admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-18 17:00:33 +00:00
parent 89ac082c5a
commit b19f3f6c0f
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
32 changed files with 2719 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

269
2020/26xxx/CVE-2020-26062.json
View File

@ -1,17 +1,278 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26062",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application.\r\nThe vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Observable Discrepancy",
"cweId": "CWE-203"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Unified Computing System (Managed)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0(1a)"
},
{
"version_affected": "=",
"version_value": "3.2(3n)"
},
{
"version_affected": "=",
"version_value": "4.1(1a)"
},
{
"version_affected": "=",
"version_value": "4.1(1b)"
},
{
"version_affected": "=",
"version_value": "4.0(4h)"
},
{
"version_affected": "=",
"version_value": "4.1(1c)"
},
{
"version_affected": "=",
"version_value": "3.2(3k)"
},
{
"version_affected": "=",
"version_value": "3.2(2c)"
},
{
"version_affected": "=",
"version_value": "4.0(4e)"
},
{
"version_affected": "=",
"version_value": "4.0(4g)"
},
{
"version_affected": "=",
"version_value": "3.2(3i)"
},
{
"version_affected": "=",
"version_value": "4.0(2e)"
},
{
"version_affected": "=",
"version_value": "3.2(3g)"
},
{
"version_affected": "=",
"version_value": "4.0(4a)"
},
{
"version_affected": "=",
"version_value": "4.0(2d)"
},
{
"version_affected": "=",
"version_value": "3.2(2d)"
},
{
"version_affected": "=",
"version_value": "4.0(1b)"
},
{
"version_affected": "=",
"version_value": "4.0(4f)"
},
{
"version_affected": "=",
"version_value": "3.2(3h)"
},
{
"version_affected": "=",
"version_value": "3.2(2f)"
},
{
"version_affected": "=",
"version_value": "4.0(4c)"
},
{
"version_affected": "=",
"version_value": "3.2(3a)"
},
{
"version_affected": "=",
"version_value": "4.0(1c)"
},
{
"version_affected": "=",
"version_value": "3.2(3d)"
},
{
"version_affected": "=",
"version_value": "3.2(2b)"
},
{
"version_affected": "=",
"version_value": "4.0(4b)"
},
{
"version_affected": "=",
"version_value": "3.2(2e)"
},
{
"version_affected": "=",
"version_value": "4.0(2b)"
},
{
"version_affected": "=",
"version_value": "4.0(4d)"
},
{
"version_affected": "=",
"version_value": "3.2(1d)"
},
{
"version_affected": "=",
"version_value": "3.2(3e)"
},
{
"version_affected": "=",
"version_value": "3.2(3l)"
},
{
"version_affected": "=",
"version_value": "3.2(3b)"
},
{
"version_affected": "=",
"version_value": "4.0(2a)"
},
{
"version_affected": "=",
"version_value": "3.2(3j)"
},
{
"version_affected": "=",
"version_value": "4.0(1d)"
},
{
"version_affected": "=",
"version_value": "3.2(3o)"
},
{
"version_affected": "=",
"version_value": "4.0(4i)"
},
{
"version_affected": "=",
"version_value": "4.1(1d)"
},
{
"version_affected": "=",
"version_value": "4.1(2a)"
},
{
"version_affected": "=",
"version_value": "4.1(1e)"
},
{
"version_affected": "=",
"version_value": "3.2(3p)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-enum-CyheP3B7",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-enum-CyheP3B7"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL"
}
]
},
"source": {
"advisory": "cisco-sa-cimc-enum-CyheP3B7",
"discovery": "EXTERNAL",
"defects": [
"CSCvv07275"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/RL:X/RC:X/E:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

