.json
View File

@ -73,6 +73,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/"
}
]
}

5
2024/2xxx/CVE-2024-2630.json
View File

@ -73,6 +73,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/"
}
]
}

5
2024/2xxx/CVE-2024-2631.json
View File

@ -73,6 +73,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/"
}
]
}

102
2024/2xxx/CVE-2024-2873.json
View File

@ -1,17 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2873",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "facts@wolfssl.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wolfSSL Inc.",
"product": {
"product_data": [
{
"product_name": "wolfSSH",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "v1.4.16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/wolfSSL/wolfssh/pull/670",
"refsource": "MISC",
"name": "https://github.com/wolfSSL/wolfssh/pull/670"
},
{
"url": "https://github.com/wolfSSL/wolfssh/pull/671",
"refsource": "MISC",
"name": "https://github.com/wolfSSL/wolfssh/pull/671"
},
{
"url": "https://www.wolfssl.com/docs/security-vulnerabilities/",
"refsource": "MISC",
"name": "https://www.wolfssl.com/docs/security-vulnerabilities/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: transparent;\">The fix for this issue is located in the following GitHub Pull Requests:<br><ul><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/wolfSSL/wolfssh/pull/670\">https://github.com/wolfSSL/wolfssh/pull/670</a><br></li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/wolfSSL/wolfssh/pull/671\">https://github.com/wolfSSL/wolfssh/pull/671</a><br></li></ul></span>"
}
],
"value": "The fix for this issue is located in the following GitHub Pull Requests:\n * https://github.com/wolfSSL/wolfssh/pull/670 \n\n * https://github.com/wolfSSL/wolfssh/pull/671 \n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

113
2024/30xxx/CVE-2024-30177.json
View File

@ -1,122 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30177",
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.8.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Exclusive Addons",
"product": {
"product_data": [
{
"product_name": "Exclusive Addons Elementor",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "2.6.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.6.8",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/exclusive-addons-for-elementor/wordpress-exclusive-addons-for-elementor-plugin-2-6-8-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/exclusive-addons-for-elementor/wordpress-exclusive-addons-for-elementor-plugin-2-6-8-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.6.9 or a higher version."
}
],
"value": "Update to 2.6.9 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Abu Hurayra (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

113
2024/30xxx/CVE-2024-30178.json
View File

@ -1,122 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30178",
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Patrick Posner Simply Static allows Stored XSS.This issue affects Simply Static: from n/a through 3.1.3.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Patrick Posner",
"product": {
"product_data": [
{
"product_name": "Simply Static",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "3.1.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.1.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/simply-static/wordpress-simply-static-plugin-3-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/simply-static/wordpress-simply-static-plugin-3-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.1.4 or a higher version."
}
],
"value": "Update to 3.1.4 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "CatFather (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

113
2024/30xxx/CVE-2024-30179.json
View File

@ -1,122 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30179",
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.7.6.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BoldThemes",
"product": {
"product_data": [
{
"product_name": "Bold Page Builder",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "4.7.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.7.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/bold-page-builder/wordpress-bold-page-builder-plugin-4-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/bold-page-builder/wordpress-bold-page-builder-plugin-4-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.7.7 or a higher version."
}
],
"value": "Update to 4.7.7 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "LVT-tholv2k (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

113
2024/30xxx/CVE-2024-30180.json
View File

@ -1,122 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30180",
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Social Feed allows Stored XSS.This issue affects Easy Social Feed: from n/a through 6.5.3.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Easy Social Feed",
"product": {
"product_data": [
{
"product_name": "Easy Social Feed",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "6.5.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.5.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/easy-facebook-likebox/wordpress-easy-social-feed-plugin-6-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/easy-facebook-likebox/wordpress-easy-social-feed-plugin-6-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 6.5.4 or a higher version."
}
],
"value": "Update to 6.5.4 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "LVT-tholv2k (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

113
2024/30xxx/CVE-2024-30181.json
View File

@ -1,122 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30181",
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through 3.9.30.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Plainware",
"product": {
"product_data": [
{
"product_name": "Locatoraid Store Locator",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "3.9.31",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.30",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/locatoraid/wordpress-locatoraid-store-locator-plugin-3-9-30-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/locatoraid/wordpress-locatoraid-store-locator-plugin-3-9-30-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.9.31 or a higher version."
}
],
"value": "Update to 3.9.31 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

113
2024/30xxx/CVE-2024-30182.json
View File

@ -1,122 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30182",
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega allows Stored XSS.This issue affects HT Mega: from n/a through 2.4.3.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HasThemes",
"product": {
"product_data": [
{
"product_name": "HT Mega",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "2.4.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.4.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.4.4 or a higher version."
}
],
"value": "Update to 2.4.4 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Abu Hurayra (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

113
2024/30xxx/CVE-2024-30183.json
View File

@ -1,122 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30183",
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through 3.7.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Livemesh",
"product": {
"product_data": [
{
"product_name": "Livemesh Addons for WPBakery Page Builder",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "3.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.7",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/addons-for-visual-composer/wordpress-wpbakery-page-builder-addons-by-livemesh-plugin-3-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/addons-for-visual-composer/wordpress-wpbakery-page-builder-addons-by-livemesh-plugin-3-7-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.8 or a higher version."
}
],
"value": "Update to 3.8 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Abu Hurayra (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

113
2024/30xxx/CVE-2024-30184.json
View File

@ -1,122 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30184",
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Looking Forward Software Incorporated. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 4.2.6.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Looking Forward Software Incorporated.",
"product": {
"product_data": [
{
"product_name": "Popup Builder",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "4.2.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.2.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/popup-builder/wordpress-popup-builder-plugin-4-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/popup-builder/wordpress-popup-builder-plugin-4-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.2.7 or a higher version."
}
],
"value": "Update to 4.2.7 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "LVT-tholv2k (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

113
2024/30xxx/CVE-2024-30185.json
View File

@ -1,122 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30185",
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BdThemes",
"product": {
"product_data": [
{
"product_name": "Element Pack Elementor Addons",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "5.5.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.5.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/bdthemes-element-pack-lite/wordpress-element-pack-elementor-addons-plugin-5-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/bdthemes-element-pack-lite/wordpress-element-pack-elementor-addons-plugin-5-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 5.5.4 or a higher version."
}
],
"value": "Update to 5.5.4 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Abu Hurayra (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

113
2024/30xxx/CVE-2024-30186.json
View File

@ -1,122 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30186",
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Prime Slider \u2013 Addons For Elementor allows Stored XSS.This issue affects Prime Slider \u2013 Addons For Elementor: from n/a through 3.13.1.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BdThemes",
"product": {
"product_data": [
{
"product_name": "Prime Slider \u2013 Addons For Elementor",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "3.13.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.13.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/bdthemes-prime-slider-lite/wordpress-prime-slider-plugin-3-13-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/bdthemes-prime-slider-lite/wordpress-prime-slider-plugin-3-13-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.13.2 or a higher version."
}
],
"value": "Update to 3.13.2 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Abu Hurayra (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}