admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-21 04:00:30 +00:00
parent 4ba775c92f
commit ce6e9ade75
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
17 changed files with 769 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
2023/3xxx/CVE-2023-3352.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3352",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for Nextgen or the Media Library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpmudev",
"product": {
"product_data": [
{
"product_name": "Smush Image Optimization \u2013 Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.16.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dfbaa3e4-40c2-41d8-996c-232e27a04b73?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dfbaa3e4-40c2-41d8-996c-232e27a04b73?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3105107/wp-smushit/trunk/app/class-ajax.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3105107/wp-smushit/trunk/app/class-ajax.php"
}
]
},
"credits": [
{
"lang": "en",
"value": "Truoc Phan"
},
{
"lang": "en",
"value": "An \u0110\u1eb7ng"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/1xxx/CVE-2024-1639.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1639",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with admin dashboard access (contributors by default due to WooCommerce) to view arbitrary decrypted license keys. The functions contain a referrer nonce check. However, these can be retrieved via the dashboard through the \"license\" JS variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpexpertsio",
"product": {
"product_data": [
{
"product_name": "License Manager for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/92e444db-72d5-444f-811e-ade0bc097769?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/92e444db-72d5-444f-811e-ade0bc097769?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/license-manager-for-woocommerce/tags/3.0.5/includes/Controllers/License.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/license-manager-for-woocommerce/tags/3.0.5/includes/Controllers/License.php"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
]
}

80
2024/1xxx/CVE-2024-1955.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1955",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wprepublic",
"product": {
"product_data": [
{
"product_name": "Hide Dashboard Notifications",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d4655236-7dfe-40ae-9d0c-6eacc59af13d?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d4655236-7dfe-40ae-9d0c-6eacc59af13d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-hide-backed-notices/tags/1.3/admin/class-wp-hide-backed-notices-admin.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp-hide-backed-notices/tags/1.3/admin/class-wp-hide-backed-notices-admin.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3104675%40wp-hide-backed-notices&new=3104675%40wp-hide-backed-notices&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3104675%40wp-hide-backed-notices&new=3104675%40wp-hide-backed-notices&sfp_email=&sfph_mail="
}
]
},
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

80
2024/3xxx/CVE-2024-3610.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3610",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child theme and activate it cause the site to whitescreen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wen-solutions",
"product": {
"product_data": [
{
"product_name": "WP Child Theme Generator",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/581e6686-a103-43f6-aa99-6a9862d98837?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/581e6686-a103-43f6-aa99-6a9862d98837?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-child-theme-generator/trunk/wp-easy-child/wp-easy-child.php#L60",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp-child-theme-generator/trunk/wp-easy-child/wp-easy-child.php#L60"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=/wp-child-theme-generator/tags/1.1.1&new_path=/wp-child-theme-generator/tags/1.1.2&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?old_path=/wp-child-theme-generator/tags/1.1.1&new_path=/wp-child-theme-generator/tags/1.1.2&sfp_email=&sfph_mail="
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/3xxx/CVE-2024-3961.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3961",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The ConvertKit \u2013 Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to subscribe users to tags. Financial damages may occur to site owners if their API quota is exceeded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "convertkit",
"product": {
"product_data": [
{
"product_name": "ConvertKit \u2013 Email Newsletter, Email Marketing, Subscribers and Landing Pages",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.4.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79d828b8-aea2-4705-ae23-ac70133a6c3e?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79d828b8-aea2-4705-ae23-ac70133a6c3e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3104932%40convertkit%2Ftrunk&old=3085997%40convertkit%2Ftrunk&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3104932%40convertkit%2Ftrunk&old=3085997%40convertkit%2Ftrunk&sfp_email=&sfph_mail="
}
]
},
"credits": [
{
"lang": "en",
"value": "1337_Wannabe"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

5
2024/4xxx/CVE-2024-4418.json
View File

@ -122,6 +122,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4IE44UIIC3QWBFRB4EUSFNLJBU6JLNSD/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4IE44UIIC3QWBFRB4EUSFNLJBU6JLNSD/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4ZQBAJVHIZMCZNTRPUW3ZKXRKLXRQZU/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4ZQBAJVHIZMCZNTRPUW3ZKXRKLXRQZU/"
}
]
},

5
2024/5xxx/CVE-2024-5171.json
View File

@ -59,6 +59,11 @@
"url": "https://issues.chromium.org/issues/332382766",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/332382766"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/"
}
]
},

