From 60097c6f0eef35663230ad94e1a43a96c5ecc1aa Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 11 Nov 2024 06:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/1xxx/CVE-2024-1394.json | 38 +++++------ 2024/38xxx/CVE-2024-38826.json | 69 ++++++++++++++++++-- 2024/51xxx/CVE-2024-51571.json | 85 +++++++++++++++++++++++-- 2024/51xxx/CVE-2024-51572.json | 85 +++++++++++++++++++++++-- 2024/51xxx/CVE-2024-51573.json | 85 +++++++++++++++++++++++-- 2024/51xxx/CVE-2024-51574.json | 85 +++++++++++++++++++++++-- 2024/51xxx/CVE-2024-51575.json | 85 +++++++++++++++++++++++-- 2024/51xxx/CVE-2024-51788.json | 85 +++++++++++++++++++++++-- 2024/51xxx/CVE-2024-51789.json | 85 +++++++++++++++++++++++-- 2024/51xxx/CVE-2024-51790.json | 85 +++++++++++++++++++++++-- 2024/51xxx/CVE-2024-51791.json | 113 +++++++++++++++++++++++++++++++-- 2024/51xxx/CVE-2024-51792.json | 85 +++++++++++++++++++++++-- 2024/51xxx/CVE-2024-51793.json | 85 +++++++++++++++++++++++-- 13 files changed, 1003 insertions(+), 67 deletions(-) diff --git a/2024/1xxx/CVE-2024-1394.json b/2024/1xxx/CVE-2024-1394.json index 3b8d038dbeb..bd63aeaff76 100644 --- a/2024/1xxx/CVE-2024-1394.json +++ b/2024/1xxx/CVE-2024-1394.json @@ -629,7 +629,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el9", + "version": "0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -692,7 +692,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "1:1.29.1-2.2.rhaos4.13.el8", + "version": "1:1.29.1-2.2.rhaos4.13.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -720,7 +720,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:1.26.5-11.1.rhaos4.13.git919cc6e.el8", + "version": "0:1.26.5-11.1.rhaos4.13.git919cc6e.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -734,7 +734,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:1.26.0-4.2.el9", + "version": "0:1.26.0-4.1.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -776,7 +776,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "3:4.4.1-6.2.rhaos4.13.el9", + "version": "3:4.4.1-5.2.rhaos4.13.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -804,7 +804,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "2:1.11.2-2.2.rhaos4.13.el8", + "version": "2:1.11.2-2.2.rhaos4.13.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -853,7 +853,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el9", + "version": "0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -867,7 +867,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:1.27.0-3.1.el9", + "version": "0:1.27.0-3.1.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -909,7 +909,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el8", + "version": "0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -923,7 +923,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "3:4.4.1-11.3.rhaos4.14.el8", + "version": "3:4.4.1-11.3.rhaos4.14.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -937,7 +937,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "2:1.11.2-10.3.rhaos4.14.el9", + "version": "2:1.11.2-10.3.rhaos4.14.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -979,7 +979,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "3:2.1.7-3.4.rhaos4.14.el8", + "version": "3:2.1.7-3.4.rhaos4.14.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -1007,7 +1007,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:1.27.4-7.2.rhaos4.14.git082c52f.el9", + "version": "0:1.27.4-7.2.rhaos4.14.git082c52f.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -1049,7 +1049,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el8", + "version": "0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -1133,7 +1133,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "3:4.4.1-11.4.rhaos4.14.el8", + "version": "3:4.4.1-11.4.rhaos4.14.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -1147,7 +1147,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "4:1.1.12-1.2.rhaos4.14.el9", + "version": "4:1.1.12-1.2.rhaos4.14.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -1210,7 +1210,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "1:1.29.1-20.3.rhaos4.15.el9", + "version": "1:1.29.1-20.3.rhaos4.15.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -1252,7 +1252,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:1.28.4-8.rhaos4.15.git24f50b9.el8", + "version": "0:1.28.4-8.rhaos4.15.git24f50b9.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -1336,7 +1336,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "4:1.1.12-1.1.rhaos4.15.el9", + "version": "4:1.1.12-1.1.rhaos4.15.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" diff --git a/2024/38xxx/CVE-2024-38826.json b/2024/38xxx/CVE-2024-38826.json index 120fcd2782d..52b68c06a0b 100644 --- a/2024/38xxx/CVE-2024-38826.json +++ b/2024/38xxx/CVE-2024-38826.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38826", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller.