admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-25 07:00:37 +00:00
parent ed411c9233
commit 6cb242c9f6
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
16 changed files with 1422 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
2024/10xxx/CVE-2024-10011.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10011",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory and enables file uploads to directories outside of the web root. Depending on server configuration it may be possible to upload files with double extensions. This vulnerability only affects Windows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "buddypress",
"product": {
"product_data": [
{
"product_name": "BuddyPress",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "14.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4327f414-64f4-4193-a5c0-2a5ecdd75e11?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4327f414-64f4-4193-a5c0-2a5ecdd75e11?source=cve"
},
{
"url": "https://github.com/buddypress/buddypress/blob/master/src/bp-core/bp-core-avatars.php#L1370",
"refsource": "MISC",
"name": "https://github.com/buddypress/buddypress/blob/master/src/bp-core/bp-core-avatars.php#L1370"
},
{
"url": "https://github.com/buddypress/buddypress/blob/master/src/bp-core/bp-core-avatars.php#L1270",
"refsource": "MISC",
"name": "https://github.com/buddypress/buddypress/blob/master/src/bp-core/bp-core-avatars.php#L1270"
},
{
"url": "https://codex.buddypress.org/releases/version-14-2-1/",
"refsource": "MISC",
"name": "https://codex.buddypress.org/releases/version-14-2-1/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3173924/buddypress/trunk/bp-core/bp-core-avatars.php?contextall=1&old=3102524&old_path=%2Fbuddypress%2Ftrunk%2Fbp-core%2Fbp-core-avatars.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3173924/buddypress/trunk/bp-core/bp-core-avatars.php?contextall=1&old=3102524&old_path=%2Fbuddypress%2Ftrunk%2Fbp-core%2Fbp-core-avatars.php"
}
]
},
"credits": [
{
"lang": "en",
"value": "Domons"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 8.1,
"baseSeverity": "HIGH"
}
]
}

76
2024/10xxx/CVE-2024-10148.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10148",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "sohelwpexpert",
"product": {
"product_data": [
{
"product_name": "Awesome buttons",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/84ef25b6-8119-41e5-9959-ccdfb9893e75?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/84ef25b6-8119-41e5-9959-ccdfb9893e75?source=cve"
},
{
"url": "https://wordpress.org/plugins/wp-awesome-buttons/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/wp-awesome-buttons/#developers"
}
]
},
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

18
2024/10xxx/CVE-2024-10380.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10380",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

114
2024/42xxx/CVE-2024-42420.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-42420",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages.\r\nCrafted HTTP requests may cause affected products crashed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Sharp Digital Full-color MFPs and Monochrome MFPs",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "see the information provided by Sharp Corporation."
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "e-STUDIO 908",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T2.12.h3.00 and earlier versions"
}
]
}
},
{
"product_name": "e-STUDIO 1058",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T1.01.h4.00 and earlier versions"
}
]
}
},
{
"product_name": "e-STUDIO 1208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T1.01.h4.00 and earlier versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/vu/JVNVU95063136/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU95063136/"
},
{
"url": "https://global.sharp/products/copier/info/info_security_2024-10-25.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-10-25.html"
},
{
"url": "https://www.toshibatec.com/information/20241025_01.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20241025_01.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
]
}

114
2024/43xxx/CVE-2024-43424.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43424",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability.\r\nCrafted HTTP requests may cause affected products crashed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Sharp Digital Full-color MFPs and Monochrome MFPs",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "see the information provided by Sharp Corporation"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "e-STUDIO 908",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T2.12.h3.00 and earlier versions"
}
]
}
},
{
"product_name": "e-STUDIO 1058",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T1.01.h4.00 and earlier versions"
}
]
}
},
{
"product_name": "e-STUDIO 1208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T1.01.h4.00 and earlier versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/vu/JVNVU95063136/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU95063136/"
},
{
"url": "https://global.sharp/products/copier/info/info_security_2024-10-25.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-10-25.html"
},
{
"url": "https://www.toshibatec.com/information/20241025_01.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20241025_01.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
]
}

