admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-03T00:55:25.394205+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-03 00:55:29 +00:00
parent b78dbabadc
commit 0a010ab794
54 changed files with 3175 additions and 222 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2021/CVE-2021-336xx/CVE-2021-33630.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-33630",
"sourceIdentifier": "securities@openeuler.org",
"published": "2024-01-18T15:15:08.653",
"lastModified": "2024-02-02T18:15:31.877",
"lastModified": "2024-02-03T00:15:43.983",
"vulnStatus": "Modified",
"descriptions": [
{
@ -132,6 +132,10 @@
"url": "http://www.openwall.com/lists/oss-security/2024/02/02/6",
"source": "securities@openeuler.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/02/9",
"source": "securities@openeuler.org"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e8b9bfa110896f95d602d8c98d5f9d67e41d78c",
"source": "securities@openeuler.org"

6
CVE-2021/CVE-2021-336xx/CVE-2021-33631.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-33631",
"sourceIdentifier": "securities@openeuler.org",
"published": "2024-01-18T15:15:08.860",
"lastModified": "2024-02-02T18:15:31.977",
"lastModified": "2024-02-03T00:15:44.090",
"vulnStatus": "Modified",
"descriptions": [
{
@ -146,6 +146,10 @@
"url": "http://www.openwall.com/lists/oss-security/2024/02/02/6",
"source": "securities@openeuler.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/02/9",
"source": "securities@openeuler.org"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c099c4fdc438014d5893629e70a8ba934433ee8",
"source": "securities@openeuler.org",

74
CVE-2023/CVE-2023-518xx/CVE-2023-51840.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51840",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.100",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-03T00:29:48.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "DoraCMS 2.1.8 es vulnerable al uso de claves criptogr\u00e1ficas codificadas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:html-js:doracms:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1FFA2258-7C76-482B-8076-AAD87B371A21"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/doramart/DoraCMS",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/doramart/DoraCMS/issues/262",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-51840.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-521xx/CVE-2023-52188.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-52188",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-01T10:15:09.040",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-03T00:39:01.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter allows Stored XSS.This issue affects Footer Putter: from n/a through 1.17.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Russell Jamieson Footer Putter permite XSS almacenado. Este problema afecta a Footer Putter: desde n/a hasta 1.17."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:russelljamieson:footer_putter:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.17",
"matchCriteriaId": "92083DF9-98E3-4832-AF67-743378B8A798"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/footer-putter/wordpress-footer-putter-plugin-1-17-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-521xx/CVE-2023-52189.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-52189",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-01T10:15:09.343",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-03T00:38:48.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jhayghost Ideal Interactive Map allows Stored XSS.This issue affects Ideal Interactive Map: from n/a through 1.2.4.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Jhayghost Ideal Interactive Map permite XSS almacenado. Este problema afecta a Ideal Interactive Map: desde n/a hasta 1.2.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jhayghost:ideal_interactive_map:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.4",
"matchCriteriaId": "0117D403-BA64-4888-8766-64F6B792F3D6"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ideal-interactive-map/wordpress-ideal-interactive-map-plugin-1-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-63xx/CVE-2023-6390.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-6390",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.467",
"lastModified": "2024-01-29T16:19:17.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-03T00:28:00.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack."
},
{
"lang": "es",
"value": "El complemento WordPress Users de WordPress hasta la versi\u00f3n 1.4 no tiene activada la verificaci\u00f3n CSRF al actualizar su configuraci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n los cambie mediante un ataque CSRF."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jonathonkemp:wordpress_users:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.0",
"matchCriteriaId": "BAD7A4FF-4673-4B38-A6A0-36D8063E3751"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://magos-securitas.com/txt/2023-6390.txt",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://wpscan.com/vulnerability/a0ca68d3-f885-46c9-9f6b-b77ad387d25d/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-63xx/CVE-2023-6391.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-6391",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.520",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T23:52:28.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack."
},
{
"lang": "es",
"value": "El complemento de WordPress Custom User CSS hasta la versi\u00f3n 0.2 no tiene activada la verificaci\u00f3n CSRF al actualizar su configuraci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n los cambie mediante un ataque CSRF."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jeremiahorem:custom_user_css:*:*:*:*:*:*:wordpress:*",
"versionEndIncluding": "0.2",
"matchCriteriaId": "09EB473C-7523-4F5B-90D1-66E9BB66A0E5"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://magos-securitas.com/txt/CVE-2023-6391.txt",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
},
{
"url": "https://wpscan.com/vulnerability/4098b18d-6ff3-462c-af05-48adb6599cf3/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-65xx/CVE-2023-6503.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-6503",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.587",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-03T00:27:48.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Plugin Lister WordPress plugin through 2.1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack."
