admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-06-11T16:00:23.615313+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-06-11 16:03:15 +00:00
parent 2873a6ef44
commit 19d00c4517
80 changed files with 3686 additions and 372 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CVE-2019/CVE-2019-250xx/CVE-2019-25038.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-25038",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-04-27T06:15:07.643",
"lastModified": "2024-05-17T01:36:38.603",
"lastModified": "2024-06-11T15:15:52.423",
"vulnStatus": "Modified",
"descriptions": [
{

2
CVE-2020/CVE-2020-214xx/CVE-2020-21468.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-21468",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-09-20T16:15:09.507",
"lastModified": "2024-05-17T01:45:12.040",
"lastModified": "2024-06-11T15:15:52.617",
"vulnStatus": "Modified",
"descriptions": [
{

2
CVE-2021/CVE-2021-335xx/CVE-2021-33558.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-33558",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-05-27T11:15:07.373",
"lastModified": "2024-05-17T01:57:59.320",
"lastModified": "2024-06-11T15:15:52.823",
"vulnStatus": "Modified",
"descriptions": [
{

2
CVE-2021/CVE-2021-33xx/CVE-2021-3349.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-3349",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-02-01T05:15:11.880",
"lastModified": "2024-05-17T02:00:23.467",
"lastModified": "2024-06-11T15:15:52.970",
"vulnStatus": "Modified",
"descriptions": [
{

54
CVE-2022/CVE-2022-402xx/CVE-2022-40225.json
View File

@ -2,14 +2,58 @@
"id": "CVE-2022-40225",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-11-10T22:15:14.987",
"lastModified": "2023-11-07T03:52:13.127",
"vulnStatus": "Rejected",
"lastModified": "2024-06-11T15:15:53.253",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
"value": "A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). Casting an internal value could lead to floating point exception under certain circumstances. This could allow an attacker to cause a denial of service condition on affected devices."
},
{
"lang": "es",
"value": "**RECHAZADA** NO UTILICE ESTE N\u00daMERO DE CANDIDATO. ID de consulta: ninguno. Motivo: Este candidato fue retirado por su CNA. Una investigaci\u00f3n m\u00e1s exhaustiva demostr\u00f3 que no se trataba de un problema de seguridad. Notas: ninguna."
}
],
"metrics": {},
"references": []
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-681"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-337522.html",
"source": "productcert@siemens.com"
}
]
}

55
CVE-2023/CVE-2023-237xx/CVE-2023-23775.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23775",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-11T15:15:53.723",
"lastModified": "2024-06-11T15:15:53.723",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple improper neutralization of special elements used in\u00a0SQL commands ('SQL Injection') vulnerabilities [CWE-89] in FortiSOAR\u00a07.2.0 and before 7.0.3 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-448",
"source": "psirt@fortinet.com"
}
]
}

2
CVE-2023/CVE-2023-269xx/CVE-2023-26980.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26980",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-14T13:15:07.937",
"lastModified": "2024-05-17T02:21:21.540",
"lastModified": "2024-06-11T15:15:53.983",
"vulnStatus": "Modified",
"descriptions": [
{

2
CVE-2023/CVE-2023-460xx/CVE-2023-46052.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46052",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T06:15:10.403",
"lastModified": "2024-05-17T02:29:59.510",
"lastModified": "2024-06-11T15:15:54.980",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

55
CVE-2023/CVE-2023-467xx/CVE-2023-46720.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46720",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-11T15:15:55.087",
"lastModified": "2024-06-11T15:15:55.087",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-356",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2023/CVE-2023-514xx/CVE-2023-51498.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51498",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T15:15:55.470",
"lastModified": "2024-06-11T15:15:55.470",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Woo WooCommerce Canada Post Shipping.This issue affects WooCommerce Canada Post Shipping: from n/a through 2.8.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-shipping-canada-post/wordpress-woocommerce-canada-post-shipping-plugin-2-8-3-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-521xx/CVE-2023-52183.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-52183",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T14:15:10.227",
"lastModified": "2024-06-11T14:15:10.227",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-migration-duplicator/wordpress-wordpress-backup-migration-plugin-1-4-3-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-521xx/CVE-2023-52199.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-52199",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T15:15:55.737",
"lastModified": "2024-06-11T15:15:55.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Matthias Pfefferle & Automattic ActivityPub.This issue affects ActivityPub: from n/a through 1.0.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/activitypub/wordpress-activitypub-plugin-1-0-5-unauthenticated-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

14
CVE-2024/CVE-2024-206xx/CVE-2024-20666.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20666",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-09T18:15:50.057",
"lastModified": "2024-01-14T22:46:45.707",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T15:15:56.487",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -48,6 +48,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-206xx/CVE-2024-20672.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20672",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-09T18:15:50.243",
"lastModified": "2024-01-14T22:48:45.253",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T15:15:56.723",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -48,6 +48,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-206xx/CVE-2024-20673.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20673",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-13T18:15:47.557",
"lastModified": "2024-02-22T15:29:57.733",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T15:15:56.927",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -48,6 +48,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"configurations": [