268
2020/26xxx/CVE-2020-26063.json
View File

@ -1,17 +1,277 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26063",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization.\r\nThe vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affected system.There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Unified Computing System (Managed)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0(1a)"
},
{
"version_affected": "=",
"version_value": "3.2(3n)"
},
{
"version_affected": "=",
"version_value": "4.1(1a)"
},
{
"version_affected": "=",
"version_value": "4.1(1b)"
},
{
"version_affected": "=",
"version_value": "4.0(4h)"
},
{
"version_affected": "=",
"version_value": "4.1(1c)"
},
{
"version_affected": "=",
"version_value": "3.2(3k)"
},
{
"version_affected": "=",
"version_value": "3.2(2c)"
},
{
"version_affected": "=",
"version_value": "4.0(4e)"
},
{
"version_affected": "=",
"version_value": "4.0(4g)"
},
{
"version_affected": "=",
"version_value": "3.2(3i)"
},
{
"version_affected": "=",
"version_value": "4.0(2e)"
},
{
"version_affected": "=",
"version_value": "3.2(3g)"
},
{
"version_affected": "=",
"version_value": "4.0(4a)"
},
{
"version_affected": "=",
"version_value": "4.0(2d)"
},
{
"version_affected": "=",
"version_value": "3.2(2d)"
},
{
"version_affected": "=",
"version_value": "4.0(1b)"
},
{
"version_affected": "=",
"version_value": "4.0(4f)"
},
{
"version_affected": "=",
"version_value": "3.2(3h)"
},
{
"version_affected": "=",
"version_value": "3.2(2f)"
},
{
"version_affected": "=",
"version_value": "4.0(4c)"
},
{
"version_affected": "=",
"version_value": "3.2(3a)"
},
{
"version_affected": "=",
"version_value": "4.0(1c)"
},
{
"version_affected": "=",
"version_value": "3.2(3d)"
},
{
"version_affected": "=",
"version_value": "3.2(2b)"
},
{
"version_affected": "=",
"version_value": "4.0(4b)"
},
{
"version_affected": "=",
"version_value": "3.2(2e)"
},
{
"version_affected": "=",
"version_value": "4.0(2b)"
},
{
"version_affected": "=",
"version_value": "4.0(4d)"
},
{
"version_affected": "=",
"version_value": "3.2(1d)"
},
{
"version_affected": "=",
"version_value": "3.2(3e)"
},
{
"version_affected": "=",
"version_value": "3.2(3l)"
},
{
"version_affected": "=",
"version_value": "3.2(3b)"
},
{
"version_affected": "=",
"version_value": "4.0(2a)"
},
{
"version_affected": "=",
"version_value": "3.2(3j)"
},
{
"version_affected": "=",
"version_value": "4.0(1d)"
},
{
"version_affected": "=",
"version_value": "3.2(3o)"
},
{
"version_affected": "=",
"version_value": "4.0(4i)"
},
{
"version_affected": "=",
"version_value": "4.1(1d)"
},
{
"version_affected": "=",
"version_value": "4.1(2a)"
},
{
"version_affected": "=",
"version_value": "4.1(1e)"
},
{
"version_affected": "=",
"version_value": "3.2(3p)"
},
{
"version_affected": "=",
"version_value": "4.1(2b)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD"
}
]
},
"source": {
"advisory": "cisco-sa-cimc-auth-zWkppJxL",
"discovery": "EXTERNAL",
"defects": [
"CSCvv07287"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/RL:X/RC:X/E:X",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

