admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-25 12:00:35 +00:00
parent 575781d8d3
commit c9360bc7b2
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 664 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
2024/28xxx/CVE-2024-28831.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28831",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@checkmk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"cweId": "CWE-80"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Checkmk GmbH",
"product": {
"product_data": [
{
"product_name": "Checkmk",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3.0",
"version_value": "2.3.0p7"
},
{
"version_affected": "<",
"version_name": "2.2.0",
"version_value": "2.2.0p28"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://checkmk.com/werk/17025",
"refsource": "MISC",
"name": "https://checkmk.com/werk/17025"
}
]
},
"credits": [
{
"lang": "en",
"value": "PS Positive Security GmbH"
}
],
"impact": {
"cvss": [
{
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

86
2024/28xxx/CVE-2024-28832.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28832",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@checkmk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"cweId": "CWE-80"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Checkmk GmbH",
"product": {
"product_data": [
{
"product_name": "Checkmk",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3.0",
"version_value": "2.3.0p7"
},
{
"version_affected": "<",
"version_name": "2.2.0",
"version_value": "2.2.0p28"
},
{
"version_affected": "<",
"version_name": "2.1.0",
"version_value": "2.1.0p45"
},
{
"version_affected": "<=",
"version_name": "2.0.0",
"version_value": "2.0.0p39"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://checkmk.com/werk/17024",
"refsource": "MISC",
"name": "https://checkmk.com/werk/17024"
}
]
},
"credits": [
{
"lang": "en",
"value": "PS Positive Security GmbH"
}
],
"impact": {
"cvss": [
{
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

120
2024/6xxx/CVE-2024-6305.json Normal file
View File

@ -0,0 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-6305",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress Core is vulnerable to Stored Cross-Site Scripting via the Template Part Block in various versions up to 6.5.5 due to insufficient input sanitization and output escaping on the 'tagName' attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WordPress Foundation",
"product": {
"product_data": [
{
"product_name": "WordPress",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "5.9",
"version_value": "5.9.9"
},
{
"version_affected": "<=",
"version_name": "6.0",
"version_value": "6.0.8"
},
{
"version_affected": "<=",
"version_name": "6.1",
"version_value": "6.1.6"
},
{
"version_affected": "<=",
"version_name": "6.2",
"version_value": "6.2.5"
},
{
"version_affected": "<=",
"version_name": "6.3",
"version_value": "6.3.4"
},
{
"version_affected": "<=",
"version_name": "6.4",
"version_value": "6.4.4"
},
{
"version_affected": "<=",
"version_name": "6.5",
"version_value": "6.5.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a225ccb-a7dc-4437-bd97-b309d6ae6a47?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a225ccb-a7dc-4437-bd97-b309d6ae6a47?source=cve"
},
{
"url": "https://core.trac.wordpress.org/changeset/58471",
"refsource": "MISC",
"name": "https://core.trac.wordpress.org/changeset/58471"
},
{
"url": "https://wordpress.org/news/2024/06/wordpress-6-5-5/",
"refsource": "MISC",
"name": "https://wordpress.org/news/2024/06/wordpress-6-5-5/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Rafie Muhammad"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}
}

