admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-06-24T20:00:19.296356+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-06-24 20:03:10 +00:00
parent 0f40258f46
commit 9861a4f9d0
115 changed files with 4714 additions and 505 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2018/CVE-2018-53xx/CVE-2018-5389.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-5389",
"sourceIdentifier": "cret@cert.org",
"published": "2018-09-06T21:29:00.220",
"lastModified": "2019-10-09T23:41:16.953",
"lastModified": "2024-06-24T19:15:11.480",
"vulnStatus": "Modified",
"descriptions": [
{
@ -73,16 +73,6 @@
"value": "CWE-521"
}
]
},
{
"source": "cret@cert.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-323"
}
]
}
],
"configurations": [

20
CVE-2021/CVE-2021-457xx/CVE-2021-45785.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-45785",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-24T19:15:11.700",
"lastModified": "2024-06-24T19:26:35.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage."
}
],
"metrics": {},
"references": [
{
"url": "https://1d8.github.io/cves/cve_2021_45785/",
"source": "cve@mitre.org"
}
]
}

63
CVE-2022/CVE-2022-380xx/CVE-2022-38055.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-38055",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T16:15:10.497",
"lastModified": "2024-06-21T19:15:20.857",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:12:16.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9."
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de p\u00e1gina web (XSS b\u00e1sico) en gVectors Team wpForo Forum permite la suplantaci\u00f3n de contenido. Este problema afecta a wpForo Forum: desde n/a hasta 2.0.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1.0",
"matchCriteriaId": "100EAEDA-0A7C-4BC4-878B-20AE94F4BC9C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-forum-plugin-2-0-9-auth-html-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2022/CVE-2022-402xx/CVE-2022-40225.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-40225",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-11-10T22:15:14.987",
"lastModified": "2024-06-13T18:36:45.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:39:38.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
@ -50,10 +70,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:siplus_tim_1531_irc_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.4.8",
"matchCriteriaId": "A2943CE5-AD0E-43FF-B8D5-A07DBC04B7AC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:siplus_tim_1531_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "074FDC9C-CB36-4C67-82C8-1B930FF1269F"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-337522.html",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

51
CVE-2022/CVE-2022-434xx/CVE-2022-43453.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-43453",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T14:15:10.870",
"lastModified": "2024-06-21T15:58:38.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T18:50:15.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through 3.41."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Bill Minozzi WP Tools. Este problema afecta a WP Tools: desde n/a hasta 3.41."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:billminozzi:wp_tools:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.43",
"matchCriteriaId": "92795DE1-6067-43A3-952E-750F691FC27B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wptools/wordpress-wp-tools-plugin-2-51-3-41-auth-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2022/CVE-2022-445xx/CVE-2022-44587.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-44587",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T16:15:10.763",
"lastModified": "2024-06-21T19:15:20.857",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:12:42.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3."
},
{
"lang": "es",
"value": "La vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en el archivo de registro en WP 2FA permite acceder a la funcionalidad no restringida adecuadamente por las ACL. Este problema afecta a WP 2FA: desde n/a hasta 2.6.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:melapress:wp_2fa:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.6.4",
