From 87b060bd85f985f30332dfb46ec60a731b8b9659 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 5 Nov 2024 13:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/10xxx/CVE-2024-10263.json | 76 +++++++++++++++++++++-- 2024/10xxx/CVE-2024-10840.json | 107 +++++++++++++++++++++++++++++++-- 2024/10xxx/CVE-2024-10850.json | 18 ++++++ 2024/10xxx/CVE-2024-10851.json | 18 ++++++ 2024/10xxx/CVE-2024-10852.json | 18 ++++++ 2024/10xxx/CVE-2024-10853.json | 18 ++++++ 2024/10xxx/CVE-2024-10854.json | 18 ++++++ 2024/10xxx/CVE-2024-10855.json | 18 ++++++ 2024/10xxx/CVE-2024-10856.json | 18 ++++++ 2024/47xxx/CVE-2024-47253.json | 2 +- 10 files changed, 302 insertions(+), 9 deletions(-) create mode 100644 2024/10xxx/CVE-2024-10850.json create mode 100644 2024/10xxx/CVE-2024-10851.json create mode 100644 2024/10xxx/CVE-2024-10852.json create mode 100644 2024/10xxx/CVE-2024-10853.json create mode 100644 2024/10xxx/CVE-2024-10854.json create mode 100644 2024/10xxx/CVE-2024-10855.json create mode 100644 2024/10xxx/CVE-2024-10856.json diff --git a/2024/10xxx/CVE-2024-10263.json b/2024/10xxx/CVE-2024-10263.json index 4ba9413f569..70faabbde3a 100644 --- a/2024/10xxx/CVE-2024-10263.json +++ b/2024/10xxx/CVE-2024-10263.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10263", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Tickera \u2013 WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "tickera", + "product": { + "product_data": [ + { + "product_name": "Tickera \u2013 WordPress Event Ticketing", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.5.4.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5e9249-9705-4cfa-9c8e-2e002190562b?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5e9249-9705-4cfa-9c8e-2e002190562b?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3179272/tickera-event-ticketing-system", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3179272/tickera-event-ticketing-system" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Arkadiusz Hydzik" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH" } ] } diff --git a/2024/10xxx/CVE-2024-10840.json b/2024/10xxx/CVE-2024-10840.json index 34a6e2c33b9..791fca1cc7c 100644 --- a/2024/10xxx/CVE-2024-10840.json +++ b/2024/10xxx/CVE-2024-10840.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10840", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in romadebrian WEB-Sekolah 1.0. Affected is an unknown function of the file /Admin/akun_edit.php of the component Backend. The manipulation of the argument kode leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in romadebrian WEB-Sekolah 1.0 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei /Admin/akun_edit.php der Komponente Backend. Dank Manipulation des Arguments kode mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization", + "cweId": "CWE-707" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "romadebrian", + "product": { + "product_data": [ + { + "product_name": "WEB-Sekolah", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.283086", + "refsource": "MISC", + "name": "https://vuldb.com/?id.283086" + }, + { + "url": "https://vuldb.com/?ctiid.283086", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.283086" + }, + { + "url": "https://github.com/2537463005/a/blob/main/WEB-Sekolah%E5%90%8E%E5%8F%B0%E5%AD%98%E5%82%A8%E5%9E%8Bxss.md", + "refsource": "MISC", + "name": "https://github.com/2537463005/a/blob/main/WEB-Sekolah%E5%90%8E%E5%8F%B0%E5%AD%98%E5%82%A8%E5%9E%8Bxss.md" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N" } ] } diff --git a/2024/10xxx/CVE-2024-10850.json b/2024/10xxx/CVE-2024-10850.json new file mode 100644 index 00000000000..414df9aa94c --- /dev/null +++ b/2024/10xxx/CVE-2024-10850.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10850", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10851.json b/2024/10xxx/CVE-2024-10851.json new file mode 100644 index 00000000000..75ae4215af8 --- /dev/null +++ b/2024/10xxx/CVE-2024-10851.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10851", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10852.json b/2024/10xxx/CVE-2024-10852.json new file mode 100644 index 00000000000..dd58e2db735 --- /dev/null +++ b/2024/10xxx/CVE-2024-10852.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10852", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10853.json b/2024/10xxx/CVE-2024-10853.json new file mode 100644 index 00000000000..b3b26118242 --- /dev/null +++ b/2024/10xxx/CVE-2024-10853.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10853", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10854.json b/2024/10xxx/CVE-2024-10854.json new file mode 100644 index 00000000000..b4ca10ef8b9 --- /dev/null +++ b/2024/10xxx/CVE-2024-10854.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10854", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10855.json b/2024/10xxx/CVE-2024-10855.json new file mode 100644 index 00000000000..df57f809777 --- /dev/null +++ b/2024/10xxx/CVE-2024-10855.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10855", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10856.json b/2024/10xxx/CVE-2024-10856.json new file mode 100644 index 00000000000..783eb71dd8f --- /dev/null +++ b/2024/10xxx/CVE-2024-10856.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10856", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47253.json b/2024/47xxx/CVE-2024-47253.json index 6a40a1907aa..ce90a1a4073 100644 --- a/2024/47xxx/CVE-2024-47253.json +++ b/2024/47xxx/CVE-2024-47253.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal \nvulnerability could allow an attacker to write files on the filesystem \nto achieve arbitrary remote code execution." + "value": "In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege roles." } ] },