admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-12-10 00:00:57 +00:00
parent c866e3fb95
commit d648ea4d12
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
10 changed files with 806 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2024/11xxx/CVE-2024-11010.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The FileOrganizer \u2013 Manage WordPress and Website Files plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
"value": "The FileOrganizer \u2013 Manage WordPress and Website Files plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary JavaScript files on the server, allowing the execution of any JavaScript code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
}
]
},

119
2024/12xxx/CVE-2024-12393.json Normal file
View File

@ -0,0 +1,119 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-12393",
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Drupal Core",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.8.0",
"version_value": "10.2.11"
},
{
"version_affected": "<",
"version_name": "10.3.0",
"version_value": "10.3.9"
},
{
"version_affected": "<",
"version_name": "11.0.0",
"version_value": "11.0.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-core-2024-003",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-core-2024-003"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Jay Beaton"
},
{
"lang": "en",
"value": "Lee Rowlands"
},
{
"lang": "en",
"value": "catch"
},
{
"lang": "en",
"value": "Mingsong"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "Dave Long"
},
{
"lang": "en",
"value": "Benji Fisher"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "Greg Knaddison"
}
]
}

18
2024/12xxx/CVE-2024-12394.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12394",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12395.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12395",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2024/55xxx/CVE-2024-55634.json Normal file
View File

@ -0,0 +1,128 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-55634",
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-178 Improper Handling of Case Sensitivity",
"cweId": "CWE-178"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-289",
"cweId": "CWE-289"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Drupal Core",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.0.0",
"version_value": "10.2.11"
},
{
"version_affected": "<",
"version_name": "10.3.0",
"version_value": "10.3.9"
},
{
"version_affected": "<",
"version_name": "11.0.0",
"version_value": "11.0.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-core-2024-004",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-core-2024-004"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Wayne Eaker"
},
{
"lang": "en",
"value": "Wayne Eaker"
},
{
"lang": "en",
"value": "cilefen"
},
{
"lang": "en",
"value": "Kristiaan Van den Eynde"
},
{
"lang": "en",
"value": "Drew Webber"
},
{
"lang": "en",
"value": "Lee Rowlands"
},
{
"lang": "en",
"value": "Benji Fisher"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "xjm"
}
]
}

109
2024/55xxx/CVE-2024-55635.json Normal file
View File

@ -0,0 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-55635",
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Drupal Core",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.0",
"version_value": "7.102"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-core-2024-005",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-core-2024-005"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Cesar"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Matthew Grill"
},
{
"lang": "en",
"value": "Wim Leers"
},
{
"lang": "en",
"value": "Drew Webber"
},
{
"lang": "en",
"value": "Ra M\u00e4nd"
},
{
"lang": "en",
"value": "Fabian Franz"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "xjm"
}
]
}

107
2024/55xxx/CVE-2024-55636.json Normal file
View File

@ -0,0 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-55636",
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"cweId": "CWE-915"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Drupal Core",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.0.0",
"version_value": "10.2.11"
},
{
"version_affected": "<",
"version_name": "10.3.0",
"version_value": "10.3.9"
},
{
"version_affected": "<",
"version_name": "11.0.0",
"version_value": "11.0.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-core-2024-006",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-core-2024-006"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Drew Webber"
},
{
"lang": "en",
"value": "Drew Webber"
},
{
"lang": "en",
"value": "Lee Rowlands"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "Benji Fisher"
},
{
"lang": "en",
"value": "xjm"
}
]
}

111
2024/55xxx/CVE-2024-55637.json Normal file
View File

@ -0,0 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-55637",
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"cweId": "CWE-915"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Drupal Core",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.0.0",
"version_value": "10.2.11"
},
{
"version_affected": "<",
"version_name": "10.3.0",
"version_value": "10.3.9"
},
{
"version_affected": "<",
"version_name": "11.0.0",
"version_value": "11.0.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-core-2024-007",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-core-2024-007"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Drew Webber"
},
{
"lang": "en",
"value": "Drew Webber"
},
{
"lang": "en",
"value": "Lee Rowlands"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "Benji Fisher"
},
{
"lang": "en",
"value": "xjm"
},
{
"lang": "en",
"value": "Greg Knaddison"
}
]
}

123
2024/55xxx/CVE-2024-55638.json Normal file
View File

@ -0,0 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-55638",
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"cweId": "CWE-915"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Drupal Core",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.0",
"version_value": "7.102"
},
{
"version_affected": "<",
"version_name": "8.0.0",
"version_value": "10.2.11"
},
{
"version_affected": "<",
"version_name": "10.3.0",
"version_value": "10.3.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-core-2024-008",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-core-2024-008"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Drew Webber"
},
{
"lang": "en",
"value": "Drew Webber"
},
{
"lang": "en",
"value": "Fabian Franz"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "Lee Rowlands"
},
{
"lang": "en",
"value": "Dave Long"
},
{
"lang": "en",
"value": "Alex Pott"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "Benji Fisher"
},
{
"lang": "en",
"value": "xjm"
}
]
}

76
2024/9xxx/CVE-2024-9672.json
View File

@ -1,18 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9672",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@papercut.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be used to execute specially created JavaScript payloads in the browser. A user must click on a malicious link for this issue to occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')",
"cweId": "CWE-917"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PaperCut",
"product": {
"product_data": [
{
"product_name": "PaperCut MF",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "24.1",
"status": "unaffected"
}
],
"lessThan": "24.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.papercut.com/kb/Main/security-bulletin-december-2024/",
"refsource": "MISC",
"name": "https://www.papercut.com/kb/Main/security-bulletin-december-2024/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}