},
{
"lang": "es",
"value": "El complemento de WordPress WP Plugin Lister hasta la versi\u00f3n 2.1.0 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta sanitizaci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador registrado agregue payloads XSS almacenados a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:paulgriffinpetty:wp_plugin_lister:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.0",
"matchCriteriaId": "AB271BC2-C10E-41B8-B8E3-41CBEEE0BBA8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://magos-securitas.com/txt/CVE-2023-6503.txt",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
},
{
"url": "https://wpscan.com/vulnerability/0d95de23-e8f6-4342-b19c-57cd22b2fee2/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-65xx/CVE-2023-6530.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-6530",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.637",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T23:50:49.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
},
{
"lang": "es",
"value": "El complemento de WordPress TJ Shortcodes hasta la versi\u00f3n 0.1.3 no valida ni escapa algunos de sus atributos de c\u00f3digo corto antes de devolverlos a una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el c\u00f3digo corto, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superiores realizar ataques de Cross-Site Scripting Almacenado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:theme-junkie:tj_shortcodes:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.1.3",
"matchCriteriaId": "83719B3C-3BCE-4422-8D58-B86E31B82366"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://research.cleantalk.org/cve-2023-6530-tj-shortcodes-stored-xss-poc/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/8e63bf7c-7827-4c4d-b0e3-66354b218bee/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-66xx/CVE-2023-6633.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-6633",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.687",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T23:49:18.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks"
},
{
"lang": "es",
"value": "El complemento de WordPress Site Notes hasta la versi\u00f3n 2.0.0 no tiene comprobaciones CSRF en algunas de sus funcionalidades, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas, como eliminar notas administrativas, a trav\u00e9s de ataques CSRF."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sidenotesproject:side_notes:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.0",
"matchCriteriaId": "3C1A562A-2BF1-4173-B8DF-BA9D2733ADCD"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/eb983d82-b894-41c5-b51f-94d4bba3ba39/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-69xx/CVE-2023-6946.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-6946",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.740",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-03T00:24:34.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack."
},
{
"lang": "es",
"value": "El complemento Autotitle para WordPress hasta la versi\u00f3n 1.0.3 no tiene activada la verificaci\u00f3n CSRF al actualizar su configuraci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n los cambie mediante un ataque CSRF."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:unalignedcode:autotitle:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.3",
"matchCriteriaId": "18F0CB66-4F24-432F-A67C-8CD4626E5A94"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://magos-securitas.com/txt/CVE-2023-6946",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
},
{
"url": "https://wpscan.com/vulnerability/54a00416-c7e3-44f3-8dd2-ed9e748055e6/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-70xx/CVE-2023-7074.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-7074",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.793",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-03T00:27:20.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack."
},
{
"lang": "es",
"value": "El complemento de WordPress WP SOCIAL BOOKMARK MENU hasta la versi\u00f3n 1.2 no tiene activada la verificaci\u00f3n CSRF al actualizar su configuraci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n los cambie mediante un ataque CSRF."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:giovambattistafazioli:wp_social_bookmark_menu:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2",
"matchCriteriaId": "B8A6D24D-C693-4382-8C4E-21ABAA326029"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://magos-securitas.com/txt/CVE-2023-7074.txt",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
},
{
"url": "https://wpscan.com/vulnerability/7906c349-97b0-4d82-aef0-97a1175ae88e/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-70xx/CVE-2023-7089.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-7089",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.840",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-03T00:27:31.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads."