75
2024/5xxx/CVE-2024-5344.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5344",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018forgoturl\u2019 attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "The Plus Addons for Elementor Page Builder",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.5.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ac8fb0b-21a9-4b94-bb24-b349a7fe3305?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ac8fb0b-21a9-4b94-bb24-b349a7fe3305?source=cve"
},
{
"url": "https://roadmap.theplusaddons.com/updates/",
"refsource": "MISC",
"name": "https://roadmap.theplusaddons.com/updates/"
}
]
},
"credits": [
{
"lang": "en",
"value": "wesley"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/5xxx/CVE-2024-5455.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5455",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "The Plus Addons for Elementor Page Builder",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.5.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8699142d-4ddd-4ca1-9886-9b2d905a36cd?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8699142d-4ddd-4ca1-9886-9b2d905a36cd?source=cve"
},
{
"url": "https://roadmap.theplusaddons.com/updates/",
"refsource": "MISC",
"name": "https://roadmap.theplusaddons.com/updates/"
}
]
},
"credits": [
{
"lang": "en",
"value": "wesley"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

100
2024/5xxx/CVE-2024-5503.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5503",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "codevibrant",
"product": {
"product_data": [
{
"product_name": "WP Blog Post Layouts",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5205cc95-06d1-4bc6-a9ea-082df9566935?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5205cc95-06d1-4bc6-a9ea-082df9566935?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-blog-post-layouts/trunk/includes/gutenberg.php#L883",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp-blog-post-layouts/trunk/includes/gutenberg.php#L883"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-blog-post-layouts/trunk/includes/gutenberg.php#L900",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp-blog-post-layouts/trunk/includes/gutenberg.php#L900"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-blog-post-layouts/trunk/includes/gutenberg.php#L917",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp-blog-post-layouts/trunk/includes/gutenberg.php#L917"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-blog-post-layouts/trunk/includes/src/grid/element.php#L1146",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp-blog-post-layouts/trunk/includes/src/grid/element.php#L1146"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-blog-post-layouts/trunk/includes/src/list/element.php#L1136",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp-blog-post-layouts/trunk/includes/src/list/element.php#L1136"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-blog-post-layouts/trunk/includes/src/masonry/element.php#L1134",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp-blog-post-layouts/trunk/includes/src/masonry/element.php#L1134"
}
]
},
"credits": [
{
"lang": "en",
"value": "Matthew Rollings"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

5
2024/6xxx/CVE-2024-6100.json
View File

@ -64,6 +64,11 @@
"url": "https://issues.chromium.org/issues/344608204",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/344608204"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/"
}
]
}

5
2024/6xxx/CVE-2024-6101.json
View File

@ -63,6 +63,11 @@
"url": "https://issues.chromium.org/issues/343748812",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/343748812"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/"
}
]
}

5
2024/6xxx/CVE-2024-6102.json
View File

@ -63,6 +63,11 @@
"url": "https://issues.chromium.org/issues/339169163",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/339169163"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/"
}
]
}

5
2024/6xxx/CVE-2024-6103.json
View File

@ -64,6 +64,11 @@
"url": "https://issues.chromium.org/issues/344639860",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/344639860"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/"
}
]
}

100
2024/6xxx/CVE-2024-6218.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6218",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. Affected by this issue is some unknown functionality of the file busprofile.php. The manipulation of the argument busid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-269282 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in itsourcecode Vehicle Management System 1.0 entdeckt. Dies betrifft einen unbekannten Teil der Datei busprofile.php. Mit der Manipulation des Arguments busid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "itsourcecode",
"product": {
"product_data": [
{
"product_name": "Vehicle Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.269282",
"refsource": "MISC",
"name": "https://vuldb.com/?id.269282"
},
{
"url": "https://vuldb.com/?ctiid.269282",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.269282"
},
{
"url": "https://vuldb.com/?submit.360697",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.360697"
},
{
"url": "https://github.com/HryspaHodor/CVE/issues/7",
"refsource": "MISC",
"name": "https://github.com/HryspaHodor/CVE/issues/7"
}
]
},
"credits": [
{
"lang": "en",
"value": "Hryspa_Hodor (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

18
2024/6xxx/CVE-2024-6237.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6237",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/6xxx/CVE-2024-6238.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6238",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}