From a3a0fc4ca61e30f8d710cdd076c6b1e511555de5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 19 Apr 2024 03:00:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/31xxx/CVE-2022-31629.json | 5 +++ 2023/50xxx/CVE-2023-50967.json | 5 +++ 2024/24xxx/CVE-2024-24852.json | 18 ++++++++ 2024/27xxx/CVE-2024-27200.json | 18 ++++++++ 2024/28xxx/CVE-2024-28036.json | 18 ++++++++ 2024/28xxx/CVE-2024-28227.json | 18 ++++++++ 2024/28xxx/CVE-2024-28952.json | 18 ++++++++ 2024/28xxx/CVE-2024-28954.json | 18 ++++++++ 2024/29xxx/CVE-2024-29016.json | 18 ++++++++ 2024/29xxx/CVE-2024-29081.json | 18 ++++++++ 2024/29xxx/CVE-2024-29085.json | 18 ++++++++ 2024/29xxx/CVE-2024-29147.json | 18 ++++++++ 2024/3xxx/CVE-2024-3600.json | 75 ++++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3615.json | 75 ++++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3731.json | 75 ++++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3818.json | 75 ++++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3975.json | 18 ++++++++ 17 files changed, 492 insertions(+), 16 deletions(-) create mode 100644 2024/24xxx/CVE-2024-24852.json create mode 100644 2024/27xxx/CVE-2024-27200.json create mode 100644 2024/28xxx/CVE-2024-28036.json create mode 100644 2024/28xxx/CVE-2024-28227.json create mode 100644 2024/28xxx/CVE-2024-28952.json create mode 100644 2024/28xxx/CVE-2024-28954.json create mode 100644 2024/29xxx/CVE-2024-29016.json create mode 100644 2024/29xxx/CVE-2024-29081.json create mode 100644 2024/29xxx/CVE-2024-29085.json create mode 100644 2024/29xxx/CVE-2024-29147.json create mode 100644 2024/3xxx/CVE-2024-3975.json diff --git a/2022/31xxx/CVE-2022-31629.json b/2022/31xxx/CVE-2022-31629.json index f32f2a8cc95..e7f55615486 100644 --- a/2022/31xxx/CVE-2022-31629.json +++ b/2022/31xxx/CVE-2022-31629.json @@ -114,6 +114,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update", "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-b46619f761", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGWIK3HMBACERGB4TSBB2JUOMPYY2VKY/" } ] }, diff --git a/2023/50xxx/CVE-2023-50967.json b/2023/50xxx/CVE-2023-50967.json index 372d3c54b72..65c98f46236 100644 --- a/2023/50xxx/CVE-2023-50967.json +++ b/2023/50xxx/CVE-2023-50967.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md", "url": "https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-a94b67a7b2", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OOBFVMOAV732C7PY74AHJ62ZNKT3ISZ6/" } ] } diff --git a/2024/24xxx/CVE-2024-24852.json b/2024/24xxx/CVE-2024-24852.json new file mode 100644 index 00000000000..8efe225d682 --- /dev/null +++ b/2024/24xxx/CVE-2024-24852.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24852", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/27xxx/CVE-2024-27200.json b/2024/27xxx/CVE-2024-27200.json new file mode 100644 index 00000000000..9fd84c939ac --- /dev/null +++ b/2024/27xxx/CVE-2024-27200.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-27200", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28036.json b/2024/28xxx/CVE-2024-28036.json new file mode 100644 index 00000000000..4b6230c3be4 --- /dev/null +++ b/2024/28xxx/CVE-2024-28036.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28036", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28227.json b/2024/28xxx/CVE-2024-28227.json new file mode 100644 index 00000000000..4e390f98a0d --- /dev/null +++ b/2024/28xxx/CVE-2024-28227.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28227", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28952.json b/2024/28xxx/CVE-2024-28952.json new file mode 100644 index 00000000000..1f9040e89f5 --- /dev/null +++ b/2024/28xxx/CVE-2024-28952.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28952", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28954.json b/2024/28xxx/CVE-2024-28954.json new file mode 100644 index 00000000000..56496aa6120 --- /dev/null +++ b/2024/28xxx/CVE-2024-28954.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28954", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29016.json b/2024/29xxx/CVE-2024-29016.json new file mode 100644 index 00000000000..5a89522dd07 --- /dev/null +++ b/2024/29xxx/CVE-2024-29016.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29016", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29081.json b/2024/29xxx/CVE-2024-29081.json new file mode 100644 index 00000000000..a1f67f65d16 --- /dev/null +++ b/2024/29xxx/CVE-2024-29081.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29081", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29085.json b/2024/29xxx/CVE-2024-29085.json new file mode 100644 index 00000000000..51698a6dfe1 --- /dev/null +++ b/2024/29xxx/CVE-2024-29085.