114
2024/45xxx/CVE-2024-45829.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45829",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability.\r\nCrafted HTTP requests may cause affected products crashed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Sharp Digital Full-color MFPs and Monochrome MFPs",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "see the information provided by Sharp Corporation"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "e-STUDIO 908",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T2.12.h3.00 and earlier versions"
}
]
}
},
{
"product_name": "e-STUDIO 1058",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T1.01.h4.00 and earlier versions"
}
]
}
},
{
"product_name": "e-STUDIO 1208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T1.01.h4.00 and earlier versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/vu/JVNVU95063136/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU95063136/"
},
{
"url": "https://global.sharp/products/copier/info/info_security_2024-10-25.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-10-25.html"
},
{
"url": "https://www.toshibatec.com/information/20241025_01.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20241025_01.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "MEDIUM",
"baseScore": 4.9,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"
}
]
}

114
2024/45xxx/CVE-2024-45842.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45842",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability.\r\nUnintended internal files may be retrieved when processing crafted HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper limitation of a pathname to a restricted directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Sharp Digital Full-color MFPs and Monochrome MFPs",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "see the information provided by Sharp Corporation"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "e-STUDIO 908",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T2.12.h3.00 and earlier versions"
}
]
}
},
{
"product_name": "e-STUDIO 1058",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T1.01.h4.00 and earlier versions"
}
]
}
},
{
"product_name": "e-STUDIO 1208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T1.01.h4.00 and earlier versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/vu/JVNVU95063136/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU95063136/"
},
{
"url": "https://global.sharp/products/copier/info/info_security_2024-10-25.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-10-25.html"
},
{
"url": "https://www.toshibatec.com/information/20241025_01.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20241025_01.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "MEDIUM",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
]
}

114
2024/47xxx/CVE-2024-47005.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47005",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted.\r\nA non-administrative user may execute some configuration APIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposed dangerous method or function",
"cweId": "CWE-749"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Sharp Digital Full-color MFPs and Monochrome MFPs",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "see the information provided by Sharp Corporation"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "e-STUDIO 908",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T2.12.h3.00 and earlier versions"
}
]
}
},
{
"product_name": "e-STUDIO 1058",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T1.01.h4.00 and earlier versions"
}
]
}
},
{
"product_name": "e-STUDIO 1208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T1.01.h4.00 and earlier versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/vu/JVNVU95063136/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU95063136/"
},
{
"url": "https://global.sharp/products/copier/info/info_security_2024-10-25.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-10-25.html"
},
{
"url": "https://www.toshibatec.com/information/20241025_01.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20241025_01.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
}
]
}

114
2024/47xxx/CVE-2024-47406.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47406",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass Using an Alternate Path or Channel",
"cweId": "CWE-288"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Sharp Digital Full-color MFPs and Monochrome MFPs",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "see the information provided by Sharp Corporation"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "e-STUDIO 908",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T2.12.h3.00 and earlier versions"
}
]
}
},
{
"product_name": "e-STUDIO 1058",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T1.01.h4.00 and earlier versions"
}
]
}
},
{
"product_name": "e-STUDIO 1208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T1.01.h4.00 and earlier versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/vu/JVNVU95063136/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU95063136/"
},
{
"url": "https://global.sharp/products/copier/info/info_security_2024-10-25.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-10-25.html"
},
{
"url": "https://www.toshibatec.com/information/20241025_01.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20241025_01.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "CRITICAL",
"baseScore": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
}
]
}

114
2024/47xxx/CVE-2024-47549.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47549",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers.\r\nAccessing a crafted URL which points to an affected product may cause malicious script executed on the web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of HTTP Headers for Scripting Syntax",
"cweId": "CWE-644"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Sharp Digital Full-color MFPs and Monochrome MFPs",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "see the information provided by Sharp Corporation"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "e-STUDIO 908",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T2.12.h3.00 and earlier versions"
}
]
}
},
{
"product_name": "e-STUDIO 1058",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T1.01.h4.00 and earlier versions"
}
]
}
},
{
"product_name": "e-STUDIO 1208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T1.01.h4.00 and earlier versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/vu/JVNVU95063136/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU95063136/"
},
{
"url": "https://global.sharp/products/copier/info/info_security_2024-10-25.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-10-25.html"
},
{
"url": "https://www.toshibatec.com/information/20241025_01.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20241025_01.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
}
]
}