"matchCriteriaId": "89EE231F-4C4B-47A8-80AE-63B982337D79"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-2fa/wordpress-wp-2fa-plugin-2-6-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2022/CVE-2022-445xx/CVE-2022-44593.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-44593",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T16:15:11.013",
"lastModified": "2024-06-21T19:15:20.857",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:13:16.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through 9.3.1."
},
{
"lang": "es",
"value": "El uso de la vulnerabilidad de fuente menos confiable en SolidWP Solid Security permite HTTP DoS. Este problema afecta a Solid Security: desde n/a hasta 9.3.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solidwp:solid_security:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "9.3.2",
"matchCriteriaId": "07B13EE4-2B86-43F9-A944-99C50A12D4D1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/better-wp-security/wordpress-solid-security-plugin-9-3-1-ip-spoofing-leading-to-denial-of-service-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2022/CVE-2022-458xx/CVE-2022-45803.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-45803",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T14:15:11.103",
"lastModified": "2024-06-21T15:58:38.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T18:51:29.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin \u2013 Gutenberg Forms.This issue affects WordPress Form Builder Plugin \u2013 Gutenberg Forms: from n/a through 2.2.8.3."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en el complemento Nikolay Strikhar WordPress Form Builder \u2013 Gutenberg Forms. Este problema afecta al complemento WordPress Form Builder \u2013 Gutenberg Forms: desde n/a hasta 2.2.8.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gutenbergforms:gutenberg_forms:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.9",
"matchCriteriaId": "748B8783-2626-4DCB-A5EC-FC26F5BC8433"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/forms-gutenberg/wordpress-gutenberg-forms-plugin-2-2-8-3-auth-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-383xx/CVE-2023-38389.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38389",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T16:15:11.310",
"lastModified": "2024-06-21T19:15:20.857",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:13:48.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through 3.3.8."
},
{
"lang": "es",
"value": "La vulnerabilidad de autorizaci\u00f3n incorrecta en Artbees JupiterX Core permite acceder a una funcionalidad que no est\u00e1 correctamente restringida por las ACL. Este problema afecta a JupiterX Core: desde n/a hasta 3.3.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artbees:jupiter_x_core:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.3.8",
"matchCriteriaId": "E5B6F0E2-1DF6-47FD-B24E-5C38EF906D20"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-unauthenticated-account-takeover-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-451xx/CVE-2023-45197.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2023-45197",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2024-06-21T15:15:15.647",
"lastModified": "2024-06-21T15:58:38.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:11:50.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of \u201c..\u201d to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3."
},
{
"lang": "es",
"value": "El complemento de carga de archivos en Adminer y AdminerEvo permite a un atacante cargar un archivo con un nombre de tabla \"...\" en la ra\u00edz del directorio de Adminer. El atacante puede adivinar efectivamente el nombre del archivo cargado y ejecutarlo. Adminer ya no es compatible, pero este problema se solucion\u00f3 en la versi\u00f3n 4.8.3 de AdminerEvo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
@ -27,10 +64,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adminerevo:adminerevo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.3",
"matchCriteriaId": "DCD7F783-BAAA-4824-AE44-CC5D0FE9D14F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/adminerevo/adminerevo/commit/1cc06d6a1005fd833fa009701badd5641627a1d4",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Patch"
]
}
]
}