12
CVE-2024/CVE-2024-206xx/CVE-2024-20674.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-20674",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-09T18:15:50.473",
"lastModified": "2024-05-28T21:16:12.367",
"lastModified": "2024-06-11T15:15:57.087",
"vulnStatus": "Modified",
"descriptions": [
{
@ -48,6 +48,16 @@
"value": "CWE-290"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-305"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-206xx/CVE-2024-20675.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20675",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-11T21:15:13.073",
"lastModified": "2024-01-18T19:14:08.637",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T15:15:57.287",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -48,6 +48,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-206xx/CVE-2024-20699.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20699",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-09T18:15:53.490",
"lastModified": "2024-01-14T21:57:27.553",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T15:15:58.073",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -48,6 +48,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"configurations": [

59
CVE-2024/CVE-2024-20xx/CVE-2024-2011.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-2011",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2024-06-11T14:15:11.050",
"lastModified": "2024-06-11T14:15:11.050",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that\nif exploited will generally lead to a denial of service but can be used \nto execute arbitrary code, which is usually outside the scope of a\nprogram's implicit security policy"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
},
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
}
]
}

55
CVE-2024/CVE-2024-20xx/CVE-2024-2012.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-2012",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2024-06-11T14:15:11.273",
"lastModified": "2024-06-11T14:15:11.273",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or \ncode to be executed on the UNEM server allowing sensitive data to \nbe read or modified or could cause other unintended behavior"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
}
]
}

55
CVE-2024/CVE-2024-20xx/CVE-2024-2013.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-2013",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2024-06-11T14:15:11.503",
"lastModified": "2024-06-11T14:15:11.503",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /\nAPI Gateway component that if exploited allows attackers without \nany access to interact with the services and the post-authentication \nattack surface."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
}
]
}

14
CVE-2024/CVE-2024-213xx/CVE-2024-21304.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21304",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-13T18:15:48.233",
"lastModified": "2024-02-27T18:04:06.027",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T15:15:58.253",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -48,6 +48,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-213xx/CVE-2024-21305.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21305",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-09T18:15:53.940",
"lastModified": "2024-01-12T18:48:04.967",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T15:15:58.433",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -48,6 +48,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-213xx/CVE-2024-21306.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21306",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-09T18:15:54.120",
"lastModified": "2024-01-12T18:47:54.860",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T15:15:58.640",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -48,6 +48,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-213xx/CVE-2024-21326.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21326",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-26T01:15:10.010",
"lastModified": "2024-01-31T20:10:24.203",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T15:15:59.227",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -48,6 +48,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-213xx/CVE-2024-21336.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21336",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-26T18:15:12.040",
"lastModified": "2024-01-31T21:08:30.463",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T15:15:59.553",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -48,6 +48,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-357"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-213xx/CVE-2024-21351.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21351",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-13T18:15:51.333",
"lastModified": "2024-03-07T17:48:52.180",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T15:16:00.303",
"vulnStatus": "Modified",
"cisaExploitAdd": "2024-02-13",
"cisaActionDue": "2024-03-05",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -52,6 +52,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-213xx/CVE-2024-21382.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21382",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-26T01:15:10.187",
"lastModified": "2024-01-31T20:10:16.277",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T15:16:01.580",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -48,6 +48,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-942"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-213xx/CVE-2024-21383.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21383",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-26T01:15:10.367",
"lastModified": "2024-01-31T20:09:22.623",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T15:16:01.720",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -48,6 +48,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-213xx/CVE-2024-21385.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21385",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-26T01:15:10.540",
"lastModified": "2024-01-31T20:09:14.593",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T15:16:01.877",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -48,6 +48,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-213xx/CVE-2024-21387.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21387",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-26T01:15:10.703",
"lastModified": "2024-01-31T20:08:28.943",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T15:16:02.047",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -48,6 +48,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-357"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-213xx/CVE-2024-21388.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21388",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-30T18:15:48.140",
"lastModified": "2024-02-06T18:21:15.953",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T15:16:02.170",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -48,6 +48,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-213xx/CVE-2024-21399.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21399",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-02T01:15:08.970",
"lastModified": "2024-02-09T03:00:47.227",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T15:16:02.503",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -48,6 +48,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-214xx/CVE-2024-21412.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21412",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-13T18:15:59.903",
"lastModified": "2024-03-07T17:48:58.173",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T15:16:02.980",
"vulnStatus": "Modified",
"cisaExploitAdd": "2024-02-13",
"cisaActionDue": "2024-03-05",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -52,6 +52,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-214xx/CVE-2024-21423.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21423",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-23T22:15:54.717",
"lastModified": "2024-02-26T13:42:22.567",
"lastModified": "2024-06-11T15:16:03.297",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21423",

55
CVE-2024/CVE-2024-217xx/CVE-2024-21754.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-21754",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-11T15:16:03.433",
"lastModified": "2024-06-11T15:16:03.433",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a\u00a0privileged attacker with super-admin profile and CLI access to decrypting the backup file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-916"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-423",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2024/CVE-2024-231xx/CVE-2024-23110.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-23110",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-11T15:16:03.707",
"lastModified": "2024-06-11T15:16:03.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0 all versions allows attacker to execute unauthorized code or commands via specially crafted commands"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-460",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2024/CVE-2024-231xx/CVE-2024-23111.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-23111",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-11T15:16:03.957",
"lastModified": "2024-06-11T15:16:03.957",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a\u00a0privileged attacker with super-admin profile and CLI access to decrypting the backup file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-471",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2024/CVE-2024-247xx/CVE-2024-24703.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24703",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T15:16:04.197",
"lastModified": "2024-06-11T15:16:04.197",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through 4.0.25."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/dc-woocommerce-multi-vendor/wordpress-multivendorx-plugin-4-1-1-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