114
2024/47xxx/CVE-2024-47801.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47801",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability.\r\nAccessing a crafted URL which points to an affected product may cause malicious script executed on the web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS)",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Sharp Digital Full-color MFPs and Monochrome MFPs",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "see the information provided by Sharp Corporation"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "e-STUDIO 908",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T2.12.h3.00 and earlier versions"
}
]
}
},
{
"product_name": "e-STUDIO 1058",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T1.01.h4.00 and earlier versions"
}
]
}
},
{
"product_name": "e-STUDIO 1208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T1.01.h4.00 and earlier versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/vu/JVNVU95063136/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU95063136/"
},
{
"url": "https://global.sharp/products/copier/info/info_security_2024-10-25.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-10-25.html"
},
{
"url": "https://www.toshibatec.com/information/20241025_01.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20241025_01.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
}
]
}

114
2024/48xxx/CVE-2024-48870.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48870",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability.\r\nIf crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS)",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "e-STUDIO 908",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T2.12.h3.00 and earlier versions"
}
]
}
},
{
"product_name": "e-STUDIO 1058",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T1.01.h4.00 and earlier versions"
}
]
}
},
{
"product_name": "e-STUDIO 1208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "T1.01.h4.00 and earlier versions"
}
]
}
}
]
}
},
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Sharp Digital Full-color MFPs and Monochrome MFPs",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "see the information provided by Sharp Corporation"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/vu/JVNVU95063136/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU95063136/"
},
{
"url": "https://global.sharp/products/copier/info/info_security_2024-10-25.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-10-25.html"
},
{
"url": "https://www.toshibatec.com/information/20241025_01.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20241025_01.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "MEDIUM",
"baseScore": 6.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N"
}
]
}

16
2024/9xxx/CVE-2024-9139.json
View File

@ -118,6 +118,18 @@
}
]
}
},
{
"product_name": "EDR-810 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "5.12.33"
}
]
}
}
]
}
@ -160,10 +172,10 @@
{
"base64": false,
"type": "text/html",
"value": "<p>Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.</p><ol><li><span style=\"background-color: var(--wht);\">EDR-8010 Series: Upgrade to the firmware version 3.13.</span></li><li>EDR-G9004 Series: Upgrade to the firmware version 3.13.</li><li>EDR-G9010 Series: Upgrade to the firmware version 3.13.</li><li>EDF-G1002-BP Series: Upgrade to the firmware version 3.13.</li><li>NAT-102 Series: Please contact Moxa Technical Support for the security patch.</li><li>OnCell G4302-LTE4 Series: Upgrade to the firmware version 3.13.</li><li>TN-4900 Series: Upgrade to the firmware version 3.13.</li></ol><br>"
"value": "<p>Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.</p><ol><li><span style=\"background-color: var(--wht);\">EDR-8010 Series: Upgrade to the firmware version 3.13 or later version.</span></li><li>EDR-G9004 Series: Upgrade to the firmware version 3.13 or later version.</li><li>EDR-G9010 Series: Upgrade to the firmware version 3.13 or later version.</li><li>EDF-G1002-BP Series: Upgrade to the firmware version 3.13 or later version.</li><li>NAT-102 Series: Please contact Moxa Technical Support for the security patch.</li><li>OnCell G4302-LTE4 Series: Upgrade to the firmware version 3.13 or later version.</li><li>TN-4900 Series: Upgrade to the firmware version 3.13 or later version.</li><li>EDR-810 Series: Upgrade to the firmware version 5.12.37 or later version.</li></ol><br>"
}
],
"value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.\n\n * EDR-8010 Series: Upgrade to the firmware version 3.13.\n * EDR-G9004 Series: Upgrade to the firmware version 3.13.\n * EDR-G9010 Series: Upgrade to the firmware version 3.13.\n * EDF-G1002-BP Series: Upgrade to the firmware version 3.13.\n * NAT-102 Series: Please contact Moxa Technical Support for the security patch.\n * OnCell G4302-LTE4 Series: Upgrade to the firmware version 3.13.\n * TN-4900 Series: Upgrade to the firmware version 3.13."
"value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.\n\n * EDR-8010 Series: Upgrade to the firmware version 3.13 or later version.\n * EDR-G9004 Series: Upgrade to the firmware version 3.13 or later version.\n * EDR-G9010 Series: Upgrade to the firmware version 3.13 or later version.\n * EDF-G1002-BP Series: Upgrade to the firmware version 3.13 or later version.\n * NAT-102 Series: Please contact Moxa Technical Support for the security patch.\n * OnCell G4302-LTE4 Series: Upgrade to the firmware version 3.13 or later version.\n * TN-4900 Series: Upgrade to the firmware version 3.13 or later version.\n * EDR-810 Series: Upgrade to the firmware version 5.12.37 or later version."
}
],
"credits": [