235
2024/6xxx/CVE-2024-6306.json Normal file
View File

@ -0,0 +1,235 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-6306",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress Core is vulnerable to Directory Traversal in various versions up to 6.5.5 via the Template Part block. This makes it possible for authenticated attackers, with Contributor-level access and above, to include arbitrary HTML Files on sites running Windows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WordPress Foundation",
"product": {
"product_data": [
{
"product_name": "WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "4.1"
},
{
"version_affected": "<=",
"version_name": "4.1",
"version_value": "4.1.40"
},
{
"version_affected": "<=",
"version_name": "4.2",
"version_value": "4.2.37"
},
{
"version_affected": "<=",
"version_name": "4.3",
"version_value": "4.3.33"
},
{
"version_affected": "<=",
"version_name": "4.4",
"version_value": "4.4.32"
},
{
"version_affected": "<=",
"version_name": "4.5",
"version_value": "4.5.31"
},
{
"version_affected": "<=",
"version_name": "4.6",
"version_value": "4.6.28"
},
{
"version_affected": "<=",
"version_name": "4.7",
"version_value": "4.7.28"
},
{
"version_affected": "<=",
"version_name": "4.8",
"version_value": "4.8.24"
},
{
"version_affected": "<=",
"version_name": "4.9",
"version_value": "4.9.25"
},
{
"version_affected": "<=",
"version_name": "5.0",
"version_value": "5.0.21"
},
{
"version_affected": "<=",
"version_name": "5.1",
"version_value": "5.1.18"
},
{
"version_affected": "<=",
"version_name": "5.2",
"version_value": "5.2.20"
},
{
"version_affected": "<=",
"version_name": "5.3",
"version_value": "5.3.17"
},
{
"version_affected": "<=",
"version_name": "5.4",
"version_value": "5.4.15"
},
{
"version_affected": "<=",
"version_name": "5.5",
"version_value": "5.5.14"
},
{
"version_affected": "<=",
"version_name": "5.6",
"version_value": "5.6.13"
},
{
"version_affected": "<=",
"version_name": "5.7",
"version_value": "5.7.11"
},
{
"version_affected": "<=",
"version_name": "5.8",
"version_value": "5.8.9"
},
{
"version_affected": "<=",
"version_name": "5.9",
"version_value": "5.9.9"
},
{
"version_affected": "<=",
"version_name": "6.0",
"version_value": "6.0.8"
},
{
"version_affected": "<=",
"version_name": "6.1",
"version_value": "6.1.6"
},
{
"version_affected": "<=",
"version_name": "6.2",
"version_value": "6.2.5"
},
{
"version_affected": "<=",
"version_name": "6.3",
"version_value": "6.3.4"
},
{
"version_affected": "<=",
"version_name": "6.4",
"version_value": "6.4.4"
},
{
"version_affected": "<=",
"version_name": "6.5",
"version_value": "6.5.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4af2b01b-2dcb-44ae-a764-8ecc5f8caa81?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4af2b01b-2dcb-44ae-a764-8ecc5f8caa81?source=cve"
},
{
"url": "https://wordpress.org/news/2024/06/wordpress-6-5-5/",
"refsource": "MISC",
"name": "https://wordpress.org/news/2024/06/wordpress-6-5-5/"
},
{
"url": "https://core.trac.wordpress.org/changeset/58470",
"refsource": "MISC",
"name": "https://core.trac.wordpress.org/changeset/58470"
}
]
},
"credits": [
{
"lang": "en",
"value": "apple502j"
},
{
"lang": "en",
"value": "Rafie Muhammad"
},
{
"lang": "en",
"value": "Edouard L"
},
{
"lang": "en",
"value": "David Fifield"
},
{
"lang": "en",
"value": "x89"
},
{
"lang": "en",
"value": "mishre"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}
}

137
2024/6xxx/CVE-2024-6307.json Normal file
View File

@ -0,0 +1,137 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-6307",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions up to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WordPress Foundation",
"product": {
"product_data": [
{
"product_name": "WordPress",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "5.9",
"version_value": "5.9.9"
},
{
"version_affected": "<=",
"version_name": "6.0",
"version_value": "6.0.8"
},
{
"version_affected": "<=",
"version_name": "6.1",
"version_value": "6.1.6"
},
{
"version_affected": "<=",
"version_name": "6.2",
"version_value": "6.2.5"
},
{
"version_affected": "<=",
"version_name": "6.3",
"version_value": "6.3.4"
},
{
"version_affected": "<=",
"version_name": "6.4",
"version_value": "6.4.4"
},
{
"version_affected": "<=",
"version_name": "6.5",
"version_value": "6.5.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0d36f8-6569-49a1-b722-5cf57c4bb32a?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0d36f8-6569-49a1-b722-5cf57c4bb32a?source=cve"
},
{
"url": "https://wordpress.org/news/2024/06/wordpress-6-5-5/",
"refsource": "MISC",
"name": "https://wordpress.org/news/2024/06/wordpress-6-5-5/"
},
{
"url": "https://core.trac.wordpress.org/changeset/58473",
"refsource": "MISC",
"name": "https://core.trac.wordpress.org/changeset/58473"
},
{
"url": "https://core.trac.wordpress.org/changeset/58472",
"refsource": "MISC",
"name": "https://core.trac.wordpress.org/changeset/58472"
}
]
},
"credits": [
{
"lang": "en",
"value": "Alex Concha"
},
{
"lang": "en",
"value": "Dennis Snell"
},
{
"lang": "en",
"value": "Grzegorz Zi\u00f3\u0142kowski"
},
{
"lang": "en",
"value": "Aaron Jorbin"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}
}

18
2024/6xxx/CVE-2024-6308.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6308",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}