admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-28 12:00:35 +00:00
parent 401f7c3f0f
commit 6dddbe3861
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 219 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2023/26xxx/CVE-2023-26322.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "A code execution vulnerability exists"
"value": "n/a"
}
]
}

4
2024/45xxx/CVE-2024-45346.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code."
"value": "The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "A code execution vulnerability exists"
"value": "n/a"
}
]
}

74
2024/6xxx/CVE-2024-6449.json
View File

@ -1,18 +1,82 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6449",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cvd@cert.pl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HyperView\u00a0Geoportal Toolkit in versions though\u00a08.2.4 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters.\nAn unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by the attacker and execute them in the user space.\nBy manipulating this parameter it is also possible to enumerate some of the devices in Local Area Network in which the server resides."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
"cweId": "CWE-942"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HyperView",
"product": {
"product_data": [
{
"product_name": "Geoportal Toolkit",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "8.2.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.pl/en/posts/2024/08/CVE-2024-6449",
"refsource": "MISC",
"name": "https://cert.pl/en/posts/2024/08/CVE-2024-6449"
},
{
"url": "https://cert.pl/posts/2024/08/CVE-2024-6449",
"refsource": "MISC",
"name": "https://cert.pl/posts/2024/08/CVE-2024-6449"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Dariusz Go\u0144da"
}
]
}

74
2024/6xxx/CVE-2024-6450.json
View File

@ -1,18 +1,82 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6450",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cvd@cert.pl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HyperView\u00a0Geoportal Toolkit in versions though\u00a08.2.4 is vulnerable to Reflected Cross-Site Scripting (XSS). An unauthenticated attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HyperView",
"product": {
"product_data": [
{
"product_name": "Geoportal Toolkit",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "8.2.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.pl/en/posts/2024/08/CVE-2024-6449",
"refsource": "MISC",
"name": "https://cert.pl/en/posts/2024/08/CVE-2024-6449"
},
{
"url": "https://cert.pl/posts/2024/08/CVE-2024-6449",
"refsource": "MISC",
"name": "https://cert.pl/posts/2024/08/CVE-2024-6449"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Dariusz Go\u0144da"
}
]
}

81
2024/7xxx/CVE-2024-7447.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7447",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsf_af2_handel_file_upload' function in all versions up to, and including, 3.7.3.2. This makes it possible for unauthenticated attackers to upload arbitrary media to the site, even if no forms exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "funnelforms",
"product": {
"product_data": [
{
"product_name": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.7.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9871f683-136e-45b5-90fb-a373a771014b?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9871f683-136e-45b5-90fb-a373a771014b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/funnelforms-free/trunk/frontend/frontend.php#L2577",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/funnelforms-free/trunk/frontend/frontend.php#L2577"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3141470/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3141470/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

2
2024/7xxx/CVE-2024-7608.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An authenticated user can download sensitive files from NX, EX, FX, AX, IVX, and CMS using path traversal for the URL of network anomaly download_artifact."
"value": "An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal."
}
]
},