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29085", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29147.json b/2024/29xxx/CVE-2024-29147.json new file mode 100644 index 00000000000..9335eaf7301 --- /dev/null +++ b/2024/29xxx/CVE-2024-29147.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29147", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3600.json b/2024/3xxx/CVE-2024-3600.json index 66bce72f080..78475c0b8d6 100644 --- a/2024/3xxx/CVE-2024-3600.json +++ b/2024/3xxx/CVE-2024-3600.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3600", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Poll Maker \u2013 Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to create quizzes and inject malicious web scripts into them that execute when a user visits the page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ays-pro", + "product": { + "product_data": [ + { + "product_name": "Poll Maker \u2013 Best WordPress Poll Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.1.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fec015e1-7f64-4917-a242-90bd1135f680?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fec015e1-7f64-4917-a242-90bd1135f680?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3071296%40poll-maker&new=3071296%40poll-maker&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3071296%40poll-maker&new=3071296%40poll-maker&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 7.2, + "baseSeverity": "HIGH" } ] } diff --git a/2024/3xxx/CVE-2024-3615.json b/2024/3xxx/CVE-2024-3615.json index 268afff6db4..c99f211aef2 100644 --- a/2024/3xxx/CVE-2024-3615.json +++ b/2024/3xxx/CVE-2024-3615.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3615", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 8.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "maxfoundry", + "product": { + "product_data": [ + { + "product_name": "Media Library Folders", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "8.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f550bac-b047-4276-bde5-c15bfd4ceb49?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f550bac-b047-4276-bde5-c15bfd4ceb49?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3072498%40media-library-plus&new=3072498%40media-library-plus&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3072498%40media-library-plus&new=3072498%40media-library-plus&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/3xxx/CVE-2024-3731.json b/2024/3xxx/CVE-2024-3731.json index 992008e383d..b0e5d9ac382 100644 --- a/2024/3xxx/CVE-2024-3731.json +++ b/2024/3xxx/CVE-2024-3731.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3731", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ivole", + "product": { + "product_data": [ + { + "product_name": "Customer Reviews for WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.47.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c3489038-2833-4080-b802-5733afab5de8?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c3489038-2833-4080-b802-5733afab5de8?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3072688/customer-reviews-woocommerce/trunk/includes/reminders/class-cr-reminders-log-table.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3072688/customer-reviews-woocommerce/trunk/includes/reminders/class-cr-reminders-log-table.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/3xxx/CVE-2024-3818.json b/2024/3xxx/CVE-2024-3818.json index e9f708f02cd..f6d1cbe14ac 100644 --- a/2024/3xxx/CVE-2024-3818.json +++ b/2024/3xxx/CVE-2024-3818.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3818", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's \"Social Icons\" block in all versions up to, and including, 4.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpdevteam", + "product": { + "product_data": [ + { + "product_name": "Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.5.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6b226067-0287-4f7e-9415-dc3c83f2fd27?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6b226067-0287-4f7e-9415-dc3c83f2fd27?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3072932/essential-blocks/tags/4.5.10/blocks/social/src/components/depricated-social-links-1.js", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3072932/essential-blocks/tags/4.5.10/blocks/social/src/components/depricated-social-links-1.js" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Jo\u00e3o Pedro Soares de Alc\u00e2ntara" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/3xxx/CVE-2024-3975.json b/2024/3xxx/CVE-2024-3975.json new file mode 100644 index 00000000000..20303c0a9ff --- /dev/null +++ b/2024/3xxx/CVE-2024-3975.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3975", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file