59
CVE-2023/CVE-2023-497xx/CVE-2023-49793.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-49793",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-24T18:15:10.437",
"lastModified": "2024-06-24T19:26:35.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of `CodeChecker server`. The vulnerable endpoint is `/Default/v6.53/CodeCheckerService@massStoreRun`. The path traversal vulnerability allows reading data on the machine of the `CodeChecker server`, with the same permission level as the `CodeChecker server`.\nThe attack requires a user account on the `CodeChecker server`, with permission to store to a server, and view the stored report. This vulnerability has been patched in version 6.23."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrf",
"source": "security-advisories@github.com"
}
]
}

51
CVE-2023/CVE-2023-513xx/CVE-2023-51375.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-51375",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T14:15:11.363",
"lastModified": "2024-06-21T15:58:38.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T18:52:00.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.8.3."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en WPDeveloper EmbedPress. Este problema afecta a EmbedPress: desde n/a hasta 3.8.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdeveloper:embedpress:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.8.4",
"matchCriteriaId": "A1119AAF-766A-4F5B-B08C-1057FEFB8BA0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/embedpress/wordpress-embedpress-plugin-3-8-3-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-215xx/CVE-2024-21514.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21514",
"sourceIdentifier": "report@snyk.io",
"published": "2024-06-22T05:15:09.637",
"lastModified": "2024-06-24T12:57:36.513",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-24T19:59:16.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -50,18 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opencart:opencart:3.0.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAF17FE-8983-4CE6-BCFE-A6AA865E8FE2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/opencart/opencart/blob/3.0.3.9/upload/catalog/model/extension/payment/divido.php%23L114",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Product"
]
},
{
"url": "https://github.com/opencart/opencart/commit/46bd5f5a8056ff9aad0aa7d71729c4cf593d67e2",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Patch"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266565",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-215xx/CVE-2024-21515.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21515",
"sourceIdentifier": "report@snyk.io",
"published": "2024-06-22T05:15:10.730",
"lastModified": "2024-06-24T12:57:36.513",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-24T19:58:28.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -50,14 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0.0",
"matchCriteriaId": "60390C89-394D-4A4E-BD1C-C91F57B73CFD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/opencart/opencart/commit/c546199e8f100c1f3797a7a9d3cf4db1887399a2",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Patch"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266573",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-215xx/CVE-2024-21516.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21516",
"sourceIdentifier": "report@snyk.io",
"published": "2024-06-22T05:15:10.967",
"lastModified": "2024-06-24T12:57:36.513",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-24T19:57:38.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -50,14 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0.0",
"matchCriteriaId": "60390C89-394D-4A4E-BD1C-C91F57B73CFD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/opencart/opencart/commit/c546199e8f100c1f3797a7a9d3cf4db1887399a2",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Patch"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266576",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-215xx/CVE-2024-21517.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21517",
"sourceIdentifier": "report@snyk.io",
"published": "2024-06-22T05:15:11.173",
"lastModified": "2024-06-24T12:57:36.513",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-24T19:56:45.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -50,14 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0.0",
"matchCriteriaId": "60390C89-394D-4A4E-BD1C-C91F57B73CFD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/opencart/opencart/commit/0fd1ee4b6c94366bf3e5d3831a8336f3275d1860",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Patch"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266577",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-215xx/CVE-2024-21518.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21518",
"sourceIdentifier": "report@snyk.io",
"published": "2024-06-22T05:15:11.403",
"lastModified": "2024-06-24T12:57:36.513",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-24T19:56:14.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -50,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0.0",
"matchCriteriaId": "60390C89-394D-4A4E-BD1C-C91F57B73CFD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/opencart/opencart/blob/04c1724370ab02967d3b4f668c1b67771ecf1ff4/upload/admin/controller/marketplace/installer.php%23L383C1-L383C1",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Patch"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266578",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-215xx/CVE-2024-21519.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21519",
"sourceIdentifier": "report@snyk.io",
"published": "2024-06-22T05:15:11.620",
"lastModified": "2024-06-24T12:57:36.513",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-24T19:55:07.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -50,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0.0",
"matchCriteriaId": "60390C89-394D-4A4E-BD1C-C91F57B73CFD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/opencart/opencart/blob/master/upload/admin/controller/tool/upload.php%23L353",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Broken Link"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266579",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-329xx/CVE-2024-32936.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32936",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-24T14:15:11.600",
"lastModified": "2024-06-24T14:15:11.600",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:47.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-32xx/CVE-2024-3264.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3264",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-06-24T13:15:11.627",
"lastModified": "2024-06-24T13:15:11.627",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:47.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-332xx/CVE-2024-33278.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33278",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-24T14:15:11.687",
"lastModified": "2024-06-24T14:15:11.687",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:47.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-336xx/CVE-2024-33687.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33687",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-06-24T15:15:11.590",
"lastModified": "2024-06-24T15:15:11.590",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:35.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-338xx/CVE-2024-33847.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33847",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-24T14:15:11.803",
"lastModified": "2024-06-24T14:15:11.803",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:47.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-338xx/CVE-2024-33879.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33879",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-24T17:15:10.257",
"lastModified": "2024-06-24T17:15:10.257",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:35.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-338xx/CVE-2024-33880.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33880",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-24T17:15:10.353",
"lastModified": "2024-06-24T17:15:10.353",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:35.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-338xx/CVE-2024-33881.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33881",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-24T17:15:10.447",
"lastModified": "2024-06-24T17:15:10.447",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:35.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-340xx/CVE-2024-34027.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34027",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-24T14:15:11.887",
"lastModified": "2024-06-24T14:15:11.887",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:47.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-340xx/CVE-2024-34030.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34030",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-24T14:15:11.977",
"lastModified": "2024-06-24T14:15:11.977",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:47.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-352xx/CVE-2024-35247.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35247",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-24T14:15:12.050",
"lastModified": "2024-06-24T14:15:12.050",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:47.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

