admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-02-26 12:00:33 +00:00
parent 82714bc080
commit 56110f0b52
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
9 changed files with 293 additions and 445 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
2022/25xxx/CVE-2022-25773.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25773",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mautic.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server.\n\n * Improper Limitation of a Pathname to a Restricted Directory:\u00a0A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended temporary directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mautic",
"product": {
"product_data": [
{
"product_name": "mautic/core",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 5.2.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-4w2w-36vm-c8hf",
"refsource": "MISC",
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-4w2w-36vm-c8hf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "GHSA-4w2w-36vm-c8hf",
"discovery": "INTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

133
2022/49xxx/CVE-2022-49101.json
View File

@ -5,143 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2022-49101",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32\n\nThe sched_clock() can be used very early since commit 857baa87b642\n(\"sched/clock: Enable sched clock early\"). In addition, with commit\n38669ba205d1 (\"x86/xen/time: Output xen sched_clock time from 0\"), kdump\nkernel in Xen HVM guest may panic at very early stage when accessing\n&__this_cpu_read(xen_vcpu)->time as in below:\n\nsetup_arch()\n -> init_hypervisor_platform()\n -> x86_init.hyper.init_platform = xen_hvm_guest_init()\n -> xen_hvm_init_time_ops()\n -> xen_clocksource_read()\n -> src = &__this_cpu_read(xen_vcpu)->time;\n\nThis is because Xen HVM supports at most MAX_VIRT_CPUS=32 'vcpu_info'\nembedded inside 'shared_info' during early stage until xen_vcpu_setup() is\nused to allocate/relocate 'vcpu_info' for boot cpu at arbitrary address.\n\nHowever, when Xen HVM guest panic on vcpu >= 32, since\nxen_vcpu_info_reset(0) would set per_cpu(xen_vcpu, cpu) = NULL when\nvcpu >= 32, xen_clocksource_read() on vcpu >= 32 would panic.\n\nThis patch calls xen_hvm_init_time_ops() again later in\nxen_hvm_smp_prepare_boot_cpu() after the 'vcpu_info' for boot vcpu is\nregistered when the boot vcpu is >= 32.\n\nThis issue can be reproduced on purpose via below command at the guest\nside when kdump/kexec is enabled:\n\n\"taskset -c 33 echo c > /proc/sysrq-trigger\"\n\nThe bugfix for PVM is not implemented due to the lack of testing\nenvironment.\n\n[boris: xen_hvm_init_time_ops() returns on errors instead of jumping to end]"
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "0848767dee78c00c5646eef9b3201ee14ce68563"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.19.238",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.189",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.111",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.34",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.16.20",
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.17.3",
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.18",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0848767dee78c00c5646eef9b3201ee14ce68563",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0848767dee78c00c5646eef9b3201ee14ce68563"
},
{
"url": "https://git.kernel.org/stable/c/8a7462b5211cd5b74b8815034d038e28cbd96d52",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8a7462b5211cd5b74b8815034d038e28cbd96d52"
},
{
"url": "https://git.kernel.org/stable/c/a2a0e04f6478e8c1038db64717f3fafd55de1420",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a2a0e04f6478e8c1038db64717f3fafd55de1420"
},
{
"url": "https://git.kernel.org/stable/c/5c0750cad73350e1c504eb91a94093a79f6f6296",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5c0750cad73350e1c504eb91a94093a79f6f6296"
},
{
"url": "https://git.kernel.org/stable/c/be63f365f454e39d09c41bbd21ea72b5244160b5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/be63f365f454e39d09c41bbd21ea72b5244160b5"
},
{
"url": "https://git.kernel.org/stable/c/b6f6b353d6c765b83c9e5e518a44ca1ae40fe227",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b6f6b353d6c765b83c9e5e518a44ca1ae40fe227"
},
{
"url": "https://git.kernel.org/stable/c/eed05744322da07dd7e419432dcedf3c2e017179",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/eed05744322da07dd7e419432dcedf3c2e017179"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

