From e5d301f20ec8749f20e84df3b5a586522278b297 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 28 Nov 2024 07:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/10xxx/CVE-2024-10473.json | 72 +++++++++++++++++++++++++++--- 2024/10xxx/CVE-2024-10493.json | 72 +++++++++++++++++++++++++++--- 2024/10xxx/CVE-2024-10510.json | 81 +++++++++++++++++++++++++++++++--- 2024/10xxx/CVE-2024-10896.json | 72 +++++++++++++++++++++++++++--- 2024/11xxx/CVE-2024-11742.json | 4 ++ 2024/11xxx/CVE-2024-11743.json | 4 ++ 2024/11xxx/CVE-2024-11860.json | 4 ++ 2024/11xxx/CVE-2024-11954.json | 18 ++++++++ 2024/11xxx/CVE-2024-11955.json | 18 ++++++++ 2024/11xxx/CVE-2024-11956.json | 18 ++++++++ 2024/9xxx/CVE-2024-9076.json | 29 ++++++++---- 11 files changed, 364 insertions(+), 28 deletions(-) create mode 100644 2024/11xxx/CVE-2024-11954.json create mode 100644 2024/11xxx/CVE-2024-11955.json create mode 100644 2024/11xxx/CVE-2024-11956.json diff --git a/2024/10xxx/CVE-2024-10473.json b/2024/10xxx/CVE-2024-10473.json index cd1bd3a9717..3aa165c5477 100644 --- a/2024/10xxx/CVE-2024-10473.json +++ b/2024/10xxx/CVE-2024-10473.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10473", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Logo Slider", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/7512cbdf-cf27-4a1f-bac8-9fcb14bf463e/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/7512cbdf-cf27-4a1f-bac8-9fcb14bf463e/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10493.json b/2024/10xxx/CVE-2024-10493.json index 55a1534917f..e675ee3fc30 100644 --- a/2024/10xxx/CVE-2024-10493.json +++ b/2024/10xxx/CVE-2024-10493.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10493", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "5.10.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/2e7f7196-054b-4cfd-9219-c60bb8275e8d/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/2e7f7196-054b-4cfd-9219-c60bb8275e8d/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10510.json b/2024/10xxx/CVE-2024-10510.json index c6537311a79..07dd14be4a8 100644 --- a/2024/10xxx/CVE-2024-10510.json +++ b/2024/10xxx/CVE-2024-10510.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10510", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The adBuddy+ (AdBlocker Detection) by NetfunkDesign WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "adBuddy+ (AdBlocker Detection) by NetfunkDesign", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "semver", + "version": "0", + "lessThanOrEqual": "1.1.3" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/ca499752-b516-42e7-8c2f-18e4428a92c7/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/ca499752-b516-42e7-8c2f-18e4428a92c7/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Vuln Seeker Cybersecurity Team" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10896.json b/2024/10xxx/CVE-2024-10896.json index 7a2321a303a..616cc4c22aa 100644 --- a/2024/10xxx/CVE-2024-10896.json +++ b/2024/10xxx/CVE-2024-10896.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10896", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Logo Slider", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/1304c2b6-922d-455e-bae8-d6bf855eddd9/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/1304c2b6-922d-455e-bae8-d6bf855eddd9/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11742.json b/2024/11xxx/CVE-2024-11742.json index 17117830953..b75d21ae342 100644 --- a/2024/11xxx/CVE-2024-11742.json +++ b/2024/11xxx/CVE-2024-11742.json @@ -95,6 +95,10 @@ ] }, "credits": [ + { + "lang": "en", + "value": "Yasser Alshammari" + }, { "lang": "en", "value": "YasserREED (VulDB User)" diff --git a/2024/11xxx/CVE-2024-11743.json b/2024/11xxx/CVE-2024-11743.json index 2b65ab46c36..e7f0ee9ddec 100644 --- a/2024/11xxx/CVE-2024-11743.json +++ b/2024/11xxx/CVE-2024-11743.json @@ -95,6 +95,10 @@ ] }, "credits": [ + { + "lang": "en", + "value": "Yasser Alshammari" + }, { "lang": "en", "value": "YasserREED (VulDB User)" diff --git a/2024/11xxx/CVE-2024-11860.json b/2024/11xxx/CVE-2024-11860.json index 1bbe230df29..04639aee7e2 100644 --- a/2024/11xxx/CVE-2024-11860.json +++ b/2024/11xxx/CVE-2024-11860.json @@ -100,6 +100,10 @@ ] }, "credits": [ + { + "lang": "en", + "value": "Yasser Alshammari" + }, { "lang": "en", "value": "YasserREED (VulDB User)" diff --git a/2024/11xxx/CVE-2024-11954.json b/2024/11xxx/CVE-2024-11954.json new file mode 100644 index 00000000000..a8fad339c39 --- /dev/null +++ b/2024/11xxx/CVE-2024-11954.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11954", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11955.json b/2024/11xxx/CVE-2024-11955.json new file mode 100644 index 00000000000..c28449eb60f --- /dev/null +++ b/2024/11xxx/CVE-2024-11955.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11955", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11956.json b/2024/11xxx/CVE-2024-11956.json new file mode 100644 index 00000000000..7ce7ed32b2b --- /dev/null +++ b/2024/11xxx/CVE-2024-11956.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11956", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9076.json b/2024/9xxx/CVE-2024-9076.json index 2384ad7b995..eb8229d3414 100644 --- a/2024/9xxx/CVE-2024-9076.json +++ b/2024/9xxx/CVE-2024-9076.json @@ -11,11 +11,11 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in DedeCMS up to 5.7.115. It has been rated as critical. This issue affects some unknown processing of the file article_string_mix.php. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + "value": "A vulnerability was found in DedeCMS up to 5.7.115. It has been rated as critical. This issue affects some unknown processing of the file /dede/article_string_mix.php. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "deu", - "value": "Eine Schwachstelle wurde in DedeCMS bis 5.7.115 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei article_string_mix.php. Durch das Beeinflussen mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + "value": "Eine Schwachstelle wurde in DedeCMS bis 5.7.115 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /dede/article_string_mix.php. Durch das Beeinflussen mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ] }, @@ -29,6 +29,15 @@ "cweId": "CWE-78" } ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Command Injection", + "cweId": "CWE-77" + } + ] } ] }, @@ -84,26 +93,30 @@ { "lang": "en", "value": "Kuinyoe (VulDB User)" + }, + { + "lang": "en", + "value": "jiashenghe (VulDB User)" } ], "impact": { "cvss": [ { "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM" }, { "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.7, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM" }, { "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "baseScore": 5.8, + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] }