admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-05-21 10:00:32 +00:00
parent 43b063f1d0
commit e95a59c7cb
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
8 changed files with 538 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
2023/3xxx/CVE-2023-3938.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3938",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerability@kaspersky.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker \n to authenticate under any user from the device database.This issue affects ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25 and possibly others"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ZkTeco",
"product": {
"product_data": [
{
"product_name": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.8.25"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-001.md",
"refsource": "MISC",
"name": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-001.md"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "The vulnerability was discovered by Alexander Zaytsev from Kaspersky"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

84
2023/3xxx/CVE-2023-3939.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3939",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerability@kaspersky.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Injection. \nSince all the found command implementations are executed from the superuser, their impact is the maximum possible.\nThis issue affects ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ZkTeco",
"product": {
"product_data": [
{
"product_name": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.8.25-7354-Ver1.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md",
"refsource": "MISC",
"name": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Georgy Kiguradze from Kaspersky"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

87
2024/4xxx/CVE-2024-4435.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4435",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When storing unbounded types in a BTreeMap, a node is represented as a linked list of \"memory chunks\". It was discovered recently that when we deallocate a node, in some cases only the first memory chunk is deallocated, and the rest of the memory chunks remain (incorrectly) allocated, causing a memory leak. In the worst case, depending on how a canister uses the BTreeMap, an adversary could interact with the canister through its API and trigger interactions with the map that keep consuming memory due to the memory leak. This could potentially lead to using an excessive amount of memory, or even running out of memory.\n\nThis issue has been fixed in #212 https://github.com/dfinity/stable-structures/pull/212 \u00a0by changing the logic for deallocating nodes to ensure that all of a node's memory chunks are deallocated and users are asked to upgrade to version 0.6.4.. Tests have been added to prevent regressions of this nature moving forward. Note:\u00a0Users of stable-structure < 0.6.0 are not affected.\n\nUsers who are not storing unbounded types in BTreeMap\u00a0are not affected and do not need to upgrade. Otherwise, an upgrade to version 0.6.4\u00a0is necessary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Missing Release of Memory after Effective Lifetime",
"cweId": "CWE-401"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Internet Computer",
"product": {
"product_data": [
{
"product_name": "ic-stable-structures",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.6.0",
"version_value": "0.6.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/dfinity/stable-structures/pull/212",
"refsource": "MISC",
"name": "https://github.com/dfinity/stable-structures/pull/212"
},
{
"url": "https://docs.rs/ic-stable-structures/0.6.4/ic_stable_structures/",
"refsource": "MISC",
"name": "https://docs.rs/ic-stable-structures/0.6.4/ic_stable_structures/"
},
{
"url": "https://internetcomputer.org/docs/current/developer-docs/smart-contracts/maintain/storage#stable-memory",
"refsource": "MISC",
"name": "https://internetcomputer.org/docs/current/developer-docs/smart-contracts/maintain/storage#stable-memory"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

80
2024/4xxx/CVE-2024-4553.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4553",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_members' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gn_themes",
"product": {
"product_data": [
{
"product_name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "7.1.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d8db8ed5-ebeb-4102-928f-fe417e429ad2?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d8db8ed5-ebeb-4102-928f-fe417e429ad2?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/tags/7.1.4/includes/shortcodes/members.php#L83",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/tags/7.1.4/includes/shortcodes/members.php#L83"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3084162/#file524",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3084162/#file524"
}
]
},
"credits": [
{
"lang": "en",
"value": "wesley"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

105
2024/4xxx/CVE-2024-4695.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4695",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "moveaddons",
"product": {
"product_data": [
{
"product_name": "Move Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72662a59-f41c-4df7-aa04-7243ff43c48d?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72662a59-f41c-4df7-aa04-7243ff43c48d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/move-addons/trunk/includes/widgets/data-table/widget.php#L836",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/move-addons/trunk/includes/widgets/data-table/widget.php#L836"
},
{
"url": "https://plugins.trac.wordpress.org/browser/move-addons/trunk/includes/widgets/team-member/widget.php#L1464",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/move-addons/trunk/includes/widgets/team-member/widget.php#L1464"
},
{
"url": "https://plugins.trac.wordpress.org/browser/move-addons/trunk/includes/widgets/event-calendar/widget.php#L932",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/move-addons/trunk/includes/widgets/event-calendar/widget.php#L932"
},
{
"url": "https://plugins.trac.wordpress.org/browser/move-addons/trunk/includes/widgets/mailchimp/widget.php#L728",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/move-addons/trunk/includes/widgets/mailchimp/widget.php#L728"
},
{
"url": "https://plugins.trac.wordpress.org/browser/move-addons/trunk/includes/widgets/user-login/widget.php#L1146",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/move-addons/trunk/includes/widgets/user-login/widget.php#L1146"
},
{
"url": "https://plugins.trac.wordpress.org/browser/move-addons/trunk/includes/widgets/shop-product-grid/widget.php#L1203",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/move-addons/trunk/includes/widgets/shop-product-grid/widget.php#L1203"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3088859/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3088859/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Matthew Rollings"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

85
2024/4xxx/CVE-2024-4700.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4700",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WP Table Builder \u2013 WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button element in all versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure WP Table Builder can be extended to contributors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wptb",
"product": {
"product_data": [
{
"product_name": "WP Table Builder \u2013 WordPress Table Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.4.14"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/20cd08ac-826f-40dd-804a-546b0c334b66?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/20cd08ac-826f-40dd-804a-546b0c334b66?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-table-builder/trunk/inc/admin/element-classes/elements/button-element.php#L343",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp-table-builder/trunk/inc/admin/element-classes/elements/button-element.php#L343"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3088612/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3088612/"
},
{
"url": "https://wordpress.org/plugins/wp-table-builder/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/wp-table-builder/#developers"
}
]
},
"credits": [
{
"lang": "en",
"value": "Tim Coen"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

18
2024/5xxx/CVE-2024-5165.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5165",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/5xxx/CVE-2024-5166.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5166",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}