261
2020/26xxx/CVE-2020-26066.json
View File

@ -1,17 +1,270 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26066",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system.\r\nThe vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of XML External Entity Reference",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Catalyst SD-WAN Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20.1.12"
},
{
"version_affected": "=",
"version_value": "19.2.1"
},
{
"version_affected": "=",
"version_value": "18.4.4"
},
{
"version_affected": "=",
"version_value": "18.4.5"
},
{
"version_affected": "=",
"version_value": "20.1.1.1"
},
{
"version_affected": "=",
"version_value": "20.1.1"
},
{
"version_affected": "=",
"version_value": "19.3.0"
},
{
"version_affected": "=",
"version_value": "19.2.2"
},
{
"version_affected": "=",
"version_value": "19.2.099"
},
{
"version_affected": "=",
"version_value": "18.3.6"
},
{
"version_affected": "=",
"version_value": "18.3.7"
},
{
"version_affected": "=",
"version_value": "19.2.0"
},
{
"version_affected": "=",
"version_value": "18.3.8"
},
{
"version_affected": "=",
"version_value": "19.0.0"
},
{
"version_affected": "=",
"version_value": "19.1.0"
},
{
"version_affected": "=",
"version_value": "18.4.302"
},
{
"version_affected": "=",
"version_value": "18.4.303"
},
{
"version_affected": "=",
"version_value": "19.2.097"
},
{
"version_affected": "=",
"version_value": "19.2.098"
},
{
"version_affected": "=",
"version_value": "17.2.10"
},
{
"version_affected": "=",
"version_value": "18.3.6.1"
},
{
"version_affected": "=",
"version_value": "19.0.1a"
},
{
"version_affected": "=",
"version_value": "18.2.0"
},
{
"version_affected": "=",
"version_value": "18.4.3"
},
{
"version_affected": "=",
"version_value": "18.4.1"
},
{
"version_affected": "=",
"version_value": "17.2.8"
},
{
"version_affected": "=",
"version_value": "18.3.3.1"
},
{
"version_affected": "=",
"version_value": "18.4.0"
},
{
"version_affected": "=",
"version_value": "18.3.1"
},
{
"version_affected": "=",
"version_value": "17.2.6"
},
{
"version_affected": "=",
"version_value": "17.2.9"
},
{
"version_affected": "=",
"version_value": "18.3.4"
},
{
"version_affected": "=",
"version_value": "17.2.5"
},
{
"version_affected": "=",
"version_value": "18.3.1.1"
},
{
"version_affected": "=",
"version_value": "18.3.5"
},
{
"version_affected": "=",
"version_value": "18.4.0.1"
},
{
"version_affected": "=",
"version_value": "18.3.3"
},
{
"version_affected": "=",
"version_value": "17.2.7"
},
{
"version_affected": "=",
"version_value": "17.2.4"
},
{
"version_affected": "=",
"version_value": "18.3.0"
},
{
"version_affected": "=",
"version_value": "19.2.3"
},
{
"version_affected": "=",
"version_value": "18.4.501_ES"
},
{
"version_affected": "=",
"version_value": "20.3.1"
},
{
"version_affected": "=",
"version_value": "19.2.929"
},
{
"version_affected": "=",
"version_value": "19.2.31"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD"
}
]
},
"source": {
"advisory": "cisco-sa-vmanx3-vrZbOqqD",
"discovery": "EXTERNAL",
"defects": [
"CSCvv09746"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

85
2020/26xxx/CVE-2020-26067.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26067",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks.\r\nThe vulnerability is due to improper validation of usernames. An attacker could exploit this vulnerability by creating an account that contains malicious HTML or script content and joining a space using the malicious account name. A successful exploit could allow the attacker to conduct cross-site scripting attacks and potentially gain access to sensitive browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"cweId": "CWE-80"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Webex Teams",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "N/A"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3"
}
]
},
"source": {
"advisory": "cisco-sa-webex-teams-xss-zLW9tD3",
"discovery": "EXTERNAL",
"defects": [
"CSCvv40214"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/RL:X/RC:X/E:X",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