\n\nThe Cloud Foundry project recommends upgrading the following releases:\n\n * Upgrade capi release version to 1.194.0 or greater\n * Upgrade cf-deployment version to v44.1.0 or greater. This includes a patched capi release" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cloud Foundry", + "product": { + "product_data": [ + { + "product_name": "Cloud Foundry", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "1.194", + "status": "affected", + "version": "0", + "versionType": "OSS" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cloudfoundry.org/blog/cve-2024-38826-cloud-controller-denial-of-service-attack/", + "refsource": "MISC", + "name": "https://www.cloudfoundry.org/blog/cve-2024-38826-cloud-controller-denial-of-service-attack/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/51xxx/CVE-2024-51571.json b/2024/51xxx/CVE-2024-51571.json index 3befbeb09a8..f6d7378d982 100644 --- a/2024/51xxx/CVE-2024-51571.json +++ b/2024/51xxx/CVE-2024-51571.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51571", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MasterBip MasterBip para Elementor allows DOM-Based XSS.This issue affects MasterBip para Elementor: from n/a through 1.6.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MasterBip", + "product": { + "product_data": [ + { + "product_name": "MasterBip para Elementor", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.6.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/masterbip-for-elementor/wordpress-masterbip-para-elementor-plugin-1-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/masterbip-for-elementor/wordpress-masterbip-para-elementor-plugin-1-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Gab (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/51xxx/CVE-2024-51572.json b/2024/51xxx/CVE-2024-51572.json index bb177eb60ba..8518a428daf 100644 --- a/2024/51xxx/CVE-2024-51572.json +++ b/2024/51xxx/CVE-2024-51572.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51572", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Peter Shaw LH QR Codes allows Stored XSS.This issue affects LH QR Codes: from n/a through 1.06." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Peter Shaw", + "product": { + "product_data": [ + { + "product_name": "LH QR Codes", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.06" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/lh-qr-codes/wordpress-lh-qr-codes-plugin-1-06-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/lh-qr-codes/wordpress-lh-qr-codes-plugin-1-06-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/51xxx/CVE-2024-51573.json b/2024/51xxx/CVE-2024-51573.json index f32bfa9b145..c2ef594e312 100644 --- a/2024/51xxx/CVE-2024-51573.json +++ b/2024/51xxx/CVE-2024-51573.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51573", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Matthew Lillistone ML Responsive Audio player with playlist Shortcode allows Stored XSS.This issue affects ML Responsive Audio player with playlist Shortcode: from n/a through 0.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Matthew Lillistone", + "product": { + "product_data": [ + { + "product_name": "ML Responsive Audio player with playlist Shortcode", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/mlr-audio/wordpress-ml-responsive-audio-plugin-0-2-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/mlr-audio/wordpress-ml-responsive-audio-plugin-0-2-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/51xxx/CVE-2024-51574.json b/2024/51xxx/CVE-2024-51574.json index b6284250b04..cbead56d18d 100644 --- a/2024/51xxx/CVE-2024-51574.json +++ b/2024/51xxx/CVE-2024-51574.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51574", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Simple Goods allows Stored XSS.This issue affects Simple Goods: from n/a through 0.1.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Simple Goods", + "product": { + "product_data": [ + { + "product_name": "Simple Goods", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "0.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/simple-goods/wordpress-simple-goods-plugin-0-1-3-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/simple-goods/wordpress-simple-goods-plugin-0-1-3-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/51xxx/CVE-2024-51575.json b/2024/51xxx/CVE-2024-51575.json index 4296fa8b92f..6248eafdae1 100644 --- a/2024/51xxx/CVE-2024-51575.json +++ b/2024/51xxx/CVE-2024-51575.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51575", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Extender All In One For Elementor allows Stored XSS.This issue affects Extender All In One For Elementor: from n/a through 1.0.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Abdullah", + "product": { + "product_data": [ + { + "product_name": "Extender All In One For Elementor", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/extender-all-in-one-for-elementor/wordpress-extender-all-in-one-for-elementor-plugin-1-0-3-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/extender-all-in-one-for-elementor/wordpress-extender-all-in-one-for-elementor-plugin-1-0-3-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Gab (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/51xxx/CVE-2024-51788.json b/2024/51xxx/CVE-2024-51788.json index f7399601067..0bef5ac8cf2 100644 --- a/2024/51xxx/CVE-2024-51788.json +++ b/2024/51xxx/CVE-2024-51788.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51788", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from n/a through 4.3.