admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-02-11 12:00:33 +00:00
parent e4d4e90735
commit cf7930cd69
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 275 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
2024/11xxx/CVE-2024-11218.json
View File

@ -189,6 +189,27 @@
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "1:1.29.5-1.el9_2",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"version": {
@ -362,6 +383,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:1275"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:1295",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:1295"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-11218",
"refsource": "MISC",

81
2024/13xxx/CVE-2024-13506.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13506",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The GeoDirectory \u2013 WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the display_name profile parameter in all versions up to, and including, 2.8.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "paoltaia",
"product": {
"product_data": [
{
"product_name": "GeoDirectory \u2013 WP Business Directory Plugin and Classified Listings Directory",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.8.97"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0d9ba14-c0c9-426e-927e-9139a0882f0d?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0d9ba14-c0c9-426e-927e-9139a0882f0d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/geodirectory/tags/2.8.97/includes/admin/class-geodir-admin-post-view.php#L317",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/geodirectory/tags/2.8.97/includes/admin/class-geodir-admin-post-view.php#L317"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3225839",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3225839"
}
]
},
"credits": [
{
"lang": "en",
"value": "Tim Coen"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

73
2025/0xxx/CVE-2025-0588.json
View File

@ -1,18 +1,81 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0588",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@octopus.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses. By submitting a specifically crafted referrer header the user could ensure that all subsequent server responses would return 500 errors rendering the site mostly unusable. The user would be able to subsequently set and unset the referrer header to control the denial of service state with a valid CSRF token whilst new CSRF tokens could not be generated."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service with Backdoor access"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Octopus Deploy",
"product": {
"product_data": [
{
"product_name": "Octopus Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2020.1.0",
"version_value": "2024.3.13097"
},
{
"version_affected": "<",
"version_name": "2024.4.401",
"version_value": "2024.4.7091"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisories.octopus.com/post/2024/sa2025-05/",
"refsource": "MISC",
"name": "https://advisories.octopus.com/post/2024/sa2025-05/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "This vulnerability was found by Edward Prior (@JankhJankh)"
}
]
}

24
2025/0xxx/CVE-2025-0750.json
View File

@ -36,15 +36,30 @@
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 4",
"product_name": "Red Hat OpenShift Container Platform 4.17",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.30.10-3.rhaos4.17.gitd088fcf.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
@ -62,6 +77,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2025:1122",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:1122"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2025-0750",
"refsource": "MISC",

86
2025/0xxx/CVE-2025-0862.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0862",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The SuperSaaS \u2013 online appointment scheduling plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018after\u2019 parameter in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is limited to Chromium-based browsers (e.g. Chrome, Edge, Brave)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "supersaas",
"product": {
"product_data": [
{
"product_name": "SuperSaaS \u2013 online appointment scheduling",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.1.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8698255b-6c03-464b-8cb5-191d3e77009f?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8698255b-6c03-464b-8cb5-191d3e77009f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/supersaas-appointment-scheduling/tags/2.1.12/includes/shortcode.php#L31",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/supersaas-appointment-scheduling/tags/2.1.12/includes/shortcode.php#L31"
},
{
"url": "https://plugins.trac.wordpress.org/browser/supersaas-appointment-scheduling/tags/2.1.12/includes/shortcode.php#L15",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/supersaas-appointment-scheduling/tags/2.1.12/includes/shortcode.php#L15"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3235242/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3235242/"
}
]
},
"credits": [
{
"lang": "en",
"value": "muhammad yudha"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
}
]
}