},
{
"lang": "es",
"value": "El complemento Easy SVG Allow de WordPress hasta la versi\u00f3n 1.0 no sanitiza los archivos SVG cargados, lo que podr\u00eda permitir a los usuarios con un rol tan bajo como Autor cargar un SVG malicioso que contenga payloads XSS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:benjaminzekavica:easy_svg_support:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0",
"matchCriteriaId": "EE962879-BBDE-4FCF-B192-C164E564A454"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/3b8ba734-7764-4ab6-a7e2-8de55bd46bed/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-71xx/CVE-2023-7199.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-7199",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.897",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-03T00:24:17.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request"
},
{
"lang": "es",
"value": "Los complementos Relevanssi de WordPress anterior a 4.22.0 y Relevanssi Premium de WordPress anterior a 2.25.0 permite a cualquier usuario no autenticado leer borradores y publicaciones privadas a trav\u00e9s de una solicitud manipulada"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:relevanssi:relevanssi:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.25.0",
"matchCriteriaId": "2B407843-FBDD-441A-95AD-F2502DFF3E3E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/0c96a128-4473-41f5-82ce-94bba33ca4a3/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.relevanssi.com/release-notes/premium-2-25-free-4-22-release-notes/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Patch"
]
}
]
}

80
CVE-2024/CVE-2024-05xx/CVE-2024-0589.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2024-0589",
"sourceIdentifier": "security@devolutions.net",
"published": "2024-01-31T13:15:10.567",
"lastModified": "2024-01-31T14:05:19.990",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-03T00:19:14.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry.\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de cross site scripting (XSS) en la pesta\u00f1a de descripci\u00f3n general de la entrada en Devolutions Remote Desktop Manager 2023.3.36 y versiones anteriores en Windows permite a un atacante con acceso a una fuente de datos inyectar un script malicioso a trav\u00e9s de un input especialmente manipulado en una entrada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023.3.36.0",
"matchCriteriaId": "874D527D-63AD-47F1-8E42-11F73744DA26"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2024-0001/",
"source": "security@devolutions.net"
"source": "security@devolutions.net",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-10xx/CVE-2024-1026.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1026",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-30T01:15:59.693",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-03T00:28:11.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,14 +95,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cogites:ereserv:7.7.58:*:*:*:*:*:*:*",
"matchCriteriaId": "A101648E-3E32-4D66-B5FE-CECFFA2DEDED"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.252293",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252293",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-10xx/CVE-2024-1029.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1029",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-30T06:15:45.633",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-03T00:28:20.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,14 +95,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cogites:ereserv:7.7.58:*:*:*:*:*:*:*",
"matchCriteriaId": "A101648E-3E32-4D66-B5FE-CECFFA2DEDED"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.252302",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252302",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-11xx/CVE-2024-1113.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1113",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-31T20:15:45.140",
"lastModified": "2024-02-01T03:18:21.737",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-03T00:39:08.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadUnity of the file /application/index/controller/Unity.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252471."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en openBI hasta 1.0.8 y clasificada como cr\u00edtica. Esto afecta la funci\u00f3n uploadUnity del archivo /application/index/controller/Unity.php. La manipulaci\u00f3n del argumento file conduce a una carga sin restricciones. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-252471."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openbi:openbi:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0.8",
"matchCriteriaId": "80906DC4-0662-4638-876F-3E5B228116EF"
}
]
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/hPSx8li8LFfJ",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.252471",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252471",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2024/CVE-2024-11xx/CVE-2024-1114.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1114",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-31T20:15:45.367",
"lastModified": "2024-02-01T03:18:21.737",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-03T00:39:15.057",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function dlfile of the file /application/index/controller/Screen.php. The manipulation of the argument fileUrl leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252472."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en openBI hasta 1.0.8 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n dlfile del archivo /application/index/controller/Screen.php. La manipulaci\u00f3n del argumento fileUrl conduce a controles de acceso inadecuados. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252472."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +105,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openbi:openbi:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0.8",
"matchCriteriaId": "80906DC4-0662-4638-876F-3E5B228116EF"
}
]
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/9wv48TygKRxo",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.252472",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252472",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-11xx/CVE-2024-1115.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1115",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-31T20:15:45.590",
"lastModified": "2024-02-01T03:18:21.737",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-03T00:39:20.790",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function dlfile of the file /application/websocket/controller/Setting.php. The manipulation of the argument phpPath leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252473 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en openBI hasta 1.0.8. Ha sido clasificada como cr\u00edtica. La funci\u00f3n index del archivo /application/plugins/controller/Upload.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una carga sin restricciones. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-252474 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openbi:openbi:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0.8",