47
CVE-2024/CVE-2024-250xx/CVE-2024-25095.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25095",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-04T19:18:45.170",
"lastModified": "2024-06-05T12:53:50.240",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-11T14:28:47.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeparrots:easy_forms_for_mailchimp:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "6.9.0",
"matchCriteriaId": "0D22135E-A1C8-4889-94E5-63749B16560A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/yikes-inc-easy-mailchimp-extender/wordpress-easy-forms-for-mailchimp-plugin-6-8-10-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26010.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26010",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-11T15:16:04.473",
"lastModified": "2024-06-11T15:16:04.473",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specially crafted packets."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-036",
"source": "psirt@fortinet.com"
}
]
}

14
CVE-2024/CVE-2024-261xx/CVE-2024-26188.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26188",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-23T23:15:09.790",
"lastModified": "2024-02-26T13:42:22.567",
"lastModified": "2024-06-11T15:16:04.713",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-357"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26188",

14
CVE-2024/CVE-2024-261xx/CVE-2024-26192.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26192",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-23T23:15:09.960",
"lastModified": "2024-02-26T13:42:22.567",
"lastModified": "2024-06-11T15:16:04.830",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -38,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-359"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26192",

14
CVE-2024/CVE-2024-261xx/CVE-2024-26196.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26196",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-03-21T02:52:16.643",
"lastModified": "2024-04-01T15:23:59.877",
"vulnStatus": "Analyzed",
"lastModified": "2024-06-11T15:16:04.943",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -48,6 +48,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-259"
}
]
}
],
"configurations": [

59
CVE-2024/CVE-2024-280xx/CVE-2024-28021.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-28021",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2024-06-11T14:15:10.587",
"lastModified": "2024-06-11T14:15:10.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message \nqueueing mechanism\u2019s certificate validation. If exploited an at\u0002tacker could spoof a trusted entity causing a loss of confidentiality \nand integrity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
},
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
}
]
}

55
CVE-2024/CVE-2024-280xx/CVE-2024-28023.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-28023",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2024-06-11T14:15:10.803",
"lastModified": "2024-06-11T14:15:10.803",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the message queueing mechanism that if \nexploited can lead to the exposure of resources or functionality to \nunintended actors, possibly providing attackers with sensitive infor\u0002mation or even execute arbitrary code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-259"
}
]
}
],
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true",
"source": "cybersecurity@hitachienergy.com"
}
]
}

82
CVE-2024/CVE-2024-281xx/CVE-2024-28103.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28103",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-04T20:15:10.237",
"lastModified": "2024-06-05T12:53:50.240",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-11T15:27:55.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +80,58 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.0",
"versionEndExcluding": "6.1.7.8",
"matchCriteriaId": "D2C17A69-A50E-4AB4-B607-CB917EB6B944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.8.4",
"matchCriteriaId": "1998127B-0A85-41FB-A20C-EAEBBB0BE534"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.0",
"versionEndExcluding": "7.1.3.4",
"matchCriteriaId": "EEC8C716-9842-478E-B714-06C0DD1CDB1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:7.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5B5E3A5F-5ACA-4A9C-A934-BB8AEB639D3B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