154
2022/49xxx/CVE-2022-49181.json
View File

@ -5,164 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2022-49181",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: fix is_xen_pmu()\n\nis_xen_pmu() is taking the cpu number as parameter, but it is not using\nit. Instead it just tests whether the Xen PMU initialization on the\ncurrent cpu did succeed. As this test is done by checking a percpu\npointer, preemption needs to be disabled in order to avoid switching\nthe cpu while doing the test. While resuming from suspend() this seems\nnot to be the case:\n\n[ 88.082751] ACPI: PM: Low-level resume complete\n[ 88.087933] ACPI: EC: EC started\n[ 88.091464] ACPI: PM: Restoring platform NVS memory\n[ 88.097166] xen_acpi_processor: Uploading Xen processor PM info\n[ 88.103850] Enabling non-boot CPUs ...\n[ 88.108128] installing Xen timer for CPU 1\n[ 88.112763] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-sleep/7138\n[ 88.122256] caller is is_xen_pmu+0x12/0x30\n[ 88.126937] CPU: 0 PID: 7138 Comm: systemd-sleep Tainted: G W 5.16.13-2.fc32.qubes.x86_64 #1\n[ 88.137939] Hardware name: Star Labs StarBook/StarBook, BIOS 7.97 03/21/2022\n[ 88.145930] Call Trace:\n[ 88.148757] <TASK>\n[ 88.151193] dump_stack_lvl+0x48/0x5e\n[ 88.155381] check_preemption_disabled+0xde/0xe0\n[ 88.160641] is_xen_pmu+0x12/0x30\n[ 88.164441] xen_smp_intr_init_pv+0x75/0x100\n\nFix that by replacing is_xen_pmu() by a simple boolean variable which\nreflects the Xen PMU initialization state on cpu 0.\n\nModify xen_pmu_init() to return early in case it is being called for a\ncpu other than cpu 0 and the boolean variable not being set."
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "bf6dfb154d935725c9a2005033ca33017b9df439",
"version_value": "e9f72105cf4a16bb185093b60fc12dbc82fe15b5"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.3",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.276",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.238",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.189",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.110",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.33",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.16.19",
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.17.2",
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.18",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e9f72105cf4a16bb185093b60fc12dbc82fe15b5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e9f72105cf4a16bb185093b60fc12dbc82fe15b5"
},
{
"url": "https://git.kernel.org/stable/c/d533c4a2e8c4ca3a0fe84d295a7bd43af1931028",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d533c4a2e8c4ca3a0fe84d295a7bd43af1931028"
},
{
"url": "https://git.kernel.org/stable/c/ab2c789d1c0a3d0a682f7aa287754193471ff9f8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ab2c789d1c0a3d0a682f7aa287754193471ff9f8"
},
{
"url": "https://git.kernel.org/stable/c/e9445a7a59d84ed3ae6c85f299d2a6c4930b1ee9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e9445a7a59d84ed3ae6c85f299d2a6c4930b1ee9"
},
{
"url": "https://git.kernel.org/stable/c/af884b276b08e2b7e74c2b9208df35f36fa6a54c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/af884b276b08e2b7e74c2b9208df35f36fa6a54c"
},
{
"url": "https://git.kernel.org/stable/c/980bc42812c0a4788aee4b519bc911bfb911c23c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/980bc42812c0a4788aee4b519bc911bfb911c23c"
},
{
"url": "https://git.kernel.org/stable/c/26911a822148bef5dcfc55e7df49cb05a18737e3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/26911a822148bef5dcfc55e7df49cb05a18737e3"
},
{
"url": "https://git.kernel.org/stable/c/de2ae403b4c0e79a3410e63bc448542fbb9f9bfc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/de2ae403b4c0e79a3410e63bc448542fbb9f9bfc"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

8
2022/49xxx/CVE-2022-49355.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49355",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}