"matchCriteriaId": "80906DC4-0662-4638-876F-3E5B228116EF"
}
]
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/81JmiyogcYL7",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.252473",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252473",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-11xx/CVE-2024-1116.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1116",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-31T20:15:45.807",
"lastModified": "2024-02-01T03:18:21.737",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-03T00:39:25.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in openBI up to 1.0.8. It has been classified as critical. Affected is the function index of the file /application/plugins/controller/Upload.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252474 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en openBI hasta 1.0.8. Ha sido clasificada como cr\u00edtica. La funci\u00f3n index del archivo /application/plugins/controller/Upload.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una carga sin restricciones. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-252474 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openbi:openbi:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0.8",
"matchCriteriaId": "80906DC4-0662-4638-876F-3E5B228116EF"
}
]
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/uCElTQRGWVyw",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.252474",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252474",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-11xx/CVE-2024-1117.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1117",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-31T21:15:08.500",
"lastModified": "2024-02-01T03:18:21.737",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-03T00:39:47.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252475."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en openBI hasta 1.0.8. Ha sido declarada cr\u00edtica. La funci\u00f3n index del archivo /application/index/controller/Screen.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento fileurl conduce a la inyecci\u00f3n de c\u00f3digo. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-252475."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openbi:openbi:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0.8",
"matchCriteriaId": "80906DC4-0662-4638-876F-3E5B228116EF"
}
]
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/Liu1nbjddxu4",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.252475",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252475",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-11xx/CVE-2024-1196.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1196",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-02T22:15:25.997",
"lastModified": "2024-02-02T22:15:25.997",
"vulnStatus": "Received",
"lastModified": "2024-02-03T00:07:59.997",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

84
CVE-2024/CVE-2024-11xx/CVE-2024-1197.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2024-1197",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-02T23:15:08.420",
"lastModified": "2024-02-03T00:07:57.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-252695."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.252695",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252695",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-11xx/CVE-2024-1198.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1198",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-03T00:15:44.220",
"lastModified": "2024-02-03T00:15:44.220",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252696."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/qFXZZfp1NLa3",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252696",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252696",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-11xx/CVE-2024-1199.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1199",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-03T00:15:44.447",
"lastModified": "2024-02-03T00:15:44.447",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \\employee-tasks-php\\attendance-info.php. The manipulation of the argument aten_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252697 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"references": [
{
"url": "https://docs.qq.com/doc/DYnhIWEdkZXViTXdD",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252697",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252697",
"source": "cna@vuldb.com"
}
]
}

51
CVE-2024/CVE-2024-217xx/CVE-2024-21750.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21750",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-01T10:15:11.880",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-03T00:41:15.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Scribit Shortcodes Finder permite XSS reflejado. Este problema afecta a Shortcodes Finder: desde n/a hasta 1.5.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:scribit:shortcodes_finder:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.5",
"matchCriteriaId": "6C47010F-D73A-4950-A2B8-EACAB61CB308"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/shortcodes-finder/wordpress-shortcodes-finder-plugin-1-5-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-221xx/CVE-2024-22140.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22140",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T14:15:49.653",
"lastModified": "2024-01-31T14:28:47.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-03T00:18:43.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Cozmoslabs Profile Builder Pro. Este problema afecta a Profile Builder Pro: desde n/a hasta 3.10.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.10.0",
"matchCriteriaId": "AFFF2152-4BE0-4896-978B-DDF6AD396A5F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/profile-builder-pro/wordpress-profile-builder-pro-plugin-3-10-0-csrf-leading-to-account-takeover-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-221xx/CVE-2024-22143.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22143",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T13:15:11.093",
"lastModified": "2024-01-31T14:05:19.990",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-03T00:24:07.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check.This issue affects WP Spell Check: from n/a through 9.17.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WP Spell Check. Este problema afecta a WP Spell Check: desde n/a hasta 9.17."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpspellcheck:wpspellcheck:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "9.17",
"matchCriteriaId": "7F6096A0-4048-46A9-B0F2-F70EA2BE0E02"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-spell-check/wordpress-wp-spell-check-plugin-9-17-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-221xx/CVE-2024-22148.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22148",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-01T10:15:12.223",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-03T00:30:56.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en WP Smart Editor JoomUnited permite XSS reflejado. Este problema afecta a JoomUnited: desde n/a hasta 1.3.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joomunited:wp-smart-editor:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.3",