475
CVE-2024/CVE-2024-291xx/CVE-2024-29152.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29152",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-04T19:19:07.620",
"lastModified": "2024-06-05T12:53:50.240",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-11T15:14:57.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -38,10 +58,459 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F18F62E-2012-442E-BE60-6E76325D1824"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8701B6-6989-44D1-873A-A1823BFD7CCC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_990_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF6C91D-DECE-4630-85FE-C22EF2B9160A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_990:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87FE8214-E165-4874-BB5A-3C4298708039"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1928760C-4FC4-45B0-84FF-C1105CD1DD2A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB410A6D-642B-49AE-8B1C-EADA953A84DA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43DE4D6F-D662-46F2-93BC-9AE950320BDE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE06CD56-8BFD-4208-843A-179E3E6F5C10"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89B88BFE-3C82-498C-8EC1-5784836DB1A1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9385885D-654A-496E-8029-7C6D9B077193"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63C0D9AC-BD23-48C9-83E7-301DEC06E583"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A72ADEBB-ED72-4A5B-BB27-95EDE43F8116"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1A7B09-9031-4E54-A24F-3237C054166B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC68046-2F08-40D1-B158-89D8D9263541"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D381478B-C638-4663-BD71-144BE4B02E46"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61E72146-72FE-4B54-AB79-3C665E7F016C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2635646-DD6A-4735-8E01-F45445584832"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_1330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA0F8A58-71B7-4503-A03A-6FB4282D75BD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_2400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16D9272E-1794-48FF-B6A4-8F48395BA38E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "932F5FB3-5527-44D7-9DD9-EF03963E3CA3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_9110_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1896BFF-D709-481B-AD4F-37D1A8B30C06"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_9110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6748EF2-3C63-41CD-B3D1-4B3FEC614B40"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_w920_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6ADED27-EDAF-4FB3-8CB2-AE5F59B93641"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_w920:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF79654-E5C6-4DFF-B33A-A78571CD300C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_w930_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "801E188F-C71B-4933-9099-151A4A1B1BC5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_w930:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8FC82D-57C5-4F00-BDF4-4261A32C4246"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_modem_5123_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06B60F97-1320-44F5-970C-BBA29F375524"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_modem_5123:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72419735-076A-4E72-869F-0C7D801371C1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_modem_5300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F66A096-7BA3-47D6-98F4-879C3A4C1FFC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_modem_5300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE202894-D48A-4B9E-B3BD-28529967A0B3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_auto_t5123_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F27BAE-A171-42BF-BAC5-90922780525A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_auto_t5123:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A1895B4-8B31-492E-B4D8-4DC5130C536A"
}
]
}
]
}
],
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-304xx/CVE-2024-30484.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30484",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-04T19:19:24.800",
"lastModified": "2024-06-05T12:53:50.240",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-11T14:54:57.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:risethemes:rt_easy_builder:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1",
"matchCriteriaId": "E7E83515-282E-42A6-985D-29A9CDAF9BCB"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rt-easy-builder-advanced-addons-for-elementor/wordpress-rt-easy-builder-plugin-2-0-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-305xx/CVE-2024-30525.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30525",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-04T20:15:10.780",
"lastModified": "2024-06-05T12:53:50.240",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-11T15:22:30.403",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moveaddons:move_addons_for_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.0",
"matchCriteriaId": "6189F804-2AA9-427A-9ADE-B53C2C65D877"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/move-addons/wordpress-move-addons-for-elementor-plugin-1-2-9-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-305xx/CVE-2024-30528.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30528",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-04T20:15:11.010",
"lastModified": "2024-06-05T12:53:50.240",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-11T15:20:20.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:spiffyplugins:spiffy_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.9.11",
"matchCriteriaId": "3AFDB5F9-DC96-4AC5-B0D1-B99DC8136659"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-10-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-314xx/CVE-2024-31495.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31495",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-11T15:16:05.697",
"lastModified": "2024-06-11T15:16:05.697",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download functionality."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-128",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2024/CVE-2024-321xx/CVE-2024-32148.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-32148",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T15:16:05.933",
"lastModified": "2024-06-11T15:16:05.933",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Salesforce Pardot.This issue affects Pardot: from n/a through 2.1.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/pardot/wordpress-pardot-plugin-2-1-0-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

68
CVE-2024/CVE-2024-324xx/CVE-2024-32464.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32464",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-04T20:15:11.247",
"lastModified": "2024-06-05T12:53:50.240",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-11T15:24:13.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -54,14 +84,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.0",
"versionEndExcluding": "7.1.3.4",
"matchCriteriaId": "EEC8C716-9842-478E-B714-06C0DD1CDB1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rubyonrails:rails:7.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5B5E3A5F-5ACA-4A9C-A934-BB8AEB639D3B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/rails/rails/commit/e215bf3360e6dfe1497c1503a495e384ed6b0995",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/rails/rails/security/advisories/GHSA-prjp-h48f-jgf6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-344xx/CVE-2024-34442.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-34442",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T14:15:11.803",
"lastModified": "2024-06-11T14:15:11.803",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in weDevs weDocs.This issue affects weDocs: from n/a through 2.1.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wedocs/wordpress-wedocs-plugin-2-1-4-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

47
CVE-2024/CVE-2024-347xx/CVE-2024-34759.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34759",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-04T19:20:03.167",
"lastModified": "2024-06-05T12:53:50.240",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-11T14:27:17.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:videowhisper:picture_gallery:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.5.12",
"matchCriteriaId": "E7F12AAA-02C9-4C19-B285-25B870EC9442"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/picture-gallery/wordpress-picture-gallery-plugin-1-5-11-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-348xx/CVE-2024-34820.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-34820",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T15:16:06.550",
"lastModified": "2024-06-11T15:16:06.550",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through 1.7.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/if-so/wordpress-if-so-dynamic-content-personalization-plugin-1-7-1-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-348xx/CVE-2024-34826.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-34826",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T15:16:06.803",
"lastModified": "2024-06-11T15:16:06.803",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Tobias Conrad Design for Contact Form 7 Style WordPress Plugin \u2013 CF7 WOW Styler.This issue affects Design for Contact Form 7 Style WordPress Plugin \u2013 CF7 WOW Styler: from n/a through 1.6.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cf7-styler/wordpress-cf7-wow-styler-plugin-1-6-4-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-351xx/CVE-2024-35168.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-35168",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T15:16:07.043",
"lastModified": "2024-06-11T15:16:07.043",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Discourse WP Discourse.This issue affects WP Discourse: from n/a through 2.5.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-discourse/wordpress-wp-discourse-plugin-2-5-1-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

