admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-07 11:00:36 +00:00
parent 03e01b59a2
commit dc5e929501
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 379 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2023/3xxx/CVE-2023-3597.json
View File

@ -97,6 +97,19 @@
]
}
},
{
"product_name": "RHSSO 7.6.8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Single Sign-On 7",
"version": {
@ -118,6 +131,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:1866",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:1866"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1867",
"refsource": "MISC",

18
2024/43xxx/CVE-2024-43166.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43166",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

105
2024/6xxx/CVE-2024-6522.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6522",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mec_fes_form' AJAX function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Webnus",
"product": {
"product_data": [
{
"product_name": "Modern Events Calendar",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "7.12.1"
}
]
}
}
]
}
},
{
"vendor_name": "webnus/",
"product": {
"product_data": [
{
"product_name": "Modern Events Calendar Lite",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "7.12.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/00bf8f2f-6ab4-4430-800b-5b97abe7589e?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/00bf8f2f-6ab4-4430-800b-5b97abe7589e?source=cve"
},
{
"url": "https://wordpress.org/plugins/modern-events-calendar-lite/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/modern-events-calendar-lite/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/browser/modern-events-calendar-lite/trunk/app/features/fes.php#L54",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/modern-events-calendar-lite/trunk/app/features/fes.php#L54"
},
{
"url": "https://mec.webnus.net/change-log/",
"refsource": "MISC",
"name": "https://mec.webnus.net/change-log/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Friderika Baranyai"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"baseScore": 8.5,
"baseSeverity": "HIGH"
}
]
}

89
2024/7xxx/CVE-2024-7265.json
View File

@ -1,18 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7265",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cvd@cert.pl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect User Management vulnerability in Naukowa i Akademicka Sie\u0107 Komputerowa - Pa\u0144stwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation.\u00a0This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-286 Incorrect User Management",
"cweId": "CWE-286"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Naukowa i Akademicka Sie\u0107 Komputerowa - Pa\u0144stwowy Instytut Badawczy",
"product": {
"product_data": [
{
"product_name": "EZD RP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15",
"version_value": "15.84"
},
{
"version_affected": "<",
"version_name": "16",
"version_value": "16.15"
},
{
"version_affected": "<",
"version_name": "17",
"version_value": "17.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.pl/en/posts/2024/08/CVE-2023-7265/",
"refsource": "MISC",
"name": "https://cert.pl/en/posts/2024/08/CVE-2023-7265/"
},
{
"url": "https://cert.pl/posts/2024/08/CVE-2023-7265/",
"refsource": "MISC",
"name": "https://cert.pl/posts/2024/08/CVE-2023-7265/"
},
{
"url": "https://www.gov.pl/web/ezd-rp",
"refsource": "MISC",
"name": "https://www.gov.pl/web/ezd-rp"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Jakub P\u0142atek (NASK-PIB)"
}
]
}

89
2024/7xxx/CVE-2024-7266.json
View File

@ -1,18 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7266",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cvd@cert.pl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect User Management vulnerability in Naukowa i Akademicka Sie\u0107 Komputerowa - Pa\u0144stwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other organizations.\u00a0This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-286 Incorrect User Management",
"cweId": "CWE-286"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Naukowa i Akademicka Sie\u0107 Komputerowa - Pa\u0144stwowy Instytut Badawczy",
"product": {
"product_data": [
{
"product_name": "EZD RP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15",
"version_value": "15.84"
},
{
"version_affected": "<",
"version_name": "16",
"version_value": "16.15"
},
{
"version_affected": "<",
"version_name": "17",
"version_value": "17.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.pl/en/posts/2024/08/CVE-2023-7265/",
"refsource": "MISC",
"name": "https://cert.pl/en/posts/2024/08/CVE-2023-7265/"
},
{
"url": "https://cert.pl/posts/2024/08/CVE-2023-7265/",
"refsource": "MISC",
"name": "https://cert.pl/posts/2024/08/CVE-2023-7265/"
},
{
"url": "https://www.gov.pl/web/ezd-rp",
"refsource": "MISC",
"name": "https://www.gov.pl/web/ezd-rp"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Jakub P\u0142atek (NASK-PIB)"
}
]
}

79
2024/7xxx/CVE-2024-7267.json
View File

@ -1,18 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7267",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cvd@cert.pl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exposure of Sensitive Information\u00a0vulnerability in Naukowa i Akademicka Sie\u0107 Komputerowa - Pa\u0144stwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and credentials.\u00a0This issue affects EZD RP all versions before 19.6"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-213 Exposure of Sensitive Information Due to Incompatible Policies",
"cweId": "CWE-213"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Naukowa i Akademicka Sie\u0107 Komputerowa - Pa\u0144stwowy Instytut Badawczy",
"product": {
"product_data": [
{
"product_name": "EZD RP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "19.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.pl/en/posts/2024/08/CVE-2023-7265/",
"refsource": "MISC",
"name": "https://cert.pl/en/posts/2024/08/CVE-2023-7265/"
},
{
"url": "https://cert.pl/posts/2024/08/CVE-2023-7265/",
"refsource": "MISC",
"name": "https://cert.pl/posts/2024/08/CVE-2023-7265/"
},
{
"url": "https://www.gov.pl/web/ezd-rp",
"refsource": "MISC",
"name": "https://www.gov.pl/web/ezd-rp"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Jakub P\u0142atek (NASK-PIB)"
}
]
}