73
CVE-2024/CVE-2024-355xx/CVE-2024-35537.json
View File

@ -2,19 +2,84 @@
"id": "CVE-2024-35537",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-21T17:15:10.697",
"lastModified": "2024-06-21T19:15:20.857",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:40:04.190",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que TVS Motor Company Limited TVS Connect Android v4.6.0 e IOS v5.0.0 manejan de forma insegura el par de claves RSA, lo que permite a los atacantes posiblemente acceder a informaci\u00f3n confidencial mediante el descifrado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tvsmotor:tvs_connect:4.6.0:*:*:*:*:android:*:*",
"matchCriteriaId": "B96C6E52-9DDB-4DD2-808D-E0E3A049CE6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tvsmotor:tvs_connect:5.0.0:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "80CB646A-DE5C-48FA-82C0-0338284141F8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/aaravavi/TVS-Connect-Application-VAPT",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-357xx/CVE-2024-35757.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-35757",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T13:15:09.250",
"lastModified": "2024-06-21T15:58:51.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:19:01.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 5 Star Plugins Easy Age Verify allows Stored XSS.This issue affects Easy Age Verify: from n/a through 1.8.2."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en los complementos de 5 estrellas Easy Age Verify permite XSS Almacenado. Este problema afecta a Easy Age Verify: desde n/a hasta 1.8.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:5starplugins:easy_age_verify:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.8.3",
"matchCriteriaId": "A7F5928C-A982-4A70-9E7D-07C5F6FE1C0C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/easy-age-verify/wordpress-easy-age-verify-plugin-1-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-357xx/CVE-2024-35758.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-35758",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T13:15:09.487",
"lastModified": "2024-06-21T15:58:51.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:19:51.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Horse Interface allows Stored XSS.This issue affects Interface: from n/a through 3.1.0."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Theme Horse Interface permite XSS Almacenado. Este problema afecta a la Interface: desde n/a hasta 3.1.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themehorse:interface:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1.1",
"matchCriteriaId": "6CFA38DC-3106-4154-9920-94DAED06C741"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/interface/wordpress-interface-theme-3-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-357xx/CVE-2024-35759.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-35759",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T13:15:09.740",
"lastModified": "2024-06-21T15:58:51.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:20:39.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Job Portal allows Stored XSS.This issue affects WP Job Portal: from n/a through 2.1.3."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WP Job Portal permite XSS Almacenado. Este problema afecta a WP Job Portal: desde n/a hasta 2.1.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpjobportal:wp_job_portal:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1.4",
"matchCriteriaId": "857E0867-2AD0-4A44-8C60-BCA65E34611C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-plugin-2-1-3-admin-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-357xx/CVE-2024-35760.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-35760",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T13:15:09.977",
"lastModified": "2024-06-21T15:58:51.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:21:04.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Job Portal allows Stored XSS.This issue affects WP Job Portal: from n/a through 2.1.3."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WP Job Portal permite XSS Almacenado. Este problema afecta a WP Job Portal: desde n/a hasta 2.1.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpjobportal:wp_job_portal:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1.4",
"matchCriteriaId": "857E0867-2AD0-4A44-8C60-BCA65E34611C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-a-complete-job-board-plugin-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-357xx/CVE-2024-35761.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-35761",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T13:15:10.233",
"lastModified": "2024-06-21T15:58:51.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:21:26.413",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.0."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en vCita Online Booking & Scheduling Calendar para WordPress de vcita permite XSS Almacenado. Este problema afecta a Online Booking & Scheduling Calendar for WordPress by vcita: de n/ a hasta 4.4.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vcita:online_booking_\\&_scheduling_calendar_for_wordpress_by_vcita:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.4.1",
"matchCriteriaId": "0160182F-E5A5-4D21-BE4F-809588561C55"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/meeting-scheduler-by-vcita/wordpress-online-booking-scheduling-calendar-for-wordpress-by-vcita-plugin-4-4-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-357xx/CVE-2024-35762.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-35762",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T13:15:10.460",
"lastModified": "2024-06-21T15:58:51.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:21:47.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cryout Creations Serious Slider allows Stored XSS.This issue affects Serious Slider: from n/a through 1.2.4."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Cryout Creations Serious Slider permite XSS Almacenado. Este problema afecta a Serious Slider: desde n/a hasta 1.2.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cryoutcreations:serious_slider:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.5",