75
CVE-2024/CVE-2024-352xx/CVE-2024-35235.json Normal file
View File

@ -0,0 +1,75 @@
{
"id": "CVE-2024-35235",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-11T15:16:07.473",
"lastModified": "2024-06-11T15:16:07.473",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-252"
},
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/06/11/1",
"source": "security-advisories@github.com"
},
{
"url": "https://git.launchpad.net/ubuntu/+source/apparmor/tree/profiles/apparmor.d/abstractions/user-tmp#n21",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OpenPrinting/cups/commit/ff1f8a623e090dee8a8aadf12a6a4b25efac143d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-356xx/CVE-2024-35628.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-35628",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T15:16:07.840",
"lastModified": "2024-06-11T15:16:07.840",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.24."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-plugin-1-8-23-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-356xx/CVE-2024-35663.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-35663",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T15:16:08.077",
"lastModified": "2024-06-11T15:16:08.077",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in HahnCreativeGroup WP Translate.This issue affects WP Translate: from n/a through 5.3.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-translate/wordpress-wp-translate-plugin-5-3-0-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-356xx/CVE-2024-35665.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-35665",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T15:16:08.350",
"lastModified": "2024-06-11T15:16:08.350",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in namithjawahar Insert Post Ads.This issue affects Insert Post Ads: from n/a through 1.3.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/insert-post-ads/wordpress-insert-post-ads-plugin-1-3-2-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-356xx/CVE-2024-35667.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-35667",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T15:16:08.613",
"lastModified": "2024-06-11T15:16:08.613",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-easycart/wordpress-shopping-cart-ecommerce-store-plugin-5-5-19-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2024/CVE-2024-356xx/CVE-2024-35670.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35670",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-04T19:20:08.777",
"lastModified": "2024-06-05T12:53:50.240",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-11T14:32:50.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -38,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softlabbd:integrate_google_drive:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.94",
"matchCriteriaId": "34F911DB-004F-4F97-BD0A-91DBED7EC537"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/integrate-google-drive/wordpress-integrate-google-drive-plugin-1-3-93-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-356xx/CVE-2024-35671.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-35671",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T14:15:12.223",
"lastModified": "2024-06-11T14:15:12.223",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Minoji MJ Update History.This issue affects MJ Update History: from n/a through 1.0.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mj-update-history/wordpress-mj-update-history-plugin-1-0-4-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

47
CVE-2024/CVE-2024-356xx/CVE-2024-35672.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35672",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-04T19:20:08.967",
"lastModified": "2024-06-05T12:53:50.240",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-11T14:21:04.210",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netgsm:netgsm:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.9.16",
"matchCriteriaId": "CF0256E4-E507-49B7-8AFF-8680DF0E7E8F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/netgsm/wordpress-netgsm-plugin-2-9-16-broken-access-control-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-356xx/CVE-2024-35683.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-35683",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-11T14:15:12.453",
"lastModified": "2024-06-11T14:15:12.453",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through 3.31.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-31-1-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

76
CVE-2024/CVE-2024-366xx/CVE-2024-36604.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36604",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-04T19:20:13.927",
"lastModified": "2024-06-05T12:53:50.240",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-11T14:24:17.413",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,79 @@
"value": "Se descubri\u00f3 que Tenda O3V2 v1.0.0.12(3880) conten\u00eda una inyecci\u00f3n de comando ciego a trav\u00e9s del par\u00e1metro stpEn en la funci\u00f3n SetStp. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios con privilegios de root."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tendacn:o3v2_firmware:1.0.0.12\\(3880\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FE79D8D6-A7C9-4E9E-B719-23B3CF80DA95"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tendacn:o3v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "810F3C10-B6FE-4DA8-9AE9-2B130F3E4F1E"
}
]
}
]
}
],
"references": [
{
"url": "https://exzettabyte.me/blind-command-injection-in-stp-service-on-tenda-o3v2/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-368xx/CVE-2024-36857.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36857",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-04T19:20:14.060",
"lastModified": "2024-06-05T12:53:50.240",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-11T14:13:14.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Se descubri\u00f3 que Jan v0.4.12 conten\u00eda una vulnerabilidad de lectura de archivos arbitraria a trav\u00e9s de la interfaz /v1/app/readFileSync."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:homebrew:jan:0.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "70BA6868-01BA-4A87-9D68-A66DB9DCCABF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/HackAllSec/CVEs/tree/main/Jan%20AFR%20vulnerability",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-368xx/CVE-2024-36858.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36858",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-04T19:20:14.150",
"lastModified": "2024-06-05T12:53:50.240",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-11T14:12:39.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Una vulnerabilidad de carga de archivos arbitrarios en la interfaz /v1/app/writeFileSync de Jan v0.4.12 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:homebrew:jan:0.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "70BA6868-01BA-4A87-9D68-A66DB9DCCABF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/HackAllSec/CVEs/tree/main/Jan%20Arbitrary%20File%20Upload%20vulnerability",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-371xx/CVE-2024-37161.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-37161",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-11T15:16:09.153",
"lastModified": "2024-06-11T15:16:09.153",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-6h7v-q5rp-h6q9",
"source": "security-advisories@github.com"
}
]
}

64
CVE-2024/CVE-2024-372xx/CVE-2024-37273.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37273",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-04T19:20:15.363",
"lastModified": "2024-06-05T12:53:50.240",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-11T14:12:23.210",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Una vulnerabilidad de carga de archivos arbitrarios en la interfaz /v1/app/appendFileSync de Jan v0.4.12 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:homebrew:jan:0.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "70BA6868-01BA-4A87-9D68-A66DB9DCCABF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/HackAllSec/CVEs/tree/main/Jan%20Arbitrary%20File%20Upload%20vulnerability",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-372xx/CVE-2024-37294.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-37294",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-11T15:16:09.467",
"lastModified": "2024-06-11T15:16:09.467",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to receive a patch.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-270"
}
]
}
],
"references": [
{
"url": "https://github.com/aimeos/aimeos-core/security/advisories/GHSA-xjm6-jfmg-qc6p",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-372xx/CVE-2024-37295.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-37295",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-11T15:16:09.710",
"lastModified": "2024-06-11T15:16:09.710",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version 2024.04.5 fixes the issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-73"
}
]
}
],
"references": [
{
"url": "https://github.com/aimeos/aimeos-core/security/advisories/GHSA-rhc2-23c2-ww7c",
"source": "security-advisories@github.com"
}
]
}