"matchCriteriaId": "37D9AD7D-71ED-4878-AC8E-2562CB9B11FC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-smart-editor/wordpress-wp-smart-editor-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-222xx/CVE-2024-22285.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22285",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T13:15:11.307",
"lastModified": "2024-01-31T14:05:19.990",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-03T00:22:41.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Elise Bosse Frontpage Manager.This issue affects Frontpage Manager: from n/a through 1.3.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Elise Bosse Frontpage Manager. Este problema afecta a Frontpage Manager: desde n/a hasta 1.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elisebosse:frontpage_manager:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3",
"matchCriteriaId": "58B489C8-0CDE-4B4D-B2E2-B3B81A5B6BC3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/frontpage-manager/wordpress-frontpage-manager-plugin-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-222xx/CVE-2024-22291.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22291",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T13:15:11.500",
"lastModified": "2024-01-31T14:05:19.990",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-03T00:22:08.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Browser Theme Color.This issue affects Browser Theme Color: from n/a through 1.3.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Marco Milesi Browser Theme Color. Este problema afecta a Browser Theme Color: desde n/a hasta 1.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:marcomilesi:browser_theme_color:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3",
"matchCriteriaId": "25CAF588-86B1-44D3-AAE0-23C08B3C19EC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/browser-theme-color/wordpress-browser-theme-color-plugin-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-223xx/CVE-2024-22304.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22304",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T13:15:11.690",
"lastModified": "2024-01-31T14:05:19.990",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-03T00:21:59.163",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Borbis Media FreshMail For WordPress.This issue affects FreshMail For WordPress: from n/a through 2.3.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Borbis Media FreshMail para WordPress. Este problema afecta a FreshMail para WordPress: desde n/a hasta 2.3.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:borbis:freshmail_for_wordpress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3.2",
"matchCriteriaId": "B635D748-7FA1-4F02-A9B2-1C0C2321C835"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/freshmail-integration/wordpress-freshmail-for-wordpress-plugin-2-3-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-224xx/CVE-2024-22430.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22430",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-01T10:15:12.533",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-03T00:30:48.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service.\n\n"
},
{
"lang": "es",
"value": "Dell PowerScale OneFS versiones 8.2.x a 9.6.0.x contiene una vulnerabilidad de permisos predeterminados incorrectos. Un usuario malintencionado local con privilegios bajos podr\u00eda explotar esta vulnerabilidad y provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndExcluding": "9.6.1",
"matchCriteriaId": "D76B2773-3D7B-4F59-BD4C-04D612D63EFF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000221707/dsa-2024-028-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-224xx/CVE-2024-22449.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22449",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-01T10:15:12.890",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-03T00:30:30.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access.\n\n"
},
{
"lang": "es",
"value": "Dell PowerScale OneFS versiones 9.0.0.x a 9.6.0.x contiene una autenticaci\u00f3n faltante para una vulnerabilidad de funci\u00f3n cr\u00edtica. Un usuario malicioso local con pocos privilegios podr\u00eda explotar esta vulnerabilidad para obtener acceso elevado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.6.1",
"matchCriteriaId": "4CF9CC24-C248-47D2-B817-BFC142A51649"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000221707/dsa-2024-028-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-225xx/CVE-2024-22570.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22570",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.420",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T23:32:46.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Una vulnerabilidad de cross site scripting (XSS) almacenado en /install.php?m=install&c=index&a=step3 de GreenCMS v2.3 permite a los atacantes ejecutar scripts web o HTML de su elecci\u00f3n a trav\u00e9s de un payload manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:njtech:greencms:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7271D633-9BD0-4E2B-BA69-E732E3E19D43"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Num-Nine/CVE/issues/11",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
}
]
}

64
CVE-2024/CVE-2024-226xx/CVE-2024-22643.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22643",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T07:15:07.950",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-03T00:28:40.073",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en SEO Panel versi\u00f3n 4.10.0 permite a atacantes remotos realizar restablecimientos de contrase\u00f1as de usuarios no autorizados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:seopanel:seo_panel:4.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350449E5-46CB-44C7-B30E-CCC406D4C097"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22643",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-226xx/CVE-2024-22646.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22646",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T07:15:08.027",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-03T00:28:48.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Existe una vulnerabilidad de enumeraci\u00f3n de direcciones de correo electr\u00f3nico en la funci\u00f3n de restablecimiento de contrase\u00f1a de SEO Panel versi\u00f3n 4.10.0. Esto permite a un atacante adivinar qu\u00e9 correos electr\u00f3nicos existen en el sistema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:seopanel:seo_panel:4.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350449E5-46CB-44C7-B30E-CCC406D4C097"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22646",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-226xx/CVE-2024-22647.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22647",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T07:15:08.103",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-03T00:29:11.