"matchCriteriaId": "CAB26632-E6D6-4081-8D07-1D5B40F794A7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cryout-serious-slider/wordpress-serious-slider-plugin-1-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-357xx/CVE-2024-35763.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35763",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T13:15:10.700",
"lastModified": "2024-06-21T15:58:38.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:22:44.850",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themefreesia:excellent:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.0",
"matchCriteriaId": "DDAB6769-0F55-4341-A573-37E0814F71EB"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/excellent/wordpress-excellent-theme-1-2-9-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-357xx/CVE-2024-35764.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-35764",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T13:15:10.950",
"lastModified": "2024-06-21T15:58:38.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:23:24.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.4.4."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Andy Moyle Church Admin permite XSS Almacenado. Este problema afecta a Church Admin: desde n/a hasta 4.4.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:church_admin_project:church_admin:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.4.5",
"matchCriteriaId": "92E3440F-06E1-4672-BBAF-01DC974FD83C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-357xx/CVE-2024-35766.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-35766",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T13:15:11.183",
"lastModified": "2024-06-21T15:58:38.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:24:15.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ollybach WPPizza allows Reflected XSS.This issue affects WPPizza: from n/a through 3.18.13."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en ollybach WPPizza permite el XSS reflejado. Este problema afecta a WPPizza: desde n/a hasta 3.18.13."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp-pizza:wppizza:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.18.14",
"matchCriteriaId": "C73F22EC-019E-4F35-86B3-C7BA46E98C86"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wppizza/wordpress-wppizza-a-restaurant-plugin-plugin-3-18-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-357xx/CVE-2024-35767.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-35767",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T16:15:11.670",
"lastModified": "2024-06-21T19:15:20.857",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:14:34.210",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through 1.4."
},
{
"lang": "es",
"value": "La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Bogdan Bendziukov Squeeze permite la inyecci\u00f3n de c\u00f3digo. Este problema afecta a Squeeze: desde n/a hasta 1.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squeeze_project:squeeze:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.4.1",
"matchCriteriaId": "7D6C7DBA-DCCF-437B-B9EF-EF4070DBCC4F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/squeeze/wordpress-squeeze-plugin-1-4-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-357xx/CVE-2024-35768.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-35768",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T13:15:11.460",
"lastModified": "2024-06-21T15:58:38.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:24:52.483",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.42."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Live Composer Team Page Builder: Live Composer permite XSS Almacenado. Este problema afecta a Page Builder: Live Composer: desde n/a hasta 1.5.42."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:livecomposerplugin:live-composer-page-builder:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.42",
"matchCriteriaId": "253CA218-7FC5-4515-9C35-4FC8B7E4E923"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/live-composer-page-builder/wordpress-page-builder-live-composer-plugin-1-5-42-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-357xx/CVE-2024-35769.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-35769",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T12:15:10.250",
"lastModified": "2024-06-21T15:58:51.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T18:45:09.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in John West Slideshow SE allows Stored XSS.This issue affects Slideshow SE: from n/a through 2.5.17."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en John West Slideshow SE permite XSS Almacenado. Este problema afecta a Slideshow SE: desde n/a hasta 2.5.17."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:slideshow_se_project:slideshow_se:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.5.17",
"matchCriteriaId": "76A01BFC-CB20-4215-ABB4-9DBBB7E070F0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/slideshow-se/wordpress-slideshow-se-plugin-2-5-17-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-357xx/CVE-2024-35770.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-35770",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T13:15:11.697",
"lastModified": "2024-06-21T15:58:38.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:25:21.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin.This issue affects Vimeography: Vimeo Video Gallery WordPress Plugin: from n/a through 2.4.1."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin. Este problema afecta a Vimeography: Vimeo Video Gallery WordPress Plugin: desde n/a hasta 2.4.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:davekiss:vimeography:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.4.2",
"matchCriteriaId": "1DD11648-5770-4F36-AF54-3A9347CC8A08"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/vimeography/wordpress-vimeography-plugin-2-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-357xx/CVE-2024-35771.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-35771",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T13:15:11.950",