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joshua Wolfe", + "product": { + "product_data": [ + { + "product_name": "The Novel Design Store Directory", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "4.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/noveldesign-store-directory/wordpress-the-novel-design-store-directory-plugin-4-3-0-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/noveldesign-store-directory/wordpress-the-novel-design-store-directory-plugin-4-3-0-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "stealthcopter (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/51xxx/CVE-2024-51789.json b/2024/51xxx/CVE-2024-51789.json index 732e4dba48b..c813ffdf6fe 100644 --- a/2024/51xxx/CVE-2024-51789.json +++ b/2024/51xxx/CVE-2024-51789.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51789", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in UjW0L Image Classify allows Upload a Web Shell to a Web Server.This issue affects Image Classify: from n/a through 1.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "UjW0L", + "product": { + "product_data": [ + { + "product_name": "Image Classify", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/image-classify/wordpress-image-classify-plugin-1-0-0-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/image-classify/wordpress-image-classify-plugin-1-0-0-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "stealthcopter (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/51xxx/CVE-2024-51790.json b/2024/51xxx/CVE-2024-51790.json index e54cc18a7e2..16182fe3354 100644 --- a/2024/51xxx/CVE-2024-51790.json +++ b/2024/51xxx/CVE-2024-51790.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51790", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Team HB WEBSOL HB AUDIO GALLERY allows Upload a Web Shell to a Web Server.This issue affects HB AUDIO GALLERY: from n/a through 3.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Team HB WEBSOL", + "product": { + "product_data": [ + { + "product_name": "HB AUDIO GALLERY", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/hb-audio-gallery/wordpress-hb-audio-gallery-plugin-3-0-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/hb-audio-gallery/wordpress-hb-audio-gallery-plugin-3-0-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "stealthcopter (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/51xxx/CVE-2024-51791.json b/2024/51xxx/CVE-2024-51791.json index 2e30d4ff97f..75c1a905ea3 100644 --- a/2024/51xxx/CVE-2024-51791.json +++ b/2024/51xxx/CVE-2024-51791.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51791", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through 2.8.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Made I.T.", + "product": { + "product_data": [ + { + "product_name": "Forms", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.8.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.8.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/forms-by-made-it/wordpress-forms-plugin-2-8-0-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/forms-by-made-it/wordpress-forms-plugin-2-8-0-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.8.1 or a higher version." + } + ], + "value": "Update to 2.8.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "stealthcopter (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/51xxx/CVE-2024-51792.json b/2024/51xxx/CVE-2024-51792.json index 71f25a581a9..ee31bc23382 100644 --- a/2024/51xxx/CVE-2024-51792.json +++ b/2024/51xxx/CVE-2024-51792.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51792", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Dang Ngoc Binh Audio Record allows Upload a Web Shell to a Web Server.This issue affects Audio Record: from n/a through 1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dang Ngoc Binh", + "product": { + "product_data": [ + { + "product_name": "Audio Record", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/audio-record/wordpress-audio-record-plugin-1-0-arbitrary-file-upload-vulnerability-2?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/audio-record/wordpress-audio-record-plugin-1-0-arbitrary-file-upload-vulnerability-2?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "stealthcopter (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/51xxx/CVE-2024-51793.json b/2024/51xxx/CVE-2024-51793.json index 3aef9566ec5..c8e05eb0912 100644 --- a/2024/51xxx/CVE-2024-51793.json +++ b/2024/51xxx/CVE-2024-51793.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51793", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Webful Creations Computer Repair Shop allows Upload a Web Shell to a Web Server.This issue affects Computer Repair Shop: from n/a through 3.8115." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Webful Creations", + "product": { + "product_data": [ + { + "product_name": "Computer Repair Shop", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "3.8115" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/computer-repair-shop/wordpress-repairbuddy-plugin-3-8115-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/computer-repair-shop/wordpress-repairbuddy-plugin-3-8115-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "stealthcopter (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] }