admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-01-15 12:00:54 +00:00
parent e2d2366b0f
commit 4794ca810a
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 350 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
2024/11xxx/CVE-2024-11848.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11848",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options to a fixed value of '1' which can activate certain options (e.g., enable user registration) or modify certain options in a way that leads to a denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nitropack",
"product": {
"product_data": [
{
"product_name": "NitroPack \u2013 Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.17.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1e1b06d0-f348-4a8b-8730-a87d8e2ba2a1?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1e1b06d0-f348-4a8b-8730-a87d8e2ba2a1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3211235/nitropack",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3211235/nitropack"
}
]
},
"credits": [
{
"lang": "en",
"value": "Sean Murphy"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH"
}
]
}

76
2024/11xxx/CVE-2024-11851.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11851",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to integers and not arbitrary values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nitropack",
"product": {
"product_data": [
{
"product_name": "NitroPack \u2013 Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.17.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8945bae7-2224-4d9f-b693-10c94c94dea0?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8945bae7-2224-4d9f-b693-10c94c94dea0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3211235/nitropack",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3211235/nitropack"
}
]
},
"credits": [
{
"lang": "en",
"value": "Sean Murphy"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

81
2024/12xxx/CVE-2024-12593.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12593",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The PDF for WPForms + Drag and Drop Template Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yeepdf_dotab shortcode in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "addonsorg",
"product": {
"product_data": [
{
"product_name": "PDF for WPForms + Drag and Drop Template Builder",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "4.6.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e6b24a2-55ed-40e7-bcf0-a9ceb8ea022c?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e6b24a2-55ed-40e7-bcf0-a9ceb8ea022c?source=cve"
},
{
"url": "https://wordpress.org/plugins/pdf-for-wpforms/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/pdf-for-wpforms/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3222206/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3222206/"
}
]
},
"credits": [
{
"lang": "en",
"value": "SOPROBRO"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

116
2025/0xxx/CVE-2025-0193.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0193",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@moxa.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored Cross-site Scripting (XSS) vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the \"Login Message\" functionality. An authenticated attacker with administrative access can exploit this vulnerability to inject malicious scripts that are\u00a0continuously stored on the device. These scripts are executed when other users access the login page, potentially resulting in unauthorized actions\u00a0or other impacts,\u00a0depending on the user's privileges."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Moxa",
"product": {
"product_data": [
{
"product_name": "MGate 5121 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
},
{
"product_name": "MGate 5122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
},
{
"product_name": "MGate 5123 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-247733-cve-2025-0193-stored-cross-site-scripting-(xss)-vulnerability-in-the-mgate-5121-5122-5123-series",
"refsource": "MISC",
"name": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-247733-cve-2025-0193-stored-cross-site-scripting-(xss)-vulnerability-in-the-mgate-5121-5122-5123-series"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<ul><li>Minimize network exposure to ensure the device is not accessible from the Internet. </li></ul><ul><li>Ensure that administrator accounts use strong, unique passwords, and restrict access to trusted personnel only.</li></ul>"
}
],
"value": "* Minimize network exposure to ensure the device is not accessible from the Internet. \n\n\n * Ensure that administrator accounts use strong, unique passwords, and restrict access to trusted personnel only."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Moxa has developed appropriate solutions to address vulnerability. The solutions for the affected products are listed below. </p><p></p><ul><li>MGate 5121 Series: Upgrade to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-5121-series#resources\">the firmware version 2.0</a>&nbsp;or later version</li><li><span style=\"background-color: var(--wht);\">MGate 5122 Series: Upgrade to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/ethernet-ip-gateways/mgate-5122-series#resources\">the firmware version 2.0</a><span style=\"background-color: var(--wht);\">&nbsp;or later version</span></li><li><span style=\"background-color: var(--wht);\">MGate 5123 Series: Upgrade to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/profinet-gateways/mgate-5123-series#resources\">the firmware version 2.0</a><span style=\"background-color: var(--wht);\">&nbsp;or later version</span></li></ul><p></p><br>"
}
],
"value": "Moxa has developed appropriate solutions to address vulnerability. The solutions for the affected products are listed below. \n\n\n\n * MGate 5121 Series: Upgrade to the firmware version 2.0 https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-5121-series#resources \u00a0or later version\n * MGate 5122 Series: Upgrade to the firmware version 2.0 https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/ethernet-ip-gateways/mgate-5122-series#resources \u00a0or later version\n * MGate 5123 Series: Upgrade to the firmware version 2.0 https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/profinet-gateways/mgate-5123-series#resources \u00a0or later version"
}
],
"credits": [
{
"lang": "en",
"value": "Dmitrii Mosichkin"
}
]
}

18
2025/23xxx/CVE-2025-23385.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23385",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}