mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
3f1fc6aab8
commit
9dd66998ae
@ -35,7 +35,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the\n\"send\" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly\nuse this issue to execute arbitrary code with the privileges of the webserver.\n\nVersion 2.1.1 fixes the vulnerability."
|
||||
"value": "IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the \"send\" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue to execute arbitrary code with the privileges of the webserver. Version 2.1.1 fixes the vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -86,7 +86,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user.\n\nThis has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."
|
||||
"value": "In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -86,7 +86,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files.\n\nThis has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."
|
||||
"value": "In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -120,15 +120,15 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2"
|
||||
},
|
||||
{
|
||||
"name": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates",
|
||||
"refsource": "MISC",
|
||||
"url": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -86,7 +86,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution.\n\nThis has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."
|
||||
"value": "In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -120,15 +120,15 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw"
|
||||
},
|
||||
{
|
||||
"name": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates",
|
||||
"refsource": "MISC",
|
||||
"url": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -86,7 +86,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions.\n\nThis has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."
|
||||
"value": "In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -120,15 +120,15 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w"
|
||||
},
|
||||
{
|
||||
"name": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates",
|
||||
"refsource": "MISC",
|
||||
"url": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -86,7 +86,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks.\n\nThis has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."
|
||||
"value": "In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -120,15 +120,15 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c"
|
||||
},
|
||||
{
|
||||
"name": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates",
|
||||
"refsource": "MISC",
|
||||
"url": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -86,7 +86,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content.\n\nThis has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."
|
||||
"value": "In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -120,15 +120,15 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh"
|
||||
},
|
||||
{
|
||||
"name": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates",
|
||||
"refsource": "MISC",
|
||||
"url": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -38,7 +38,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's \"Privacy\" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is able to measure the time taken by this check to a high degree of accuracy could potentially use timing differences to gain knowledge of the password. This is understood to be feasible on a local network, but not on the public internet.\n\nPrivacy settings that restrict access to pages/documents on a per-user or per-group basis (as opposed to a shared password) are unaffected by this vulnerability.\n\nThis has been patched in 2.7.3, 2.8.2, 2.9."
|
||||
"value": "In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's \"Privacy\" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is able to measure the time taken by this check to a high degree of accuracy could potentially use timing differences to gain knowledge of the password. This is understood to be feasible on a local network, but not on the public internet. Privacy settings that restrict access to pages/documents on a per-user or per-group basis (as opposed to a shared password) are unaffected by this vulnerability. This has been patched in 2.7.3, 2.8.2, 2.9."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user