From ae90d24fe13d1463803447c0d3d8336ce7a2f0c6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 29 Jan 2025 08:01:01 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/13xxx/CVE-2024-13696.json | 86 ++++++++++++++++- 2024/57xxx/CVE-2024-57963.json | 18 ++++ 2024/57xxx/CVE-2024-57964.json | 18 ++++ 2024/7xxx/CVE-2024-7695.json | 165 ++++++++++++++++++++++++++++++++- 2025/0xxx/CVE-2025-0824.json | 18 ++++ 2025/24xxx/CVE-2025-24936.json | 18 ++++ 2025/24xxx/CVE-2025-24937.json | 18 ++++ 2025/24xxx/CVE-2025-24938.json | 18 ++++ 2025/24xxx/CVE-2025-24939.json | 18 ++++ 2025/24xxx/CVE-2025-24940.json | 18 ++++ 2025/24xxx/CVE-2025-24941.json | 18 ++++ 2025/24xxx/CVE-2025-24942.json | 18 ++++ 2025/24xxx/CVE-2025-24943.json | 18 ++++ 2025/24xxx/CVE-2025-24944.json | 18 ++++ 2025/24xxx/CVE-2025-24945.json | 18 ++++ 2025/24xxx/CVE-2025-24946.json | 18 ++++ 2025/24xxx/CVE-2025-24947.json | 18 ++++ 17 files changed, 513 insertions(+), 8 deletions(-) create mode 100644 2024/57xxx/CVE-2024-57963.json create mode 100644 2024/57xxx/CVE-2024-57964.json create mode 100644 2025/0xxx/CVE-2025-0824.json create mode 100644 2025/24xxx/CVE-2025-24936.json create mode 100644 2025/24xxx/CVE-2025-24937.json create mode 100644 2025/24xxx/CVE-2025-24938.json create mode 100644 2025/24xxx/CVE-2025-24939.json create mode 100644 2025/24xxx/CVE-2025-24940.json create mode 100644 2025/24xxx/CVE-2025-24941.json create mode 100644 2025/24xxx/CVE-2025-24942.json create mode 100644 2025/24xxx/CVE-2025-24943.json create mode 100644 2025/24xxx/CVE-2025-24944.json create mode 100644 2025/24xxx/CVE-2025-24945.json create mode 100644 2025/24xxx/CVE-2025-24946.json create mode 100644 2025/24xxx/CVE-2025-24947.json diff --git a/2024/13xxx/CVE-2024-13696.json b/2024/13xxx/CVE-2024-13696.json index ba2d1128dfb..ca14ac7ea4f 100644 --- a/2024/13xxx/CVE-2024-13696.json +++ b/2024/13xxx/CVE-2024-13696.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13696", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Flexible Wishlist for WooCommerce \u2013 Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018wishlist_name\u2019 parameter in all versions up to, and including, 1.2.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpdesk", + "product": { + "product_data": [ + { + "product_name": "Flexible Wishlist for WooCommerce \u2013 Ecommerce Wishlist & Save for later", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.2.25" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/112456a9-8bb6-4007-87da-6d0fba912498?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/112456a9-8bb6-4007-87da-6d0fba912498?source=cve" + }, + { + "url": "https://wordpress.org/plugins/flexible-wishlist/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/flexible-wishlist/#developers" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/flexible-wishlist/trunk/assets/js/front.js", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/flexible-wishlist/trunk/assets/js/front.js" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3230370/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3230370/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Tim Coen" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 7.2, + "baseSeverity": "HIGH" } ] } diff --git a/2024/57xxx/CVE-2024-57963.json b/2024/57xxx/CVE-2024-57963.json new file mode 100644 index 00000000000..39f06b34167 --- /dev/null +++ b/2024/57xxx/CVE-2024-57963.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-57963", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/57xxx/CVE-2024-57964.json b/2024/57xxx/CVE-2024-57964.json new file mode 100644 index 00000000000..8f99e2ed8b9 --- /dev/null +++ b/2024/57xxx/CVE-2024-57964.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-57964", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7695.json b/2024/7xxx/CVE-2024-7695.json index f485b02aae7..a27ed9bb203 100644 --- a/2024/7xxx/CVE-2024-7695.json +++ b/2024/7xxx/CVE-2024-7695.json @@ -1,17 +1,174 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7695", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@moxa.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack. \n\nThis vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent its potential exploitation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Moxa", + "product": { + "product_data": [ + { + "product_name": "PT-7728 Series", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0", + "version_value": "3.9" + } + ] + } + }, + { + "product_name": "PT-7828 Series", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0", + "version_value": "4.0" + } + ] + } + }, + { + "product_name": "PT-G503 Series", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0", + "version_value": "5.3" + } + ] + } + }, + { + "product_name": "PT-G510 Series", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0", + "version_value": "6.5" + } + ] + } + }, + { + "product_name": "PT-G7728 Series", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0", + "version_value": "6.4" + } + ] + } + }, + { + "product_name": "PT-G7828 Series", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0", + "version_value": "6.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches", + "refsource": "MISC", + "name": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