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Se encontr\u00f3 una vulnerabilidad de enumeraci\u00f3n de usuarios en SEO Panel 4.10.0. Este problema ocurre durante la autenticaci\u00f3n del usuario, donde una diferencia en los mensajes de error podr\u00eda permitir a un atacante determinar si un nombre de usuario es v\u00e1lido o no, lo que permitir\u00eda un ataque de fuerza bruta con nombres de usuario v\u00e1lidos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:seopanel:seo_panel:4.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350449E5-46CB-44C7-B30E-CCC406D4C097"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22647",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-226xx/CVE-2024-22648.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22648",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T07:15:08.200",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-03T00:29:29.850",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Existe una vulnerabilidad de Blind SSRF en la funcionalidad \"Crawl Meta Data\" de SEO Panel versi\u00f3n 4.10.0. Esto hace posible que atacantes remotos escaneen puertos en el entorno local."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:seopanel:seo_panel:4.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350449E5-46CB-44C7-B30E-CCC406D4C097"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22648",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-228xx/CVE-2024-22860.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22860",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-27T06:15:48.430",
"lastModified": "2024-01-29T14:25:30.223",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T23:38:02.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Vulnerabilidad de desbordamiento de enteros en FFmpeg anterior a n6.1, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente jpegxl_anim_read_packet en el decodificador de animaci\u00f3n JPEG XL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"matchCriteriaId": "54E3D89D-E427-413B-A8E1-C9ED6D2409F3"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61991",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://github.com/FFmpeg/FFmpeg/commit/d2e8974699a9e35cc1a926bf74a972300d629cd5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

64
CVE-2024/CVE-2024-228xx/CVE-2024-22861.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22861",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-27T07:15:07.603",
"lastModified": "2024-01-29T14:25:30.223",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T23:38:20.193",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Vulnerabilidad de desbordamiento de enteros en FFmpeg anterior a n6.1, permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s del m\u00f3dulo avcodec/osq."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"matchCriteriaId": "54E3D89D-E427-413B-A8E1-C9ED6D2409F3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FFmpeg/FFmpeg/commit/87b8c1081959e45ffdcbabb3d53ac9882ef2b5ce",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

69
CVE-2024/CVE-2024-228xx/CVE-2024-22862.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22862",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-27T06:15:48.477",
"lastModified": "2024-01-29T14:25:30.223",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T23:38:28.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Vulnerabilidad de desbordamiento de enteros en FFmpeg anterior a n6.1, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de JJPEG XL Parser."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"matchCriteriaId": "54E3D89D-E427-413B-A8E1-C9ED6D2409F3"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62113",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://github.com/FFmpeg/FFmpeg/commit/ca09d8a0dcd82e3128e62463231296aaf63ae6f7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

74
CVE-2024/CVE-2024-229xx/CVE-2024-22938.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22938",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T01:16:00.077",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-03T00:30:37.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "La vulnerabilidad de permisos inseguros en BossCMS v.1.3.0 permite a un atacante local ejecutar c\u00f3digo arbitrario y escalar privilegios a trav\u00e9s de la funci\u00f3n init en el componente admin.class.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bosscms:bosscms:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "700607F2-A251-4B79-B171-EA976C32A8B9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/n0Sleeper/bosscmsVuln",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/n0Sleeper/bosscmsVuln/issues/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.bosscms.net/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

68
CVE-2024/CVE-2024-240xx/CVE-2024-24059.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-24059",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-01T14:15:56.230",
"lastModified": "2024-02-01T18:52:12.257",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-03T00:40:43.793",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files."
},
{
"lang": "es",
"value": "springboot-manager v1.6 es vulnerable a la carga arbitraria de archivos. El sistema no filtra los sufijos de los archivos cargados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aitangbao:springboot-manager:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2EA983-4032-48C6-987F-7B09397F2E38"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#2-file-upload-vulnerability",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-240xx/CVE-2024-24060.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-24060",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-01T14:15:56.283",
"lastModified": "2024-02-01T18:52:09.930",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-03T00:40:48.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user."
},
{
"lang": "es",
"value": "springboot-manager v1.6 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de /sys/user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aitangbao:springboot-manager:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2EA983-4032-48C6-987F-7B09397F2E38"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#11-stored-cross-site-scripting-sysuser",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-240xx/CVE-2024-24061.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-24061",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-01T14:15:56.333",
"lastModified": "2024-02-01T18:52:07.677",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-03T00:40:50.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add."
},
{
"lang": "es",
"value": "springboot-manager v1.6 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de /sysContent/add."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aitangbao:springboot-manager:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2EA983-4032-48C6-987F-7B09397F2E38"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#13-stored-cross-site-scripting-syscontentadd",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-240xx/CVE-2024-24062.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-24062",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-01T14:15:56.380",
"lastModified": "2024-02-01T18:52:05.193",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-03T00:40:52.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role."
