mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
"-Synchronized-Data."
This commit is contained in:
parent
5b1436418a
commit
a11c6f542e
@ -1,17 +1,85 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2090",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@wordfence.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remote_content shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-918 Server-Side Request Forgery (SSRF)",
|
||||
"cweId": "CWE-918"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "doublesharp",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Remote Content Shortcode",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "*",
|
||||
"version_value": "1.5"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ec93f360-2eed-4858-b36f-8cc17f7b4ac1?source=cve",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ec93f360-2eed-4858-b36f-8cc17f7b4ac1?source=cve"
|
||||
},
|
||||
{
|
||||
"url": "https://wordpress.org/plugins/remote-content-shortcode/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://wordpress.org/plugins/remote-content-shortcode/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Francesco Carlucci"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
|
||||
"baseScore": 6.4,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,17 +1,222 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-7339",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "In TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /queryDevInfo. Dank der Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-200 Information Disclosure",
|
||||
"cweId": "CWE-200"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "TVT",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "DVR TD-2104TS-CL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.3.20657B180918.D06.U2(4A41T)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.22966B181219.D00.U1(4A21S)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.22966B181219.D14.U1(8A41T)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.22966B181219.D44.U1(16A82T)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.24513B190218.D00.U1(8A21S)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.24879B190222.D00.U2(8A21S)"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DVR TD-2108TS-HP",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.3.20657B180918.D06.U2(4A41T)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.22966B181219.D00.U1(4A21S)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.22966B181219.D14.U1(8A41T)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.22966B181219.D44.U1(16A82T)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.24513B190218.D00.U1(8A21S)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.24879B190222.D00.U2(8A21S)"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Provision-ISR DVR SH-4050A5-5L(MM)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.3.20657B180918.D06.U2(4A41T)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.22966B181219.D00.U1(4A21S)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.22966B181219.D14.U1(8A41T)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.22966B181219.D44.U1(16A82T)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.24513B190218.D00.U1(8A21S)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.24879B190222.D00.U2(8A21S)"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "AVISION DVR AV108T",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.3.20657B180918.D06.U2(4A41T)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.22966B181219.D00.U1(4A21S)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.22966B181219.D14.U1(8A41T)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.22966B181219.D44.U1(16A82T)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.24513B190218.D00.U1(8A21S)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.3.4.24879B190222.D00.U2(8A21S)"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://vuldb.com/?id.273262",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.273262"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.273262",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?ctiid.273262"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.379373",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?submit.379373"
|
||||
},
|
||||
{
|
||||
"url": "https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-TVT-DVR-fad1cce703d946969be5130bf3aaac0d?pvs=4",
|
||||
"refsource": "MISC",
|
||||
"name": "https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-TVT-DVR-fad1cce703d946969be5130bf3aaac0d?pvs=4"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "netsecfish (VulDB User)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"baseScore": 5.3,
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
{
|
||||
"version": "3.0",
|
||||
"baseScore": 5.3,
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 5,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,17 +1,109 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-7342",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273273 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "Es wurde eine Schwachstelle in Baidu UEditor 1.4.3.3 ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /ueditor/php/controller.php?action=uploadfile&encode=utf-8. Dank der Manipulation des Arguments upfile mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-434 Unrestricted Upload",
|
||||
"cweId": "CWE-434"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Baidu",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "UEditor",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.4.3.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://vuldb.com/?id.273273",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.273273"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.273273",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?ctiid.273273"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.380092",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?submit.380092"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/Hebing123/cve/issues/62",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/Hebing123/cve/issues/62"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "jiashenghe (VulDB User)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"baseScore": 3.5,
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
|
||||
"baseSeverity": "LOW"
|
||||
},
|
||||
{
|
||||
"version": "3.0",
|
||||
"baseScore": 3.5,
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
|
||||
"baseSeverity": "LOW"
|
||||
},
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 4,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user