diff --git a/2022/33xxx/CVE-2022-33324.json b/2022/33xxx/CVE-2022-33324.json index 36acc61aa35..6a83fc15091 100644 --- a/2022/33xxx/CVE-2022-33324.json +++ b/2022/33xxx/CVE-2022-33324.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions \"32\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"65\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions \"29\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions \"17\" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW all versions allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery." + "value": "Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions \"32\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"65\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions \"29\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions \"17\" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions \"07\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery." } ] }, @@ -69,7 +69,7 @@ } }, { - "product_name": "MELSEC iQ-R Series R04(EN)CPU", + "product_name": "MELSEC iQ-R Series R04CPU", "version": { "version_data": [ { @@ -80,7 +80,7 @@ } }, { - "product_name": "MELSEC iQ-R Series R08(EN)CPU", + "product_name": "MELSEC iQ-R Series R08CPU", "version": { "version_data": [ { @@ -91,7 +91,7 @@ } }, { - "product_name": "MELSEC iQ-R Series R16(EN)CPU", + "product_name": "MELSEC iQ-R Series R16CPU", "version": { "version_data": [ { @@ -102,7 +102,7 @@ } }, { - "product_name": "MELSEC iQ-R Series R32(EN)CPU", + "product_name": "MELSEC iQ-R Series R32CPU", "version": { "version_data": [ { @@ -113,7 +113,62 @@ } }, { - "product_name": "MELSEC iQ-R Series R120(EN)CPU", + "product_name": "MELSEC iQ-R Series R120CPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Firmware versions \"65\" and prior" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R04ENCPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Firmware versions \"65\" and prior" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R08ENCPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Firmware versions \"65\" and prior" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R16ENCPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Firmware versions \"65\" and prior" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R32ENCPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Firmware versions \"65\" and prior" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R120ENCPU", "version": { "version_data": [ { @@ -228,7 +283,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "All versions" + "version_value": "Firmware versions \"07\" and prior" } ] } diff --git a/2024/1xxx/CVE-2024-1249.json b/2024/1xxx/CVE-2024-1249.json index 19aed553262..f553d79c588 100644 --- a/2024/1xxx/CVE-2024-1249.json +++ b/2024/1xxx/CVE-2024-1249.json @@ -425,7 +425,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "affected" + "defaultStatus": "unaffected" } } ] diff --git a/2024/36xxx/CVE-2024-36014.json b/2024/36xxx/CVE-2024-36014.json index c40e014e23b..57c69d553c6 100644 --- a/2024/36xxx/CVE-2024-36014.json +++ b/2024/36xxx/CVE-2024-36014.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "8cbc5caf36ef", - "version_value": "a1f95aede628" + "version_value": "b77620730f61" }, { "version_value": "not down converted", @@ -57,6 +57,18 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.8.12", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.3", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.10-rc1", "lessThanOrEqual": "*", @@ -78,6 +90,16 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/b77620730f614059db2470e8ebab3e725280fc6d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b77620730f614059db2470e8ebab3e725280fc6d" + }, + { + "url": "https://git.kernel.org/stable/c/93f76ec1eddce60dbb5885cbc0d7df54adee4639", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/93f76ec1eddce60dbb5885cbc0d7df54adee4639" + }, { "url": "https://git.kernel.org/stable/c/a1f95aede6285dba6dd036d907196f35ae3a11ea", "refsource": "MISC", diff --git a/2024/36xxx/CVE-2024-36016.json b/2024/36xxx/CVE-2024-36016.json index 5aee0fdaa58..c20e8033cfc 100644 --- a/2024/36xxx/CVE-2024-36016.json +++ b/2024/36xxx/CVE-2024-36016.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "e1eaea46bb40", - "version_value": "47388e807f85" + "version_value": "f126ce7305fe" }, { "version_value": "not down converted", @@ -57,6 +57,18 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.8.12", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9.3", + "lessThanOrEqual": "6.9.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.10-rc1", "lessThanOrEqual": "*", @@ -78,6 +90,16 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/f126ce7305fe88f49cdabc6db4168b9318898ea3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f126ce7305fe88f49cdabc6db4168b9318898ea3" + }, + { + "url": "https://git.kernel.org/stable/c/b890d45aaf02b564e6cae2d2a590f9649330857d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b890d45aaf02b564e6cae2d2a590f9649330857d" + }, { "url": "https://git.kernel.org/stable/c/47388e807f85948eefc403a8a5fdc5b406a65d5a", "refsource": "MISC", diff --git a/2024/4xxx/CVE-2024-4668.json b/2024/4xxx/CVE-2024-4668.json index fa32cdd85ed..49e0799783c 100644 --- a/2024/4xxx/CVE-2024-4668.json +++ b/2024/4xxx/CVE-2024-4668.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-4668", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Price Table and Post Slider widgets in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "celomitan", + "product": { + "product_data": [ + { + "product_name": "Gum Elementor Addon", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b4effc8-7b24-4a6c-a161-176a22de6d6a?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b4effc8-7b24-4a6c-a161-176a22de6d6a?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/gum-elementor-addon/trunk/widgets/pricetable.php#L2013", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/gum-elementor-addon/trunk/widgets/pricetable.php#L2013" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/gum-elementor-addon/trunk/widgets/post_slider.php#L2353", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/gum-elementor-addon/trunk/widgets/post_slider.php#L2353" + }, + { + "url": "https://wordpress.org/plugins/gum-elementor-addon/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/gum-elementor-addon/#developers" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3093511/#file48", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3093511/#file48" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Matthew Rollings" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/5xxx/CVE-2024-5526.json b/2024/5xxx/CVE-2024-5526.json new file mode 100644 index 00000000000..8b709b1a626 --- /dev/null +++ b/2024/5xxx/CVE-2024-5526.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5526", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file