},
{
"lang": "es",
"value": "springboot-manager v1.6 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de /sys/role."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aitangbao:springboot-manager:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2EA983-4032-48C6-987F-7B09397F2E38"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#12-stored-cross-site-scripting-sysrole",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-241xx/CVE-2024-24134.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24134",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T19:15:08.940",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-03T00:29:40.210",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Sourcecodester Online Food Menu 1.0 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de los campos 'Menu Name' y 'Description' en la secci\u00f3n Update Menu."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rems:online_food_menu:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90AFB5DB-217A-48FC-A899-D06F90AD3C82"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BurakSevben/2024_Online_Food_Menu_XSS/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-241xx/CVE-2024-24136.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24136",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.467",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T23:32:58.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "El campo 'Your Name' en la secci\u00f3n Submit Score de Sourcecodester Math Game con Leaderboard v1.0 es vulnerable a ataques de Cross-Site Scripting (XSS)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:remyandrade:math_game:1.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "89267872-5FB2-4157-90A3-8CD6FCB1DFF6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BurakSevben/2024_Math_Game_XSS",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-241xx/CVE-2024-24139.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24139",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.517",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T23:36:37.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "El sistema de inicio de sesi\u00f3n Sourcecodester Login System with Email Verification 1.0 permite la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'user'."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:remyandrade:login_system_with_email_verification:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B9B4D9-046F-4057-BED8-0AC09160C899"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BurakSevben/Login_System_with_Email_Verification_SQL_Injection/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-241xx/CVE-2024-24140.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24140",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.557",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T23:36:15.563",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "La aplicaci\u00f3n Sourcecodester Daily Habit Tracker 1.0 permite la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'tracker'."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:remyandrade:daily_habit_tracker:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90CBBC5D-B0F2-4BC3-8306-984E7B239BE7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BurakSevben/Daily_Habit_Tracker_App_SQL_Injection",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-241xx/CVE-2024-24141.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24141",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T20:15:15.600",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T23:36:54.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "La aplicaci\u00f3n Sourcecodester School Task Manager 1.0 permite la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'task'."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:remyandrade:school_task_manager:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "912FFDF4-5A9C-4E91-AD6F-3AA762CE409E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BurakSevben/School-Task-Manager-System-SQLi-1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

51