698
2020/26xxx/CVE-2020-26071.json
View File

@ -1,17 +1,707 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26071",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition.\r\nThe vulnerability is due to insufficient input validation for specific commands. An attacker could exploit this vulnerability by including crafted arguments to those specific commands. A successful exploit could allow the attacker to create or overwrite arbitrary files on the affected device, which could result in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Catalyst SD-WAN Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20.1.12"
},
{
"version_affected": "=",
"version_value": "19.2.1"
},
{
"version_affected": "=",
"version_value": "18.4.4"
},
{
"version_affected": "=",
"version_value": "18.4.5"
},
{
"version_affected": "=",
"version_value": "20.1.1.1"
},
{
"version_affected": "=",
"version_value": "20.1.1"
},
{
"version_affected": "=",
"version_value": "19.3.0"
},
{
"version_affected": "=",
"version_value": "19.2.2"
},
{
"version_affected": "=",
"version_value": "19.2.099"
},
{
"version_affected": "=",
"version_value": "18.3.6"
},
{
"version_affected": "=",
"version_value": "18.3.7"
},
{
"version_affected": "=",
"version_value": "19.2.0"
},
{
"version_affected": "=",
"version_value": "18.3.8"
},
{
"version_affected": "=",
"version_value": "19.0.0"
},
{
"version_affected": "=",
"version_value": "19.1.0"
},
{
"version_affected": "=",
"version_value": "18.4.302"
},
{
"version_affected": "=",
"version_value": "18.4.303"
},
{
"version_affected": "=",
"version_value": "19.2.097"
},
{
"version_affected": "=",
"version_value": "19.2.098"
},
{
"version_affected": "=",
"version_value": "17.2.10"
},
{
"version_affected": "=",
"version_value": "18.3.6.1"
},
{
"version_affected": "=",
"version_value": "19.0.1a"
},
{
"version_affected": "=",
"version_value": "18.2.0"
},
{
"version_affected": "=",
"version_value": "18.4.3"
},
{
"version_affected": "=",
"version_value": "18.4.1"
},
{
"version_affected": "=",
"version_value": "17.2.8"
},
{
"version_affected": "=",
"version_value": "18.3.3.1"
},
{
"version_affected": "=",
"version_value": "18.4.0"
},
{
"version_affected": "=",
"version_value": "18.3.1"
},
{
"version_affected": "=",
"version_value": "17.2.6"
},
{
"version_affected": "=",
"version_value": "17.2.9"
},
{
"version_affected": "=",
"version_value": "18.3.4"
},
{
"version_affected": "=",
"version_value": "17.2.5"
},
{
"version_affected": "=",
"version_value": "18.3.1.1"
},
{
"version_affected": "=",
"version_value": "18.3.5"
},
{
"version_affected": "=",
"version_value": "18.4.0.1"
},
{
"version_affected": "=",
"version_value": "18.3.3"
},
{
"version_affected": "=",
"version_value": "17.2.7"
},
{
"version_affected": "=",
"version_value": "17.2.4"
},
{
"version_affected": "=",
"version_value": "18.3.0"
},
{
"version_affected": "=",
"version_value": "19.2.3"
},
{
"version_affected": "=",
"version_value": "18.4.501_ES"
}
]
}
},
{
"product_name": "Cisco SD-WAN vContainer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "18.4.5"
},
{
"version_affected": "=",
"version_value": "20.1.12"
},
{
"version_affected": "=",
"version_value": "18.3.6"
},
{
"version_affected": "=",
"version_value": "19.2.1"
},
{
"version_affected": "=",
"version_value": "19.3.0"
},
{
"version_affected": "=",
"version_value": "20.1.1"
},
{
"version_affected": "=",
"version_value": "19.2.2"
},
{
"version_affected": "=",
"version_value": "18.3.8"
},
{
"version_affected": "=",
"version_value": "18.4.3"
},
{
"version_affected": "=",
"version_value": "18.4.4"
},
{
"version_affected": "=",
"version_value": "18.4.302"
},
{
"version_affected": "=",
"version_value": "19.1.0"
},
{
"version_affected": "=",
"version_value": "18.4.303"
},
{
"version_affected": "=",
"version_value": "19.2.0"
},
{
"version_affected": "=",
"version_value": "19.2.098"
},
{
"version_affected": "=",
"version_value": "17.2.10"
},
{
"version_affected": "=",
"version_value": "18.3.7"
},
{
"version_affected": "=",
"version_value": "18.3.1"
},
{
"version_affected": "=",
"version_value": "19.2.099"
},
{
"version_affected": "=",
"version_value": "19.2.097"
},
{
"version_affected": "=",
"version_value": "18.3.4"
},
{
"version_affected": "=",
"version_value": "18.2.0"
},
{
"version_affected": "=",
"version_value": "18.3.5"
},
{
"version_affected": "=",
"version_value": "18.4.1"
},
{
"version_affected": "=",
"version_value": "17.2.5"
},
{
"version_affected": "=",
"version_value": "17.2.7"
},
{
"version_affected": "=",
"version_value": "17.2.8"
},
{
"version_affected": "=",
"version_value": "17.2.9"
},
{
"version_affected": "=",
"version_value": "18.4.0"
},
{
"version_affected": "=",
"version_value": "17.2.6"
},
{
"version_affected": "=",