79
CVE-2024/CVE-2024-372xx/CVE-2024-37296.json Normal file
View File

@ -0,0 +1,79 @@
{
"id": "CVE-2024-37296",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-11T15:16:09.963",
"lastModified": "2024-06-11T15:16:09.963",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5 fix this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-841"
},
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://github.com/aimeos/ai-client-html/commit/12d8aad1a373bf9d350872501adec3e222164f83",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aimeos/ai-client-html/commit/5a7249769142b3ce70959ab1fb70c7e7c251e214",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aimeos/ai-client-html/commit/6460ffe8f4929d864164aa96c5b49eca5326d975",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aimeos/ai-client-html/commit/7f01d2f4fbc67f5231fd84adeb835d28252b8409",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aimeos/ai-client-html/commit/fc611ff9a57e421d0ad9d99346b561cea515c5f0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aimeos/ai-client-html/security/advisories/GHSA-v4g2-cm5v-cxv7",
"source": "security-advisories@github.com"
}
]
}

51
CVE-2024/CVE-2024-51xx/CVE-2024-5189.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2024-5189",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-11T14:15:12.847",
"lastModified": "2024-06-11T14:15:12.847",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018custom_js\u2019 parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/5.9.21/includes/Classes/Asset_Builder.php#L264",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3099937/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa70238b-530e-4c90-82f4-c3113887d0e1?source=cve",
"source": "security@wordfence.com"
}
]
}

2
CVE-2024/CVE-2024-58xx/CVE-2024-5829.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-5829",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-06-11T11:15:49.847",
"lastModified": "2024-06-11T13:54:12.057",
"lastModified": "2024-06-11T14:15:13.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