To mitigate the risks associated with this vulnerability, we recommend the following actions:

" + } + ], + "value": "To mitigate the risks associated with this vulnerability, we recommend the following actions: \n\n\n\n * Disable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Moxa has developed appropriate solutions to address this vulnerability. The solutions for affected products are listed in the following: 
" + } + ], + "value": "Moxa has developed appropriate solutions to address this vulnerability. The solutions for affected products are listed in the following:\u00a0\n * PT-7728 Series,\u00a0PT-7828 Series,\u00a0PT-G503 Series,\u00a0PT-G510 Series:\u00a0Please contact Moxa Technical Support https://www.moxa.com/support/support/technical-support for the security patch\u00a0\n\n * PT-G7728 Series: Upgrade to the firmware version 6.5 https://www.moxa.com/en/products/industrial-network-infrastructure/ethernet-switches/rackmount-switches/pt-g7728-series#resources or later\u00a0\n\n * PT-G7828 Series:\u00a0Upgrade to the firmware version 6.5 https://www.moxa.com/en/products/industrial-network-infrastructure/ethernet-switches/rackmount-switches/pt-g7828-series#resources or later" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0824.json b/2025/0xxx/CVE-2025-0824.json new file mode 100644 index 00000000000..ea75b6ff6ff --- /dev/null +++ b/2025/0xxx/CVE-2025-0824.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0824", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24936.json b/2025/24xxx/CVE-2025-24936.json new file mode 100644 index 00000000000..6c1ef8504a7 --- /dev/null +++ b/2025/24xxx/CVE-2025-24936.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24936", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24937.json b/2025/24xxx/CVE-2025-24937.json new file mode 100644 index 00000000000..bd826c82332 --- /dev/null +++ b/2025/24xxx/CVE-2025-24937.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24937", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24938.json b/2025/24xxx/CVE-2025-24938.json new file mode 100644 index 00000000000..0e68a46d178 --- /dev/null +++ b/2025/24xxx/CVE-2025-24938.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24938", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24939.json b/2025/24xxx/CVE-2025-24939.json new file mode 100644 index 00000000000..1210bafe46f --- /dev/null +++ b/2025/24xxx/CVE-2025-24939.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24939", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24940.json b/2025/24xxx/CVE-2025-24940.json new file mode 100644 index 00000000000..fed9cb1e570 --- /dev/null +++ b/2025/24xxx/CVE-2025-24940.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24940", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24941.json b/2025/24xxx/CVE-2025-24941.json new file mode 100644 index 00000000000..36ca691495b --- /dev/null +++ b/2025/24xxx/CVE-2025-24941.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24941", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24942.json b/2025/24xxx/CVE-2025-24942.json new file mode 100644 index 00000000000..ac994e26a9f --- /dev/null +++ b/2025/24xxx/CVE-2025-24942.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24942", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24943.json b/2025/24xxx/CVE-2025-24943.json new file mode 100644 index 00000000000..c7e9f1e09f3 --- /dev/null +++ b/2025/24xxx/CVE-2025-24943.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24943", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24944.json b/2025/24xxx/CVE-2025-24944.json new file mode 100644 index 00000000000..8f402779dc5 --- /dev/null +++ b/2025/24xxx/CVE-2025-24944.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24944", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24945.json b/2025/24xxx/CVE-2025-24945.json new file mode 100644 index 00000000000..a2cb2041e9d --- /dev/null +++ b/2025/24xxx/CVE-2025-24945.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24945", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24946.json b/2025/24xxx/CVE-2025-24946.json new file mode 100644 index 00000000000..ee61efa2602 --- /dev/null +++ b/2025/24xxx/CVE-2025-24946.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24946", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/24xxx/CVE-2025-24947.json b/2025/24xxx/CVE-2025-24947.json new file mode 100644 index 00000000000..ba045ef3a44 --- /dev/null +++ b/2025/24xxx/CVE-2025-24947.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-24947", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file