admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-26 19:00:53 +00:00
parent 4b07879678
commit acdd17d053
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 278 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
2024/4xxx/CVE-2024-4278.json
View File

@ -40,19 +40,8 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.5",
"version_value": "17.2.8"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3.4"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4.1"
"version_affected": "=",
"version_value": "16.5"
}
]
}
@ -92,18 +81,18 @@
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}
]
}

81
2024/9xxx/CVE-2024-9177.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9177",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all versions up to, and including, 1.0.14, and up to, and including 1.0.15 for the plugin's themedy_button shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mahodder",
"product": {
"product_data": [
{
"product_name": "Themedy Toolbox",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.0.15"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/755e0998-0f0d-4259-881d-ed07aecb0b10?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/755e0998-0f0d-4259-881d-ed07aecb0b10?source=cve"
},
{
"url": "https://wordpress.org/plugins/themedy-toolbox/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/themedy-toolbox/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3157836/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3157836/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

97
2024/9xxx/CVE-2024-9198.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9198",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vulnerability in Clibo Manager v1.1.9.1 that could allow an attacker to execute an stored Cross-Site Scripting (stored XSS ) by uploading a malicious .svg image in the section: Profile > Profile picture."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Clibo Manager",
"product": {
"product_data": [
{
"product_name": "Clibo Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.9.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-clibo-manager",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-clibo-manager"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been fixed by the Clibo Manager team in version 1.1.9.12."
}
],
"value": "The vulnerability has been fixed by the Clibo Manager team in version 1.1.9.12."
}
],
"credits": [
{
"lang": "en",
"value": "David Padilla Alvarado"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
]
}

97
2024/9xxx/CVE-2024-9199.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9199",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rate limit vulnerability in Clibo Manager v1.1.9.2 that could allow an attacker to send a large number of emails to the victim in a short time, affecting availability and leading to a denial of service (DoS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-799: Improper Control of Interaction Frequency",
"cweId": "CWE-799"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Clibo Manager",
"product": {
"product_data": [
{
"product_name": "Clibo Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.9.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-clibo-manager",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-clibo-manager"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been fixed by the Clibo Manager team in version 1.1.9.12."
}
],
"value": "The vulnerability has been fixed by the Clibo Manager team in version 1.1.9.12."
}
],
"credits": [
{
"lang": "en",
"value": "David Padilla Alvarado"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
]
}

120
2024/9xxx/CVE-2024-9203.json
View File

@ -1,129 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9203",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 6.10.1 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in Enpass Password Manager bis 6.9.5 f\u00fcr Windows entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion. Durch Manipulieren mit unbekannten Daten kann eine cleartext storage of sensitive information in memory-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Ein Aktualisieren auf die Version 6.10.1 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information in Memory",
"cweId": "CWE-316"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Enpass",
"product": {
"product_data": [
{
"product_name": "Password Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.9.0"
},
{
"version_affected": "=",
"version_value": "6.9.1"
},
{
"version_affected": "=",
"version_value": "6.9.2"
},
{
"version_affected": "=",
"version_value": "6.9.3"
},
{
"version_affected": "=",
"version_value": "6.9.4"
},
{
"version_affected": "=",
"version_value": "6.9.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.278561",
"refsource": "MISC",
"name": "https://vuldb.com/?id.278561"
},
{
"url": "https://vuldb.com/?ctiid.278561",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.278561"
},
{
"url": "https://vuldb.com/?submit.411207",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.411207"
},
{
"url": "https://www.enpass.io/release-notes/windows-10-desktop/",
"refsource": "MISC",
"name": "https://www.enpass.io/release-notes/windows-10-desktop/"
}
]
},
"credits": [
{
"lang": "en",
"value": "efchatz (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.5,
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 1,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}