91
2024/9xxx/CVE-2024-9235.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9235",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapster_wp_maps_set_option_from_js() function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with contributor-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mapster",
"product": {
"product_data": [
{
"product_name": "Mapster WP Maps",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b81c2990-68d1-4d45-9724-262ec017caf1?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b81c2990-68d1-4d45-9724-262ec017caf1?source=cve"
},
{
"url": "https://github.com/WordPressBugBounty/plugins-mapster-wp-maps/blob/009ff350f7fee0788c6d8a735af03e21b132c983/mapster-wp-maps/admin/api/class-mapster-wordpress-maps-api.php#L12",
"refsource": "MISC",
"name": "https://github.com/WordPressBugBounty/plugins-mapster-wp-maps/blob/009ff350f7fee0788c6d8a735af03e21b132c983/mapster-wp-maps/admin/api/class-mapster-wordpress-maps-api.php#L12"
},
{
"url": "https://wordpress.org/plugins/mapster-wp-maps/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/mapster-wp-maps/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3161051/mapster-wp-maps/tags/1.5.0/admin/api/class-mapster-wordpress-maps-api.php?old=3154048&old_path=mapster-wp-maps%2Ftags%2F1.4.1%2Fadmin%2Fapi%2Fclass-mapster-wordpress-maps-api.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3161051/mapster-wp-maps/tags/1.5.0/admin/api/class-mapster-wordpress-maps-api.php?old=3154048&old_path=mapster-wp-maps%2Ftags%2F1.4.1%2Fadmin%2Fapi%2Fclass-mapster-wordpress-maps-api.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3173973",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3173973"
}
]
},
"credits": [
{
"lang": "en",
"value": "Sean Murphy"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

86
2024/9xxx/CVE-2024-9302.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9302",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The App Builder \u2013 Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.3.7. This is due to the verify_otp_forgot_password() and update_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"cweId": "CWE-640"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "appcheap",
"product": {
"product_data": [
{
"product_name": "App Builder \u2013 Create Native Android & iOS Apps On The Flight",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.3.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0eb9d676-4fa0-4bdc-af44-5d7e1dd8c6e6?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0eb9d676-4fa0-4bdc-af44-5d7e1dd8c6e6?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/app-builder/tags/5.3.1/includes/Di/Service/Auth/ForgotPassword.php#L247",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/app-builder/tags/5.3.1/includes/Di/Service/Auth/ForgotPassword.php#L247"
},
{
"url": "https://plugins.trac.wordpress.org/browser/app-builder/tags/5.3.1/includes/Di/Service/Auth/ForgotPassword.php#L196",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/app-builder/tags/5.3.1/includes/Di/Service/Auth/ForgotPassword.php#L196"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3161215/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3161215/"
}
]
},
"credits": [
{
"lang": "en",
"value": "wesley"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH"
}
]
}

76
2024/9xxx/CVE-2024-9607.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9607",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Please note this is only exploitable when the leave a review notice is present."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "10web",
"product": {
"product_data": [
{
"product_name": "10Web Social Post Feed",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.2.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be151552-827c-43a6-a0e0-da19884448fd?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be151552-827c-43a6-a0e0-da19884448fd?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wd-facebook-feed/trunk/wd/includes/notices.php#L204",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wd-facebook-feed/trunk/wd/includes/notices.php#L204"
}
]
},
"credits": [
{
"lang": "en",
"value": "Dale Mavers"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}