"lastModified": "2024-06-21T15:58:38.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:25:46.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Customizr.This issue affects Customizr: from n/a through 4.4.21."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en presscustomizr Customizr. Este problema afecta a Customizr: desde n/a hasta 4.4.21."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:presscustomizr:customizr:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.4.22",
"matchCriteriaId": "076D993D-0708-46C4-ABE3-D1582541BE9F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/customizr/wordpress-customizr-theme-4-4-21-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-357xx/CVE-2024-35772.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-35772",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T13:15:12.183",
"lastModified": "2024-06-21T15:58:38.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:26:14.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.This issue affects Hueman: from n/a through 3.7.24."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en presscustomizr Hueman. Este problema afecta a Hueman: desde n/a hasta 3.7.24."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:presscustomizr:hueman:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.7.25",
"matchCriteriaId": "902153E0-87F1-4616-B96E-2B5C11F6EDE3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/hueman/wordpress-hueman-theme-3-7-24-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-357xx/CVE-2024-35774.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-35774",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T12:15:10.500",
"lastModified": "2024-06-21T15:58:51.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T18:43:57.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in D\u2019arteweb DImage 360 allows Stored XSS.This issue affects DImage 360: from n/a through 2.0."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en D'arteweb DImage 360 permite XSS Almacenado. Este problema afecta a DImage 360: desde n/a hasta 2.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:darteweb:dimage_360:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "96710C7D-9508-4744-8B70-70D12D37A473"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/dimage-360/wordpress-dimage-360-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-357xx/CVE-2024-35776.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-35776",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T13:15:12.417",
"lastModified": "2024-06-21T15:58:38.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T18:49:09.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP.This issue affects phpinfo() WP: from n/a through 5.0."
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Exeebit phpinfo() WP. Este problema afecta a phpinfo() WP: desde n/a hasta 5.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:exeebit:phpinfo-wp:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.0",
"matchCriteriaId": "F913FFFB-5D6E-42A7-8B28-CCB4D2331158"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/phpinfo-wp/wordpress-phpinfo-wp-plugin-5-0-unauthenticated-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-357xx/CVE-2024-35778.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-35778",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T16:15:11.910",
"lastModified": "2024-06-21T19:15:20.857",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:15:07.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE allows PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through 2.5.17."
},
{
"lang": "es",
"value": "La limitaci\u00f3n inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido (\"Path Traversal\") en John West Slideshow SE permite la inclusi\u00f3n de archivos locales PHP. Este problema afecta a Slideshow SE: desde n/a hasta 2.5.17."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:slideshow_se_project:slideshow_se:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.5.17",
"matchCriteriaId": "76A01BFC-CB20-4215-ABB4-9DBBB7E070F0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/slideshow-se/wordpress-slideshow-se-plugin-2-5-17-author-limited-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-357xx/CVE-2024-35779.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-35779",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T12:15:10.747",
"lastModified": "2024-06-21T15:58:51.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T18:40:26.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.42."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Live Composer Team Page Builder: Live Composer permite XSS Almacenado. Este problema afecta a Page Builder: Live Composer: desde n/a hasta 1.5.42."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:livecomposerplugin:live-composer-page-builder:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.42",
"matchCriteriaId": "253CA218-7FC5-4515-9C35-4FC8B7E4E923"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/live-composer-page-builder/wordpress-page-builder-live-composer-plugin-1-5-42-contributor-shortcode-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-357xx/CVE-2024-35781.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-35781",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T16:15:12.153",
"lastModified": "2024-06-21T19:15:20.857",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:15:58.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through 4.21.1."
},
{
"lang": "es",
"value": "La limitaci\u00f3n inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido (\"Path Traversal\") en YAHMAN Word Balloon permite la inclusi\u00f3n de archivos locales PHP. Este problema afecta a Word Balloon: desde n/a hasta 4.21.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:back2nature:word_balloon:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.21.1",
"matchCriteriaId": "5C7F2CA7-8945-4955-A019-B6D0DAE49FAF"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/word-balloon/wordpress-word-balloon-plugin-4-21-1-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