110
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-06-11T14:01:08.847525+00:00
2024-06-11T16:00:23.615313+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-06-11T13:54:12.057000+00:00
2024-06-11T15:27:55+00:00
```
### Last Data Feed Release
@ -33,69 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
253438
253471
```
### CVEs added in the last Commit
Recently added CVEs: `31`
Recently added CVEs: `33`
- [CVE-2024-35207](CVE-2024/CVE-2024-352xx/CVE-2024-35207.json) (`2024-06-11T12:15:16.600`)
- [CVE-2024-35208](CVE-2024/CVE-2024-352xx/CVE-2024-35208.json) (`2024-06-11T12:15:16.923`)
- [CVE-2024-35209](CVE-2024/CVE-2024-352xx/CVE-2024-35209.json) (`2024-06-11T12:15:17.157`)
- [CVE-2024-35210](CVE-2024/CVE-2024-352xx/CVE-2024-35210.json) (`2024-06-11T12:15:17.397`)
- [CVE-2024-35211](CVE-2024/CVE-2024-352xx/CVE-2024-35211.json) (`2024-06-11T12:15:17.643`)
- [CVE-2024-35212](CVE-2024/CVE-2024-352xx/CVE-2024-35212.json) (`2024-06-11T12:15:17.897`)
- [CVE-2024-35292](CVE-2024/CVE-2024-352xx/CVE-2024-35292.json) (`2024-06-11T12:15:18.150`)
- [CVE-2024-35303](CVE-2024/CVE-2024-353xx/CVE-2024-35303.json) (`2024-06-11T12:15:18.413`)
- [CVE-2024-36266](CVE-2024/CVE-2024-362xx/CVE-2024-36266.json) (`2024-06-11T12:15:18.657`)
- [CVE-2024-5687](CVE-2024/CVE-2024-56xx/CVE-2024-5687.json) (`2024-06-11T13:15:50.260`)
- [CVE-2024-5688](CVE-2024/CVE-2024-56xx/CVE-2024-5688.json) (`2024-06-11T13:15:50.347`)
- [CVE-2024-5689](CVE-2024/CVE-2024-56xx/CVE-2024-5689.json) (`2024-06-11T13:15:50.480`)
- [CVE-2024-5690](CVE-2024/CVE-2024-56xx/CVE-2024-5690.json) (`2024-06-11T13:15:50.553`)
- [CVE-2024-5691](CVE-2024/CVE-2024-56xx/CVE-2024-5691.json) (`2024-06-11T13:15:50.690`)
- [CVE-2024-5692](CVE-2024/CVE-2024-56xx/CVE-2024-5692.json) (`2024-06-11T13:15:50.770`)
- [CVE-2024-5693](CVE-2024/CVE-2024-56xx/CVE-2024-5693.json) (`2024-06-11T13:15:50.850`)
- [CVE-2024-5694](CVE-2024/CVE-2024-56xx/CVE-2024-5694.json) (`2024-06-11T13:15:50.933`)
- [CVE-2024-5695](CVE-2024/CVE-2024-56xx/CVE-2024-5695.json) (`2024-06-11T13:15:51.017`)
- [CVE-2024-5696](CVE-2024/CVE-2024-56xx/CVE-2024-5696.json) (`2024-06-11T13:15:51.100`)
- [CVE-2024-5697](CVE-2024/CVE-2024-56xx/CVE-2024-5697.json) (`2024-06-11T13:15:51.177`)
- [CVE-2024-5698](CVE-2024/CVE-2024-56xx/CVE-2024-5698.json) (`2024-06-11T13:15:51.257`)
- [CVE-2024-5699](CVE-2024/CVE-2024-56xx/CVE-2024-5699.json) (`2024-06-11T13:15:51.333`)
- [CVE-2024-5700](CVE-2024/CVE-2024-57xx/CVE-2024-5700.json) (`2024-06-11T13:15:51.417`)
- [CVE-2024-5701](CVE-2024/CVE-2024-57xx/CVE-2024-5701.json) (`2024-06-11T13:15:51.493`)
- [CVE-2024-5702](CVE-2024/CVE-2024-57xx/CVE-2024-5702.json) (`2024-06-11T13:15:51.573`)
- [CVE-2024-21754](CVE-2024/CVE-2024-217xx/CVE-2024-21754.json) (`2024-06-11T15:16:03.433`)
- [CVE-2024-23110](CVE-2024/CVE-2024-231xx/CVE-2024-23110.json) (`2024-06-11T15:16:03.707`)
- [CVE-2024-23111](CVE-2024/CVE-2024-231xx/CVE-2024-23111.json) (`2024-06-11T15:16:03.957`)
- [CVE-2024-24703](CVE-2024/CVE-2024-247xx/CVE-2024-24703.json) (`2024-06-11T15:16:04.197`)
- [CVE-2024-26010](CVE-2024/CVE-2024-260xx/CVE-2024-26010.json) (`2024-06-11T15:16:04.473`)
- [CVE-2024-28021](CVE-2024/CVE-2024-280xx/CVE-2024-28021.json) (`2024-06-11T14:15:10.587`)
- [CVE-2024-28023](CVE-2024/CVE-2024-280xx/CVE-2024-28023.json) (`2024-06-11T14:15:10.803`)
- [CVE-2024-31495](CVE-2024/CVE-2024-314xx/CVE-2024-31495.json) (`2024-06-11T15:16:05.697`)
- [CVE-2024-32148](CVE-2024/CVE-2024-321xx/CVE-2024-32148.json) (`2024-06-11T15:16:05.933`)
- [CVE-2024-34442](CVE-2024/CVE-2024-344xx/CVE-2024-34442.json) (`2024-06-11T14:15:11.803`)
- [CVE-2024-34820](CVE-2024/CVE-2024-348xx/CVE-2024-34820.json) (`2024-06-11T15:16:06.550`)
- [CVE-2024-34826](CVE-2024/CVE-2024-348xx/CVE-2024-34826.json) (`2024-06-11T15:16:06.803`)
- [CVE-2024-35168](CVE-2024/CVE-2024-351xx/CVE-2024-35168.json) (`2024-06-11T15:16:07.043`)
- [CVE-2024-35235](CVE-2024/CVE-2024-352xx/CVE-2024-35235.json) (`2024-06-11T15:16:07.473`)
- [CVE-2024-35628](CVE-2024/CVE-2024-356xx/CVE-2024-35628.json) (`2024-06-11T15:16:07.840`)
- [CVE-2024-35663](CVE-2024/CVE-2024-356xx/CVE-2024-35663.json) (`2024-06-11T15:16:08.077`)
- [CVE-2024-35665](CVE-2024/CVE-2024-356xx/CVE-2024-35665.json) (`2024-06-11T15:16:08.350`)
- [CVE-2024-35667](CVE-2024/CVE-2024-356xx/CVE-2024-35667.json) (`2024-06-11T15:16:08.613`)
- [CVE-2024-35671](CVE-2024/CVE-2024-356xx/CVE-2024-35671.json) (`2024-06-11T14:15:12.223`)
- [CVE-2024-35683](CVE-2024/CVE-2024-356xx/CVE-2024-35683.json) (`2024-06-11T14:15:12.453`)
- [CVE-2024-37161](CVE-2024/CVE-2024-371xx/CVE-2024-37161.json) (`2024-06-11T15:16:09.153`)
- [CVE-2024-37294](CVE-2024/CVE-2024-372xx/CVE-2024-37294.json) (`2024-06-11T15:16:09.467`)
- [CVE-2024-37295](CVE-2024/CVE-2024-372xx/CVE-2024-37295.json) (`2024-06-11T15:16:09.710`)
- [CVE-2024-37296](CVE-2024/CVE-2024-372xx/CVE-2024-37296.json) (`2024-06-11T15:16:09.963`)
- [CVE-2024-5189](CVE-2024/CVE-2024-51xx/CVE-2024-5189.json) (`2024-06-11T14:15:12.847`)
