mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
9128565fe1
commit
77e2663e96
97
2024/39xxx/CVE-2024-39920.json
Normal file
97
2024/39xxx/CVE-2024-39920.json
Normal file
@ -0,0 +1,97 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2024-39920",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The TCP protocol in RFC 9293 has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system (to any server), when that client system is concurrently obtaining TCP data at a slow rate from an attacker-controlled server, aka the \"SnailLoad\" issue. For example, the attack can begin by measuring RTTs via the TCP segments whose role is to provide an ACK control bit and an Acknowledgment Number."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.snailload.com",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.snailload.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.snailload.com/snailload.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.snailload.com/snailload.pdf"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/IAIK/SnailLoad",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/IAIK/SnailLoad"
|
||||
},
|
||||
{
|
||||
"url": "https://www.rfc-editor.org/rfc/rfc9293.txt",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.rfc-editor.org/rfc/rfc9293.txt"
|
||||
},
|
||||
{
|
||||
"url": "https://www.tugraz.at/en/tu-graz/services/news-stories/tu-graz-news/singleview/article/neue-sicherheitsluecke-erlaubt-ueberwachung-besuchter-websites-und-angesehener-videos",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.tugraz.at/en/tu-graz/services/news-stories/tu-graz-news/singleview/article/neue-sicherheitsluecke-erlaubt-ueberwachung-besuchter-websites-und-angesehener-videos"
|
||||
},
|
||||
{
|
||||
"url": "https://twitter.com/tugraz/status/1805272833322299412",
|
||||
"refsource": "MISC",
|
||||
"name": "https://twitter.com/tugraz/status/1805272833322299412"
|
||||
},
|
||||
{
|
||||
"url": "https://news.ycombinator.com/item?id=40809629",
|
||||
"refsource": "MISC",
|
||||
"name": "https://news.ycombinator.com/item?id=40809629"
|
||||
},
|
||||
{
|
||||
"url": "https://www.instagram.com/p/C8wpO1UtExw/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.instagram.com/p/C8wpO1UtExw/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -1,17 +1,84 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-4543",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@wordfence.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to modify shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "aliakro",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Snippet Shortcodes",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "*",
|
||||
"version_value": "4.1.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/127b20c4-cd7c-4d04-b32f-bcc26beb2c35?source=cve",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/127b20c4-cd7c-4d04-b32f-bcc26beb2c35?source=cve"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/changeset/3110951?contextall=1",
|
||||
"refsource": "MISC",
|
||||
"name": "https://plugins.trac.wordpress.org/changeset/3110951?contextall=1"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Benedictus Jovan"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user