116
CVE-2024/CVE-2024-362xx/CVE-2024-36288.json
View File

@ -2,47 +2,141 @@
"id": "CVE-2024-36288",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-21T12:15:10.967",
"lastModified": "2024-06-21T15:58:51.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T18:39:00.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix loop termination condition in gss_free_in_token_pages()\n\nThe in_token->pages[] array is not NULL terminated. This results in\nthe following KASAN splat:\n\n KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: SUNRPC: corrigi\u00f3 la condici\u00f3n de terminaci\u00f3n del bucle en gss_free_in_token_pages() La matriz in_token->pages[] no tiene terminaci\u00f3n NULL. Esto da como resultado el siguiente s\u00edmbolo KASAN: KASAN: quiz\u00e1s acceso a memoria salvaje en el rango [0x04a2013400000008-0x04a201340000000f]"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4",
"matchCriteriaId": "329978FD-8C0A-434C-8A41-06341C7675F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C40DD2D9-90E3-4E95-9F1A-E7C680F11F2A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

100
CVE-2024/CVE-2024-364xx/CVE-2024-36477.json
View File

@ -2,27 +2,115 @@
"id": "CVE-2024-36477",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-21T12:15:11.040",
"lastModified": "2024-06-21T15:58:51.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T18:38:40.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer\n\nThe TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the\nmaximum transfer length and the size of the transfer buffer. As such, it\ndoes not account for the 4 bytes of header that prepends the SPI data\nframe. This can result in out-of-bounds accesses and was confirmed with\nKASAN.\n\nIntroduce SPI_HDRSIZE to account for the header and use to allocate the\ntransfer buffer."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tpm_tis_spi: Cuenta para el encabezado SPI al asignar el b\u00fafer de transferencia TPM SPI El mecanismo de transferencia TPM SPI utiliza MAX_SPI_FRAMESIZE para calcular la longitud m\u00e1xima de transferencia y el tama\u00f1o del b\u00fafer de transferencia. Como tal, no tiene en cuenta los 4 bytes del encabezado que antepone el marco de datos SPI. Esto puede resultar en accesos fuera de los l\u00edmites y fue confirmado con KASAN. Introduzca SPI_HDRSIZE para tener en cuenta el encabezado y util\u00edcelo para asignar el b\u00fafer de transferencia."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.0",
"matchCriteriaId": "FF299551-1C36-496E-820D-BB75E2D6E5C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.1",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "6277DEEA-F81C-4E0A-A6D8-AC6163A00A7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.4",
"matchCriteriaId": "A500F935-F0ED-4DC7-AD02-9D7C365D13AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C40DD2D9-90E3-4E95-9F1A-E7C680F11F2A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1547183852dcdfcc25878db7dd3620509217b0cd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/195aba96b854dd664768f382cd1db375d8181f88",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/de13c56f99477b56980c7e00b09c776d16b7563d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

4
CVE-2024/CVE-2024-364xx/CVE-2024-36479.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36479",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-24T14:15:12.157",
"lastModified": "2024-06-24T14:15:12.157",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:47.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

100
CVE-2024/CVE-2024-364xx/CVE-2024-36481.json
View File

@ -2,27 +2,115 @@
"id": "CVE-2024-36481",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-21T12:15:11.110",
"lastModified": "2024-06-21T15:58:51.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T18:35:33.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/probes: fix error check in parse_btf_field()\n\nbtf_find_struct_member() might return NULL or an error via the\nERR_PTR() macro. However, its caller in parse_btf_field() only checks\nfor the NULL condition. Fix this by using IS_ERR() and returning the\nerror up the stack."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo/sondas: correcci\u00f3n de verificaci\u00f3n de errores en parse_btf_field() btf_find_struct_member() puede devolver NULL o un error a trav\u00e9s de la macro ERR_PTR(). Sin embargo, su llamador en parse_btf_field() solo verifica la condici\u00f3n NULL. Solucione este problema usando IS_ERR() y devolviendo el error en la pila."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"matchCriteriaId": "9D42A7C6-CE38-4D73-B7AC-615F6D53F783"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.1",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "6277DEEA-F81C-4E0A-A6D8-AC6163A00A7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.4",
"matchCriteriaId": "A500F935-F0ED-4DC7-AD02-9D7C365D13AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C40DD2D9-90E3-4E95-9F1A-E7C680F11F2A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4ed468edfeb54c7202e559eba74c25fac6a0dad0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ad4b202da2c498fefb69e5d87f67b946e7fe1e6a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e569eb34970281438e2b48a3ef11c87459fcfbcb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