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-02T23:00:24.138974+00:00
2024-02-03T00:55:25.394205+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-02T22:15:25.997000+00:00
2024-02-03T00:41:15.460000+00:00
```
### Last Data Feed Release
@ -29,32 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237486
237489
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `3`
* [CVE-2024-1193](CVE-2024/CVE-2024-11xx/CVE-2024-1193.json) (`2024-02-02T21:15:08.113`)
* [CVE-2024-1194](CVE-2024/CVE-2024-11xx/CVE-2024-1194.json) (`2024-02-02T21:15:08.413`)
* [CVE-2024-23553](CVE-2024/CVE-2024-235xx/CVE-2024-23553.json) (`2024-02-02T21:15:08.647`)
* [CVE-2024-1195](CVE-2024/CVE-2024-11xx/CVE-2024-1195.json) (`2024-02-02T22:15:25.757`)
* [CVE-2024-1196](CVE-2024/CVE-2024-11xx/CVE-2024-1196.json) (`2024-02-02T22:15:25.997`)
* [CVE-2024-1197](CVE-2024/CVE-2024-11xx/CVE-2024-1197.json) (`2024-02-02T23:15:08.420`)
* [CVE-2024-1198](CVE-2024/CVE-2024-11xx/CVE-2024-1198.json) (`2024-02-03T00:15:44.220`)
* [CVE-2024-1199](CVE-2024/CVE-2024-11xx/CVE-2024-1199.json) (`2024-02-03T00:15:44.447`)
### CVEs modified in the last Commit
Recently modified CVEs: `8`
Recently modified CVEs: `50`
* [CVE-2023-37527](CVE-2023/CVE-2023-375xx/CVE-2023-37527.json) (`2024-02-02T21:13:53.920`)
* [CVE-2024-1186](CVE-2024/CVE-2024-11xx/CVE-2024-1186.json) (`2024-02-02T21:13:53.920`)
* [CVE-2024-23635](CVE-2024/CVE-2024-236xx/CVE-2024-23635.json) (`2024-02-02T21:13:53.920`)
* [CVE-2024-24560](CVE-2024/CVE-2024-245xx/CVE-2024-24560.json) (`2024-02-02T21:13:53.920`)
* [CVE-2024-1187](CVE-2024/CVE-2024-11xx/CVE-2024-1187.json) (`2024-02-02T21:13:53.920`)
* [CVE-2024-1188](CVE-2024/CVE-2024-11xx/CVE-2024-1188.json) (`2024-02-02T21:13:53.920`)
* [CVE-2024-1189](CVE-2024/CVE-2024-11xx/CVE-2024-1189.json) (`2024-02-02T21:13:53.920`)
* [CVE-2024-1190](CVE-2024/CVE-2024-11xx/CVE-2024-1190.json) (`2024-02-02T21:13:53.920`)
* [CVE-2024-22304](CVE-2024/CVE-2024-223xx/CVE-2024-22304.json) (`2024-02-03T00:21:59.163`)
* [CVE-2024-22291](CVE-2024/CVE-2024-222xx/CVE-2024-22291.json) (`2024-02-03T00:22:08.697`)
* [CVE-2024-22285](CVE-2024/CVE-2024-222xx/CVE-2024-22285.json) (`2024-02-03T00:22:41.607`)
* [CVE-2024-22143](CVE-2024/CVE-2024-221xx/CVE-2024-22143.json) (`2024-02-03T00:24:07.510`)
* [CVE-2024-1026](CVE-2024/CVE-2024-10xx/CVE-2024-1026.json) (`2024-02-03T00:28:11.273`)
* [CVE-2024-1029](CVE-2024/CVE-2024-10xx/CVE-2024-1029.json) (`2024-02-03T00:28:20.230`)
* [CVE-2024-22643](CVE-2024/CVE-2024-226xx/CVE-2024-22643.json) (`2024-02-03T00:28:40.073`)
* [CVE-2024-22646](CVE-2024/CVE-2024-226xx/CVE-2024-22646.json) (`2024-02-03T00:28:48.987`)
* [CVE-2024-22647](CVE-2024/CVE-2024-226xx/CVE-2024-22647.json) (`2024-02-03T00:29:11.063`)
* [CVE-2024-22648](CVE-2024/CVE-2024-226xx/CVE-2024-22648.json) (`2024-02-03T00:29:29.850`)
* [CVE-2024-24134](CVE-2024/CVE-2024-241xx/CVE-2024-24134.json) (`2024-02-03T00:29:40.210`)
* [CVE-2024-22449](CVE-2024/CVE-2024-224xx/CVE-2024-22449.json) (`2024-02-03T00:30:30.737`)
* [CVE-2024-22938](CVE-2024/CVE-2024-229xx/CVE-2024-22938.json) (`2024-02-03T00:30:37.107`)
* [CVE-2024-22430](CVE-2024/CVE-2024-224xx/CVE-2024-22430.json) (`2024-02-03T00:30:48.593`)
* [CVE-2024-22148](CVE-2024/CVE-2024-221xx/CVE-2024-22148.json) (`2024-02-03T00:30:56.520`)
* [CVE-2024-1113](CVE-2024/CVE-2024-11xx/CVE-2024-1113.json) (`2024-02-03T00:39:08.927`)
* [CVE-2024-1114](CVE-2024/CVE-2024-11xx/CVE-2024-1114.json) (`2024-02-03T00:39:15.057`)
* [CVE-2024-1115](CVE-2024/CVE-2024-11xx/CVE-2024-1115.json) (`2024-02-03T00:39:20.790`)
* [CVE-2024-1116](CVE-2024/CVE-2024-11xx/CVE-2024-1116.json) (`2024-02-03T00:39:25.920`)
* [CVE-2024-1117](CVE-2024/CVE-2024-11xx/CVE-2024-1117.json) (`2024-02-03T00:39:47.597`)
* [CVE-2024-24059](CVE-2024/CVE-2024-240xx/CVE-2024-24059.json) (`2024-02-03T00:40:43.793`)
* [CVE-2024-24060](CVE-2024/CVE-2024-240xx/CVE-2024-24060.json) (`2024-02-03T00:40:48.600`)
* [CVE-2024-24061](CVE-2024/CVE-2024-240xx/CVE-2024-24061.json) (`2024-02-03T00:40:50.623`)
* [CVE-2024-24062](CVE-2024/CVE-2024-240xx/CVE-2024-24062.json) (`2024-02-03T00:40:52.877`)
* [CVE-2024-21750](CVE-2024/CVE-2024-217xx/CVE-2024-21750.json) (`2024-02-03T00:41:15.460`)
## Download and Usage