### CVEs modified in the last Commit
Recently modified CVEs: `140`
Recently modified CVEs: `45`
- [CVE-2024-36306](CVE-2024/CVE-2024-363xx/CVE-2024-36306.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-36307](CVE-2024/CVE-2024-363xx/CVE-2024-36307.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-36358](CVE-2024/CVE-2024-363xx/CVE-2024-36358.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-36359](CVE-2024/CVE-2024-363xx/CVE-2024-36359.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-36360](CVE-2024/CVE-2024-363xx/CVE-2024-36360.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-36418](CVE-2024/CVE-2024-364xx/CVE-2024-36418.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-36419](CVE-2024/CVE-2024-364xx/CVE-2024-36419.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-36471](CVE-2024/CVE-2024-364xx/CVE-2024-36471.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-36473](CVE-2024/CVE-2024-364xx/CVE-2024-36473.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-37130](CVE-2024/CVE-2024-371xx/CVE-2024-37130.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-37166](CVE-2024/CVE-2024-371xx/CVE-2024-37166.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-37168](CVE-2024/CVE-2024-371xx/CVE-2024-37168.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-37169](CVE-2024/CVE-2024-371xx/CVE-2024-37169.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-37176](CVE-2024/CVE-2024-371xx/CVE-2024-37176.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-37177](CVE-2024/CVE-2024-371xx/CVE-2024-37177.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-37178](CVE-2024/CVE-2024-371xx/CVE-2024-37178.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-3723](CVE-2024/CVE-2024-37xx/CVE-2024-3723.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-37289](CVE-2024/CVE-2024-372xx/CVE-2024-37289.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-4266](CVE-2024/CVE-2024-42xx/CVE-2024-4266.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-4319](CVE-2024/CVE-2024-43xx/CVE-2024-4319.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-5090](CVE-2024/CVE-2024-50xx/CVE-2024-5090.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-5530](CVE-2024/CVE-2024-55xx/CVE-2024-5530.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-5531](CVE-2024/CVE-2024-55xx/CVE-2024-5531.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-5584](CVE-2024/CVE-2024-55xx/CVE-2024-5584.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-5829](CVE-2024/CVE-2024-58xx/CVE-2024-5829.json) (`2024-06-11T13:54:12.057`)
- [CVE-2024-21383](CVE-2024/CVE-2024-213xx/CVE-2024-21383.json) (`2024-06-11T15:16:01.720`)
- [CVE-2024-21385](CVE-2024/CVE-2024-213xx/CVE-2024-21385.json) (`2024-06-11T15:16:01.877`)
- [CVE-2024-21387](CVE-2024/CVE-2024-213xx/CVE-2024-21387.json) (`2024-06-11T15:16:02.047`)
- [CVE-2024-21388](CVE-2024/CVE-2024-213xx/CVE-2024-21388.json) (`2024-06-11T15:16:02.170`)
- [CVE-2024-21399](CVE-2024/CVE-2024-213xx/CVE-2024-21399.json) (`2024-06-11T15:16:02.503`)
- [CVE-2024-21412](CVE-2024/CVE-2024-214xx/CVE-2024-21412.json) (`2024-06-11T15:16:02.980`)
- [CVE-2024-21423](CVE-2024/CVE-2024-214xx/CVE-2024-21423.json) (`2024-06-11T15:16:03.297`)
- [CVE-2024-25095](CVE-2024/CVE-2024-250xx/CVE-2024-25095.json) (`2024-06-11T14:28:47.063`)
- [CVE-2024-26188](CVE-2024/CVE-2024-261xx/CVE-2024-26188.json) (`2024-06-11T15:16:04.713`)
- [CVE-2024-26192](CVE-2024/CVE-2024-261xx/CVE-2024-26192.json) (`2024-06-11T15:16:04.830`)
- [CVE-2024-26196](CVE-2024/CVE-2024-261xx/CVE-2024-26196.json) (`2024-06-11T15:16:04.943`)
- [CVE-2024-28103](CVE-2024/CVE-2024-281xx/CVE-2024-28103.json) (`2024-06-11T15:27:55.000`)
- [CVE-2024-29152](CVE-2024/CVE-2024-291xx/CVE-2024-29152.json) (`2024-06-11T15:14:57.847`)
- [CVE-2024-30484](CVE-2024/CVE-2024-304xx/CVE-2024-30484.json) (`2024-06-11T14:54:57.570`)
- [CVE-2024-30525](CVE-2024/CVE-2024-305xx/CVE-2024-30525.json) (`2024-06-11T15:22:30.403`)
- [CVE-2024-30528](CVE-2024/CVE-2024-305xx/CVE-2024-30528.json) (`2024-06-11T15:20:20.633`)
- [CVE-2024-32464](CVE-2024/CVE-2024-324xx/CVE-2024-32464.json) (`2024-06-11T15:24:13.467`)
- [CVE-2024-34759](CVE-2024/CVE-2024-347xx/CVE-2024-34759.json) (`2024-06-11T14:27:17.887`)
- [CVE-2024-35670](CVE-2024/CVE-2024-356xx/CVE-2024-35670.json) (`2024-06-11T14:32:50.147`)
- [CVE-2024-35672](CVE-2024/CVE-2024-356xx/CVE-2024-35672.json) (`2024-06-11T14:21:04.210`)
- [CVE-2024-36604](CVE-2024/CVE-2024-366xx/CVE-2024-36604.json) (`2024-06-11T14:24:17.413`)
- [CVE-2024-36857](CVE-2024/CVE-2024-368xx/CVE-2024-36857.json) (`2024-06-11T14:13:14.437`)
- [CVE-2024-36858](CVE-2024/CVE-2024-368xx/CVE-2024-36858.json) (`2024-06-11T14:12:39.667`)
- [CVE-2024-37273](CVE-2024/CVE-2024-372xx/CVE-2024-37273.json) (`2024-06-11T14:12:23.210`)
- [CVE-2024-5829](CVE-2024/CVE-2024-58xx/CVE-2024-5829.json) (`2024-06-11T14:15:13.150`)
## Download and Usage

463
_state.csv
View File

File diff suppressed because it is too large Load Diff