diff --git a/2023/5xxx/CVE-2023-5625.json b/2023/5xxx/CVE-2023-5625.json index 5fc2d7e419f..154b18624e0 100644 --- a/2023/5xxx/CVE-2023-5625.json +++ b/2023/5xxx/CVE-2023-5625.json @@ -96,19 +96,6 @@ } ] } - }, - { - "product_name": "Red Hat OpenStack Platform 17.1", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } } ] } diff --git a/2024/5xxx/CVE-2024-5943.json b/2024/5xxx/CVE-2024-5943.json index a3d178c55a3..71633892032 100644 --- a/2024/5xxx/CVE-2024-5943.json +++ b/2024/5xxx/CVE-2024-5943.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5943", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab' parameter. This makes it possible for unauthenticated attackers to call local php files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "kylephillips", + "product": { + "product_data": [ + { + "product_name": "Nested Pages", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.2.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2663150-61f9-49e3-9219-fbe89cc6b03c?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2663150-61f9-49e3-9219-fbe89cc6b03c?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-nested-pages/trunk/app/Config/Settings.php#L129", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-nested-pages/trunk/app/Config/Settings.php#L129" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-nested-pages/trunk/app/Views/settings/settings.php#L20", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-nested-pages/trunk/app/Views/settings/settings.php#L20" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3111847/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3111847/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Bassem Essam" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/6xxx/CVE-2024-6507.json b/2024/6xxx/CVE-2024-6507.json index f6efa5d36d0..d3fab2ad44a 100644 --- a/2024/6xxx/CVE-2024-6507.json +++ b/2024/6xxx/CVE-2024-6507.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6507", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@jfrog.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in the ingest_kaggle() API" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://research.jfrog.com/vulnerabilities/deeplake-kaggle-command-injection-jfsa-2024-001035320/", + "refsource": "MISC", + "name": "https://research.jfrog.com/vulnerabilities/deeplake-kaggle-command-injection-jfsa-2024-001035320/" + }, + { + "url": "https://github.com/activeloopai/deeplake/pull/2876", + "refsource": "MISC", + "name": "https://github.com/activeloopai/deeplake/pull/2876" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/6xxx/CVE-2024-6508.json b/2024/6xxx/CVE-2024-6508.json new file mode 100644 index 00000000000..e64af43afac --- /dev/null +++ b/2024/6xxx/CVE-2024-6508.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6508", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6509.json b/2024/6xxx/CVE-2024-6509.json new file mode 100644 index 00000000000..324f8f75231 --- /dev/null +++ b/2024/6xxx/CVE-2024-6509.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6509", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6510.json b/2024/6xxx/CVE-2024-6510.json new file mode 100644 index 00000000000..5daf2bec62a --- /dev/null +++ b/2024/6xxx/CVE-2024-6510.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6510", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6511.json b/2024/6xxx/CVE-2024-6511.json new file mode 100644 index 00000000000..2267cc41a6e --- /dev/null +++ b/2024/6xxx/CVE-2024-6511.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6511", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file