144
2022/49xxx/CVE-2022-49660.json
View File

@ -5,154 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2022-49660",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/arm: Fix race in RB-tree based P2M accounting\n\nDuring the PV driver life cycle the mappings are added to\nthe RB-tree by set_foreign_p2m_mapping(), which is called from\ngnttab_map_refs() and are removed by clear_foreign_p2m_mapping()\nwhich is called from gnttab_unmap_refs(). As both functions end\nup calling __set_phys_to_machine_multi() which updates the RB-tree,\nthis function can be called concurrently.\n\nThere is already a \"p2m_lock\" to protect against concurrent accesses,\nbut the problem is that the first read of \"phys_to_mach.rb_node\"\nin __set_phys_to_machine_multi() is not covered by it, so this might\nlead to the incorrect mappings update (removing in our case) in RB-tree.\n\nIn my environment the related issue happens rarely and only when\nPV net backend is running, the xen_add_phys_to_mach_entry() claims\nthat it cannot add new pfn <-> mfn mapping to the tree since it is\nalready exists which results in a failure when mapping foreign pages.\n\nBut there might be other bad consequences related to the non-protected\nroot reads such use-after-free, etc.\n\nWhile at it, also fix the similar usage in __pfn_to_mfn(), so\ninitialize \"struct rb_node *n\" with the \"p2m_lock\" held in both\nfunctions to avoid possible bad consequences.\n\nThis is CVE-2022-33744 / XSA-406."
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "856d1b8e6e826b5087f1ea3fdbabda3557d73599"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.9.322",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.287",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.251",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.204",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.129",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.53",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.18.10",
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.19",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/856d1b8e6e826b5087f1ea3fdbabda3557d73599",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/856d1b8e6e826b5087f1ea3fdbabda3557d73599"
},
{
"url": "https://git.kernel.org/stable/c/01b86faa64b1f5aa04c0b3ca2001b0a8474f3006",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/01b86faa64b1f5aa04c0b3ca2001b0a8474f3006"
},
{
"url": "https://git.kernel.org/stable/c/274cb74da15ed13292fcec9097f04332eb3eea17",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/274cb74da15ed13292fcec9097f04332eb3eea17"
},
{
"url": "https://git.kernel.org/stable/c/5c03cad51b84fb26ccea7fd99130d8ec47949cfc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5c03cad51b84fb26ccea7fd99130d8ec47949cfc"
},
{
"url": "https://git.kernel.org/stable/c/43c8d33ce353091f15312cb6de3531517d7bba90",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/43c8d33ce353091f15312cb6de3531517d7bba90"
},
{
"url": "https://git.kernel.org/stable/c/9f83c8f6ab14bbf4311b70bf1b7290d131059101",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9f83c8f6ab14bbf4311b70bf1b7290d131059101"
},
{
"url": "https://git.kernel.org/stable/c/efd9826d4c08abac7e8840757e3e1bfcf2876f70",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/efd9826d4c08abac7e8840757e3e1bfcf2876f70"
},
{
"url": "https://git.kernel.org/stable/c/b75cd218274e01d026dc5240e86fdeb44bbed0c8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b75cd218274e01d026dc5240e86fdeb44bbed0c8"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}

8
2022/49xxx/CVE-2022-49689.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-49689",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}

103
2024/47xxx/CVE-2024-47053.json
View File

@ -1,17 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47053",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mautic.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data.\n\n * Improper Authorization:\u00a0An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API. This bypasses the intended access controls governed by the \"Reporting Permissions > View Own\" and \"Reporting Permissions > View Others\" permissions, which should restrict access to non-System Reports."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mautic",
"product": {
"product_data": [
{
"product_name": "mautic/core",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": ">= 1.0.1",
"version_value": "< 5.2.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc",
"refsource": "MISC",
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc"
},
{
"url": "https://cwe.mitre.org/data/definitions/287.html",
"refsource": "MISC",
"name": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"url": "https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings",
"refsource": "MISC",
"name": "https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "GHSA-8xv7-g2q3-fqgc",
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Disable the API in Mautic. See <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings\">documentation</a>.</p>"
}
],
"value": "Disable the API in Mautic. See documentation https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings ."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

91
2024/6xxx/CVE-2024-6810.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6810",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Quiz Organizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "quizorganizer",
"product": {
"product_data": [
{
"product_name": "Quiz Organizer",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.9.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/651646b0-231f-401c-9f6d-d414609bd7ba?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/651646b0-231f-401c-9f6d-d414609bd7ba?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/quiz-organizer/trunk/src/includes/admin/admin-modify-quiz.php#L230",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/quiz-organizer/trunk/src/includes/admin/admin-modify-quiz.php#L230"
},
{
"url": "https://plugins.trac.wordpress.org/browser/quiz-organizer/trunk/src/includes/admin/admin-modify-quiz.php#L570",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/quiz-organizer/trunk/src/includes/admin/admin-modify-quiz.php#L570"
},
{
"url": "https://wordpress.org/plugins/quiz-organizer/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/quiz-organizer/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/browser/quiz-organizer/trunk/src/includes/sets/class-qzorg-plug-shortcode.php#L508",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/quiz-organizer/trunk/src/includes/sets/class-qzorg-plug-shortcode.php#L508"
}
]
},
"credits": [
{
"lang": "en",
"value": "Artem Polynko"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
}
]
}

18
2025/1xxx/CVE-2025-1715.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1715",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}