admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-15 08:00:33 +00:00
parent 8fa0b1b1a6
commit 760111b261
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 300 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
2024/9xxx/CVE-2024-9137.json
View File

@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.12.1"
}
]
@ -52,8 +52,8 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.12.1"
}
]
@ -64,8 +64,8 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.12.1"
}
]
@ -76,8 +76,8 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.12.1"
}
]
@ -88,8 +88,8 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_affected": "<=",
"version_name": "1.0",
"version_value": "1.0.5"
}
]
@ -100,8 +100,8 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.9"
}
]
@ -112,8 +112,8 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.6"
}
]

32
2024/9xxx/CVE-2024-9139.json
View File

@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.12.1"
}
]
@ -52,8 +52,8 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.12.1"
}
]
@ -64,8 +64,8 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.12.1"
}
]
@ -76,8 +76,8 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.12.1"
}
]
@ -88,8 +88,8 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_affected": "<=",
"version_name": "1.0",
"version_value": "1.0.5"
}
]
@ -100,8 +100,8 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.9"
}
]
@ -112,8 +112,8 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.6"
}
]
@ -147,10 +147,10 @@
{
"base64": false,
"type": "text/html",
"value": "<p></p><ul><li>Minimize network exposure to ensure the device is not accessible from the Internet.</li><li><li>Limit web access to trusted IP addresses and networks by using firewall rules or TCP wrappers.</li></li><li>Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.</li></ul><p></p>\n\n\n<br>"
"value": "<p></p><ul><li>Minimize network exposure to ensure the device is not accessible from the Internet.</li><li>Limit web access to trusted IP addresses and networks by using firewall rules or TCP wrappers.</li><li>Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.</li></ul><p></p>\n\n\n<br>"
}
],
"value": "* Minimize network exposure to ensure the device is not accessible from the Internet.\n * * Limit web access to trusted IP addresses and networks by using firewall rules or TCP wrappers.\n\n * Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks."
"value": "* Minimize network exposure to ensure the device is not accessible from the Internet.\n * Limit web access to trusted IP addresses and networks by using firewall rules or TCP wrappers.\n * Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks."
}
],
"solution": [

86
2024/9xxx/CVE-2024-9837.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9837",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The The AADMY \u2013 Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "numanrki",
"product": {
"product_data": [
{
"product_name": "AADMY \u2013 Add Auto Date Month Year Into Posts",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb165cba-34a9-42d9-bfd5-31a290d02311?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb165cba-34a9-42d9-bfd5-31a290d02311?source=cve"
},
{
"url": "https://wordpress.org/plugins/auto-date-year-month/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/auto-date-year-month/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/browser/auto-date-year-month/trunk/auto-date-year-month.php#L218",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/auto-date-year-month/trunk/auto-date-year-month.php#L218"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3167908/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3167908/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
]
}

98
2024/9xxx/CVE-2024-9980.json
View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9980",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete database contents."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FormosaSoft",
"product": {
"product_data": [
{
"product_name": "ee-class",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "20240326.13r14494"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-8142-cf0d3-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-8142-cf0d3-1.html"
},
{
"url": "https://www.twcert.org.tw/en/cp-139-8143-53d30-2.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/en/cp-139-8143-53d30-2.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TVN-202410010",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version 20240326.13r14494 or later."
}
],
"value": "Update to version 20240326.13r14494 or later."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

98
2024/9xxx/CVE-2024-9981.json
View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9981",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')",
"cweId": "CWE-98"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FormosaSoft",
"product": {
"product_data": [
{
"product_name": "ee-class",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "20240326.13r14494"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-8144-2885b-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-8144-2885b-1.html"
},
{
"url": "https://www.twcert.org.tw/en/cp-139-8145-15bea-2.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/en/cp-139-8145-15bea-2.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TVN-202410011",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Update to version 20240326.13r14494 or later.</span>\n\n<br>"
}
],
"value": "Update to version 20240326.13r14494 or later."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}