admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-06 11:00:35 +00:00
parent 09cae074a7
commit ad2a898dc8
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 605 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
2024/33xxx/CVE-2024-33975.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-33975",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via\u00a0'view' parameter in '/admin/products/index.php'."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Janobe",
"product": {
"product_data": [
{
"product_name": "E-Negosyo System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"credits": [
{
"lang": "en",
"value": "Rafael Pedrero"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

97
2024/33xxx/CVE-2024-33976.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-33976",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via\u00a0'id' parameter in '/admin/user/index.php'."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Janobe",
"product": {
"product_data": [
{
"product_name": "E-Negosyo System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"credits": [
{
"lang": "en",
"value": "Rafael Pedrero"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

97
2024/33xxx/CVE-2024-33977.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-33977",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'view' parameter in /admin/orders/index.php'."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Janobe",
"product": {
"product_data": [
{
"product_name": "E-Negosyo System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"credits": [
{
"lang": "en",
"value": "Rafael Pedrero"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

2
2024/6xxx/CVE-2024-6505.json
View File

@ -129,7 +129,7 @@
"work_around": [
{
"lang": "en",
"value": "A viable mitigation for this vulnerability is to disable RSS on the nic/virtio driver."
"value": "A viable mitigation for this vulnerability is to disable RSS on the nic/virtio driver. \nThis can be performed either with the following qemu-kvm command \"-device virtio-net-pci,rss=off\", or, alternatively, by directly modifying the KVM XML file to disable RSS using a standard configuration tool (ex. libvirt)."
}
],
"impact": {

224
2024/7xxx/CVE-2024-7246.json
View File

@ -1,18 +1,234 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7246",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@google.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values.\n\nThis occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table.\n\nPlease update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-440: Expected Behavior Violation",
"cweId": "CWE-440"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "gRPC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.53.0"
},
{
"version_affected": "=",
"version_value": "1.53.1"
},
{
"version_affected": "=",
"version_value": "1.53.2"
},
{
"version_affected": "=",
"version_value": "1.54.0"
},
{
"version_affected": "=",
"version_value": "1.54.1"
},
{
"version_affected": "=",
"version_value": "1.54.3"
},
{
"version_affected": "=",
"version_value": "1.55.0"
},
{
"version_affected": "=",
"version_value": "1.55.1"
},
{
"version_affected": "=",
"version_value": "1.55.3"
},
{
"version_affected": "=",
"version_value": "1.55.4"
},
{
"version_affected": "=",
"version_value": "1.56.0"
},
{
"version_affected": "=",
"version_value": "1.56.1"
},
{
"version_affected": "=",
"version_value": "1.56.2"
},
{
"version_affected": "=",
"version_value": "1.56.3"
},
{
"version_affected": "=",
"version_value": "1.56.4"
},
{
"version_affected": "=",
"version_value": "1.57.0"
},
{
"version_affected": "=",
"version_value": "1.57.1"
},
{
"version_affected": "=",
"version_value": "1.58.0"
},
{
"version_affected": "=",
"version_value": "1.58.1"
},
{
"version_affected": "=",
"version_value": "1.58.2"
},
{
"version_affected": "=",
"version_value": "1.59.0"
},
{
"version_affected": "=",
"version_value": "1.59.1"
},
{
"version_affected": "=",
"version_value": "1.59.2"
},
{
"version_affected": "=",
"version_value": "1.59.3"
},
{
"version_affected": "=",
"version_value": "1.59.4"
},
{
"version_affected": "=",
"version_value": "1.60.0"
},
{
"version_affected": "=",
"version_value": "1.60.1"
},
{
"version_affected": "=",
"version_value": "1.61.0"
},
{
"version_affected": "=",
"version_value": "1.61.1"
},
{
"version_affected": "=",
"version_value": "1.62.0"
},
{
"version_affected": "=",
"version_value": "1.61.2"
},
{
"version_affected": "=",
"version_value": "1.62.1"
},
{
"version_affected": "=",
"version_value": "1.62.2"
},
{
"version_affected": "=",
"version_value": "1.63.0"
},
{
"version_affected": "=",
"version_value": "1.63.1"
},
{
"version_affected": "=",
"version_value": "1.64.0"
},
{
"version_affected": "=",
"version_value": "1.64.1"
},
{
"version_affected": "=",
"version_value": "1.64.2"
},
{
"version_affected": "=",
"version_value": "1.65.0"
},
{
"version_affected": "=",
"version_value": "1.65.1"
},
{
"version_affected": "=",
"version_value": "1.65.2"
},
{
"version_affected": "=",
"version_value": "1.65.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/grpc/grpc/issues/36245",
"refsource": "MISC",
"name": "https://github.com/grpc/grpc/issues/36245"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

91
2024/7xxx/CVE-2024-7317.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7317",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Folders \u2013 Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "galdub",
"product": {
"product_data": [
{
"product_name": "Folders \u2013 Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2a2c069-5dc6-45e2-8ca1-842759d541c4?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2a2c069-5dc6-45e2-8ca1-842759d541c4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/folders/tags/3.0.3/includes/media.replace.php#L1296",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/folders/tags/3.0.3/includes/media.replace.php#L1296"
},
{
"url": "https://wordpress.org/plugins/folders/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/folders/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3130880/#file25",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3130880/#file25"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3130880/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3130880/"
}
]
},
"credits": [
{
"lang": "en",
"value": "wesley"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

18
2024/7xxx/CVE-2024-7556.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7556",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}