"version_value": "18.3.0"
},
{
"version_affected": "=",
"version_value": "17.2.4"
},
{
"version_affected": "=",
"version_value": "18.3.3"
},
{
"version_affected": "=",
"version_value": "19.2.3"
}
]
}
},
{
"product_name": "Cisco SD-WAN vEdge Cloud",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "19.2.1"
},
{
"version_affected": "=",
"version_value": "20.1.12"
},
{
"version_affected": "=",
"version_value": "18.4.4"
},
{
"version_affected": "=",
"version_value": "19.3.0"
},
{
"version_affected": "=",
"version_value": "18.3.8"
},
{
"version_affected": "=",
"version_value": "19.2.2"
},
{
"version_affected": "=",
"version_value": "20.1.1"
},
{
"version_affected": "=",
"version_value": "18.3.6"
},
{
"version_affected": "=",
"version_value": "18.4.3"
},
{
"version_affected": "=",
"version_value": "18.4.302"
},
{
"version_affected": "=",
"version_value": "18.4.5"
},
{
"version_affected": "=",
"version_value": "18.4.303"
},
{
"version_affected": "=",
"version_value": "19.2.098"
},
{
"version_affected": "=",
"version_value": "19.1.0"
},
{
"version_affected": "=",
"version_value": "17.2.10"
},
{
"version_affected": "=",
"version_value": "19.0.1a"
},
{
"version_affected": "=",
"version_value": "19.2.099"
},
{
"version_affected": "=",
"version_value": "18.3.7"
},
{
"version_affected": "=",
"version_value": "19.2.097"
},
{
"version_affected": "=",
"version_value": "18.3.1"
},
{
"version_affected": "=",
"version_value": "19.2.0"
},
{
"version_affected": "=",
"version_value": "17.2.9"
},
{
"version_affected": "=",
"version_value": "18.3.4"
},
{
"version_affected": "=",
"version_value": "18.2.0"
},
{
"version_affected": "=",
"version_value": "18.4.1"
},
{
"version_affected": "=",
"version_value": "17.2.5"
},
{
"version_affected": "=",
"version_value": "18.4.0"
},
{
"version_affected": "=",
"version_value": "18.3.5"
},
{
"version_affected": "=",
"version_value": "18.3.3"
},
{
"version_affected": "=",
"version_value": "17.2.7"
},
{
"version_affected": "=",
"version_value": "17.2.6"
},
{
"version_affected": "=",
"version_value": "17.2.8"
},
{
"version_affected": "=",
"version_value": "18.3.0"
},
{
"version_affected": "=",
"version_value": "17.2.4"
},
{
"version_affected": "=",
"version_value": "19.2.3"
}
]
}
},
{
"product_name": "Cisco SD-WAN vEdge Router",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "18.4.303"
},
{
"version_affected": "=",
"version_value": "18.3.7"
},
{
"version_affected": "=",
"version_value": "19.3.0"
},
{
"version_affected": "=",
"version_value": "18.2.0"
},
{
"version_affected": "=",
"version_value": "20.1.12"
},
{
"version_affected": "=",
"version_value": "19.2.099"
},
{
"version_affected": "=",
"version_value": "17.2.10"
},
{
"version_affected": "=",
"version_value": "18.3.3"
},
{
"version_affected": "=",
"version_value": "18.3.6"
},
{
"version_affected": "=",
"version_value": "19.0.0"
},
{
"version_affected": "=",
"version_value": "17.2.6"
},
{
"version_affected": "=",
"version_value": "18.4.0"
},
{
"version_affected": "=",
"version_value": "19.1.01"
},
{
"version_affected": "=",
"version_value": "19.2.098"
},
{
"version_affected": "=",
"version_value": "18.3.1"
},
{
"version_affected": "=",
"version_value": "18.4.302"
},
{
"version_affected": "=",
"version_value": "19.2.2"
},
{
"version_affected": "=",
"version_value": "18.3.5"
},
{
"version_affected": "=",
"version_value": "17.2.9"
},
{
"version_affected": "=",
"version_value": "19.1.0"
},
{
"version_affected": "=",
"version_value": "20.1.11"
},
{
"version_affected": "=",
"version_value": "19.2.097"
},
{
"version_affected": "=",
"version_value": "18.4.5"
},
{
"version_affected": "=",
"version_value": "17.2.5"
},
{
"version_affected": "=",
"version_value": "17.2.8"
},
{
"version_affected": "=",
"version_value": "18.3.8"
},
{
"version_affected": "=",
"version_value": "18.3.0"
},
{
"version_affected": "=",
"version_value": "18.4.3"
},
{
"version_affected": "=",
"version_value": "18.4.4"
},
{
"version_affected": "=",
"version_value": "19.2.1"
},
{
"version_affected": "=",
"version_value": "17.2.4"
},
{
"version_affected": "=",
"version_value": "18.3.4"
},
{
"version_affected": "=",
"version_value": "19.0.1a"
},
{
"version_affected": "=",
"version_value": "20.1.1"
},
{
"version_affected": "=",
"version_value": "17.2.7"
},
{
"version_affected": "=",
"version_value": "18.4.1"
},
{
"version_affected": "=",
"version_value": "19.2.0"
},
{
"version_affected": "=",
"version_value": "19.2.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns"
}
]
},
"source": {
"advisory": "cisco-sa-vsoln-arbfile-gtsEYxns",
"discovery": "INTERNAL",
"defects": [
"CSCvv09807"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/RL:X/RC:X/E:X",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

