From 4c0357766e455c5fb8909ab954762ee466937c1f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 30 Oct 2024 12:00:30 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/10xxx/CVE-2024-10525.json | 74 +++++++++++++++++++++++++++-- 2024/10xxx/CVE-2024-10529.json | 18 +++++++ 2024/10xxx/CVE-2024-10530.json | 18 +++++++ 2024/10xxx/CVE-2024-10531.json | 18 +++++++ 2024/10xxx/CVE-2024-10532.json | 18 +++++++ 2024/10xxx/CVE-2024-10533.json | 18 +++++++ 2024/10xxx/CVE-2024-10534.json | 18 +++++++ 2024/10xxx/CVE-2024-10535.json | 18 +++++++ 2024/10xxx/CVE-2024-10536.json | 18 +++++++ 2024/10xxx/CVE-2024-10537.json | 18 +++++++ 2024/10xxx/CVE-2024-10538.json | 18 +++++++ 2024/3xxx/CVE-2024-3935.json | 74 +++++++++++++++++++++++++++-- 2024/8xxx/CVE-2024-8512.json | 81 ++++++++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9388.json | 86 ++++++++++++++++++++++++++++++++-- 14 files changed, 477 insertions(+), 18 deletions(-) create mode 100644 2024/10xxx/CVE-2024-10529.json create mode 100644 2024/10xxx/CVE-2024-10530.json create mode 100644 2024/10xxx/CVE-2024-10531.json create mode 100644 2024/10xxx/CVE-2024-10532.json create mode 100644 2024/10xxx/CVE-2024-10533.json create mode 100644 2024/10xxx/CVE-2024-10534.json create mode 100644 2024/10xxx/CVE-2024-10535.json create mode 100644 2024/10xxx/CVE-2024-10536.json create mode 100644 2024/10xxx/CVE-2024-10537.json create mode 100644 2024/10xxx/CVE-2024-10538.json diff --git a/2024/10xxx/CVE-2024-10525.json b/2024/10xxx/CVE-2024-10525.json index 37d96ecfd25..8a1fe930545 100644 --- a/2024/10xxx/CVE-2024-10525.json +++ b/2024/10xxx/CVE-2024-10525.json @@ -1,18 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10525", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@eclipse.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122 Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Eclipse Foundation", + "product": { + "product_data": [ + { + "product_name": "mosquitto", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.3.2", + "version_value": "2.0.18" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190", + "refsource": "MISC", + "name": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190" + }, + { + "url": "https://mosquitto.org/blog/2024/10/version-2-0-19-released/", + "refsource": "MISC", + "name": "https://mosquitto.org/blog/2024/10/version-2-0-19-released/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Qingpeng Du" + } + ] } \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10529.json b/2024/10xxx/CVE-2024-10529.json new file mode 100644 index 00000000000..651295da819 --- /dev/null +++ b/2024/10xxx/CVE-2024-10529.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10529", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10530.json b/2024/10xxx/CVE-2024-10530.json new file mode 100644 index 00000000000..46636147f88 --- /dev/null +++ b/2024/10xxx/CVE-2024-10530.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10530", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10531.json b/2024/10xxx/CVE-2024-10531.json new file mode 100644 index 00000000000..85ac995db4d --- /dev/null +++ b/2024/10xxx/CVE-2024-10531.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10531", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10532.json b/2024/10xxx/CVE-2024-10532.json new file mode 100644 index 00000000000..17d7c3df674 --- /dev/null +++ b/2024/10xxx/CVE-2024-10532.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10532", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10533.json b/2024/10xxx/CVE-2024-10533.json new file mode 100644 index 00000000000..d1ab3a3df19 --- /dev/null +++ b/2024/10xxx/CVE-2024-10533.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10533", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10534.json b/2024/10xxx/CVE-2024-10534.json new file mode 100644 index 00000000000..2fcf8f86f25 --- /dev/null +++ b/2024/10xxx/CVE-2024-10534.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10534", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10535.json b/2024/10xxx/CVE-2024-10535.json new file mode 100644 index 00000000000..a8a6d1a61c9 --- /dev/null +++ b/2024/10xxx/CVE-2024-10535.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10535", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10536.json b/2024/10xxx/CVE-2024-10536.json new file mode 100644 index 00000000000..c0cb992f12b --- /dev/null +++ b/2024/10xxx/CVE-2024-10536.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10536", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10537.json b/2024/10xxx/CVE-2024-10537.json new file mode 100644 index 00000000000..a23588f89a6 --- /dev/null +++ b/2024/10xxx/CVE-2024-10537.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10537", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10538.json b/2024/10xxx/CVE-2024-10538.json new file mode 100644 index 00000000000..848d2202866 --- /dev/null +++ b/2024/10xxx/CVE-2024-10538.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10538", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3935.json b/2024/3xxx/CVE-2024-3935.json index b3f4b20b83b..d87e881d8f0 100644 --- a/2024/3xxx/CVE-2024-3935.json +++ b/2024/3xxx/CVE-2024-3935.json @@ -1,18 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3935", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@eclipse.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-415 Double Free", + "cweId": "CWE-415" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Eclipse Foundation", + "product": { + "product_data": [ + { + "product_name": "mosquitto", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.0.0", + "version_value": "2.0.18" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197", + "refsource": "MISC", + "name": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197" + }, + { + "url": "https://mosquitto.org/blog/2024/10/version-2-0-19-released/", + "refsource": "MISC", + "name": "https://mosquitto.org/blog/2024/10/version-2-0-19-released/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "song xiangpu" + } + ] } \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8512.json b/2024/8xxx/CVE-2024-8512.json index b246f8597cc..fa39d7a876e 100644 --- a/2024/8xxx/CVE-2024-8512.json +++ b/2024/8xxx/CVE-2024-8512.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8512", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. This is due to the plugin passing user supplied input to eval(). This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + "cweId": "CWE-95" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "w3speedster", + "product": { + "product_data": [ + { + "product_name": "W3SPEEDSTER", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "7.26" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a56eb63-ba5c-4452-8ab9-f5aeaf53adda?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a56eb63-ba5c-4452-8ab9-f5aeaf53adda?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/w3speedster-wp/trunk/w3speedster.php#L740", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/w3speedster-wp/trunk/w3speedster.php#L740" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3175640/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3175640/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Lesor101" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" } ] } diff --git a/2024/9xxx/CVE-2024-9388.json b/2024/9xxx/CVE-2024-9388.json index 9a54ae57044..c5bd92260ef 100644 --- a/2024/9xxx/CVE-2024-9388.json +++ b/2024/9xxx/CVE-2024-9388.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9388", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "modernaweb", + "product": { + "product_data": [ + { + "product_name": "Black Widgets For Elementor", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.3.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/618c72b1-363b-41ad-939d-ab2a3b4d579c?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/618c72b1-363b-41ad-939d-ab2a3b4d579c?source=cve" + }, + { + "url": "https://wordpress.org/plugins/black-widgets/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/black-widgets/#developers" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/black-widgets/trunk/includes/class-bw.php#L95", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/black-widgets/trunk/includes/class-bw.php#L95" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3178366/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3178366/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] }