95
2020/27xxx/CVE-2020-27124.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27124",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition.\r\nThe vulnerability is due to improper error handling on established SSL/TLS connections. An attacker could exploit this vulnerability by establishing an SSL/TLS connection with the affected device and then sending a malicious SSL/TLS message within that connection. A successful exploit could allow the attacker to cause the device to reload.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Uninitialized Variable",
"cweId": "CWE-457"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Adaptive Security Appliance (ASA) Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "N/A"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq"
}
]
},
"source": {
"advisory": "cisco-sa-asa-ssl-dos-7uZWwSEy",
"discovery": "EXTERNAL",
"defects": [
"CSCvt64822"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/RL:X/RC:X/E:X",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

90
2020/3xxx/CVE-2020-3420.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-3420",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\nThe vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Unified Communications Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "N/A"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3"
}
]
},
"source": {
"advisory": "cisco-sa-cucm-xss-bLZw4Ctq",
"discovery": "INTERNAL",
"defects": [
"CSCvs88276"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

85
2020/3xxx/CVE-2020-3431.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-3431",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and Cisco Small Business RV042G Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.\r\nThe vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "N/A"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3"
}
]
},
"source": {
"advisory": "cisco-sa-sa-rv-routers-xss-K7Z5U6q3",
"discovery": "EXTERNAL",
"defects": [
"CSCvu06343"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/RL:X/RC:X/E:X",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

76
2024/10xxx/CVE-2024-10390.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10390",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Elfsight",
"product": {
"product_data": [
{
"product_name": "Elfsight Telegram Chat CC",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07244763-3482-4cfb-8ae4-d19f312011aa?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07244763-3482-4cfb-8ae4-d19f312011aa?source=cve"
},
{
"url": "https://codecanyon.net/item/elfsight-telegram-chat/25288599",
"refsource": "MISC",
"name": "https://codecanyon.net/item/elfsight-telegram-chat/25288599"
}
]
},
"credits": [
{
"lang": "en",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

18
2024/11xxx/CVE-2024-11343.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11343",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11344.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11344",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11345.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11345",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11346.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11346",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11347.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11347",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11348.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11348",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11349.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11349",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11350.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11350",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2024/42xxx/CVE-2024-42677.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/WarmBrew/web_vul/blob/main/HZ-cve/HZlfi.md",
"refsource": "MISC",
"name": "https://github.com/WarmBrew/web_vul/blob/main/HZ-cve/HZlfi.md"
},
{
"refsource": "MISC",
"name": "https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-42677.md",
"url": "https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-42677.md"
}
]
}

81
2024/43xxx/CVE-2024-43416.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43416",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "glpi-project",
"product": {
"product_data": [
{
"product_name": "glpi",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 0.80, < 10.0.17"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-j8gc-xpgr-2ww7",
"refsource": "MISC",
"name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-j8gc-xpgr-2ww7"
},
{
"url": "https://github.com/glpi-project/glpi/commit/9be1466053f829680db318f7e7e5880d2d789c6d",
"refsource": "MISC",
"name": "https://github.com/glpi-project/glpi/commit/9be1466053f829680db318f7e7e5880d2d789c6d"
}
]
},
"source": {
"advisory": "GHSA-j8gc-xpgr-2ww7",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

67
2024/44xxx/CVE-2024-44756.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44756",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-44756",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NUS-M9 ERP Management Software v3.0.0 was discovered to contain a SQL injection vulnerability via the usercode parameter at /UserWH/checkLogin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/WarmBrew/web_vul/blob/main/M9ERP/M9ERP-sqli.md",
"refsource": "MISC",
"name": "https://github.com/WarmBrew/web_vul/blob/main/M9ERP/M9ERP-sqli.md"
},
{
"refsource": "MISC",
"name": "https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44756.md",
"url": "https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44756.md"
}
]
}

67
2024/44xxx/CVE-2024-44757.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44757",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-44757",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/WarmBrew/web_vul/blob/main/M9ERP/M9ERP-filedown-Basics.md",
"refsource": "MISC",
"name": "https://github.com/WarmBrew/web_vul/blob/main/M9ERP/M9ERP-filedown-Basics.md"
},
{
"refsource": "MISC",
"name": "https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44757.md",
"url": "https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44757.md"
}
]
}

90
2024/47xxx/CVE-2024-47533.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47533",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cobbler",
"product": {
"product_data": [
{
"product_name": "cobbler",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.0.0, < 3.2.3"
},
{
"version_affected": "=",
"version_value": ">= 3.3.0, < 3.3.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h",
"refsource": "MISC",
"name": "https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h"
},
{
"url": "https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0",
"refsource": "MISC",
"name": "https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0"
},
{
"url": "https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda",
"refsource": "MISC",
"name": "https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda"
}
]
},
"source": {
"advisory": "GHSA-m26c-fcgh-cp6h",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

81
2024/47xxx/CVE-2024-47820.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47820",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Authenticated instructors may download any file on the web server MarkUs is running on, depending on the file permissions. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MarkUsProject",
"product": {
"product_data": [
{
"product_name": "Markus",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.4.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-wq6v-vx8c-8fj8",
"refsource": "MISC",
"name": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-wq6v-vx8c-8fj8"
},
{
"url": "https://github.com/MarkUsProject/Markus/pull/7026",
"refsource": "MISC",
"name": "https://github.com/MarkUsProject/Markus/pull/7026"
}
]
},
"source": {
"advisory": "GHSA-wq6v-vx8c-8fj8",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
]
}

2
2024/48xxx/CVE-2024-48896.json
View File

@ -4,7 +4,7 @@
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-48896",
"ASSIGNER": "secalert@redhat.com",
"ASSIGNER": "patrick@puiterwijk.org",
"STATE": "PUBLIC"
},
"description": {

2
2024/48xxx/CVE-2024-48897.json
View File

@ -4,7 +4,7 @@
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-48897",
"ASSIGNER": "secalert@redhat.com",
"ASSIGNER": "patrick@puiterwijk.org",
"STATE": "PUBLIC"
},
"description": {

2
2024/48xxx/CVE-2024-48898.json
View File

@ -4,7 +4,7 @@
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-48898",
"ASSIGNER": "secalert@redhat.com",
"ASSIGNER": "patrick@puiterwijk.org",
"STATE": "PUBLIC"
},
"description": {

2
2024/48xxx/CVE-2024-48900.json
View File

@ -4,7 +4,7 @@
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-48900",
"ASSIGNER": "secalert@redhat.com",
"ASSIGNER": "patrick@puiterwijk.org",
"STATE": "PUBLIC"
},
"description": {

2
2024/48xxx/CVE-2024-48901.json
View File

@ -4,7 +4,7 @@
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-48901",
"ASSIGNER": "secalert@redhat.com",
"ASSIGNER": "patrick@puiterwijk.org",
"STATE": "PUBLIC"
},
"description": {

85
2024/52xxx/CVE-2024-52419.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52419",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Clipboard Team Copy Anything to Clipboard allows Stored XSS.This issue affects Copy Anything to Clipboard: from n/a through 4.0.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Clipboard Team",
"product": {
"product_data": [
{
"product_name": "Copy Anything to Clipboard",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "4.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/copy-the-code/wordpress-copy-anything-to-clipboard-plugin-4-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/copy-the-code/wordpress-copy-anything-to-clipboard-plugin-4-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "LVT-tholv2k (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

85
2024/52xxx/CVE-2024-52422.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52422",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Terry Lin WP Githuber MD allows Stored XSS.This issue affects WP Githuber MD: from n/a through 1.16.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Terry Lin",
"product": {
"product_data": [
{
"product_name": "WP Githuber MD",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.16.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/wp-githuber-md/wordpress-wp-githuber-md-plugin-1-16-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/wp-githuber-md/wordpress-wp-githuber-md-plugin-1-16-3-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Fazle Mawla (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

85
2024/52xxx/CVE-2024-52423.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52423",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Builder allows Stored XSS.This issue affects Themify Builder: from n/a through 7.6.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Themify",
"product": {
"product_data": [
{
"product_name": "Themify Builder",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "7.6.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/themify-builder/wordpress-themify-builder-plugin-7-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/themify-builder/wordpress-themify-builder-plugin-7-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Jo\u00e3o Pedro Soares de Alc\u00e2ntara - Kinorth (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

85
2024/52xxx/CVE-2024-52424.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52424",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Suresh Kumar wp-login customizer allows Stored XSS.This issue affects wp-login customizer: from n/a through 1.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Suresh Kumar",
"product": {
"product_data": [
{
"product_name": "wp-login customizer",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/wp-login-customizer/wordpress-wp-login-customizer-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/wp-login-customizer/wordpress-wp-login-customizer-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "SOPROBRO (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}