4
CVE-2024/CVE-2024-370xx/CVE-2024-37021.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37021",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-24T14:15:12.237",
"lastModified": "2024-06-24T14:15:12.237",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:47.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-370xx/CVE-2024-37026.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37026",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-24T14:15:12.307",
"lastModified": "2024-06-24T14:15:12.307",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:47.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-370xx/CVE-2024-37092.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37092",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-24T13:15:10.010",
"lastModified": "2024-06-24T13:15:10.010",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:54.367",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-371xx/CVE-2024-37107.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37107",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-24T13:15:10.247",
"lastModified": "2024-06-24T13:15:10.247",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:54.367",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-371xx/CVE-2024-37109.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37109",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-24T13:15:10.483",
"lastModified": "2024-06-24T13:15:10.483",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:47.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-371xx/CVE-2024-37111.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37111",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-24T13:15:10.720",
"lastModified": "2024-06-24T13:15:10.720",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:47.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2024/CVE-2024-371xx/CVE-2024-37118.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-37118",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T14:15:12.477",
"lastModified": "2024-06-21T15:58:38.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T18:55:07.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through 5.3."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Uncanny Owl Uncanny Automator Pro. Este problema afecta a Uncanny Automator Pro: desde n/a hasta 5.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -34,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:uncannyowl:uncanny_automator:*:*:*:*:pro:wordpress:*:*",
"versionEndIncluding": "5.3",
"matchCriteriaId": "F3CFABDF-A604-44E9-8556-1B5C39DA5DAC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/uncanny-automator-pro/wordpress-uncanny-automator-pro-plugin-5-3-cross-site-request-forgery-csrf-leading-to-license-settings-reset-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Not Applicable"
]
}
]
}

61
CVE-2024/CVE-2024-371xx/CVE-2024-37198.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-37198",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T14:15:12.667",
"lastModified": "2024-06-21T15:58:38.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T18:55:25.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through 1.1.5."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en blazethemes Digital Newspaper. Este problema afecta a Digital Newspaper: desde n/a hasta 1.1.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blazethemes:digital_newspaper:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.6",
"matchCriteriaId": "BF363D9A-942E-47CD-84CE-DE1C0E7362C4"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/digital-newspaper/wordpress-digital-newspaper-theme-1-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-372xx/CVE-2024-37212.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-37212",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T14:15:12.890",
"lastModified": "2024-06-21T15:58:38.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T18:55:34.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through 3.3.5."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Ali2Woo Ali2Woo Lite. Este problema afecta a Ali2Woo Lite: desde n/a hasta 3.3.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ali2woo:ali2woo:*:*:*:*:lite:wordpress:*:*",
"versionEndIncluding": "3.3.5",
"matchCriteriaId": "191F4381-3D88-4811-B8EB-E8A3A56642B8"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ali2woo-lite/wordpress-aliexpress-dropshipping-with-alinext-lite-plugin-3-3-5-csrf-to-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-372xx/CVE-2024-37227.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-37227",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T14:15:13.130",
"lastModified": "2024-06-21T15:58:38.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T18:55:44.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Tribulant Newsletters. Este problema afecta a Newsletters: desde n/a hasta 4.9.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -34,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribulant:newsletters:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.9.8",
"matchCriteriaId": "5806F656-BCAE-4AB9-B899-4F1595118849"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/newsletters-lite/wordpress-newsletters-plugin-4-9-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-372xx/CVE-2024-37228.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37228",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-24T13:15:10.947",
"lastModified": "2024-06-24T13:15:10.947",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:47.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

51
CVE-2024/CVE-2024-372xx/CVE-2024-37230.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-37230",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T14:15:13.330",
"lastModified": "2024-06-21T15:58:38.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T18:55:55.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through 1.2.3."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Rara Theme Book Landing Page. Este problema afecta a Book Landing Page: desde n/a hasta 1.2.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rarathemes:book_landing_page:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.4",
"matchCriteriaId": "BC4354B6-EAFE-4CA1-A773-32EB1466C915"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/book-landing-page/wordpress-book-landing-page-theme-1-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-372xx/CVE-2024-37231.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37231",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-24T13:15:11.177",
"lastModified": "2024-06-24T13:15:11.177",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:47.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-372xx/CVE-2024-37233.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37233",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-24T13:15:11.400",
"lastModified": "2024-06-24T13:15:11.400",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:47.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

78
CVE-2024/CVE-2024-376xx/CVE-2024-37671.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2024-37671",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-21T17:15:10.867",
"lastModified": "2024-06-21T19:15:20.857",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:40:48.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the page parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting en el producto Tessi Docubase Document Management 5.x permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de p\u00e1gina."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tessi:docubase:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3FCA90-0A8A-4A9D-8613-1C8DA52D6BEE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://docubase.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "http://tessi.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/MohamedAzizMSALLEMI/Docubase_Security/blob/main/CVE-2024-37671.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

78
CVE-2024/CVE-2024-376xx/CVE-2024-37672.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2024-37672",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-21T17:15:10.963",
"lastModified": "2024-06-21T19:15:20.857",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:41:06.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the idactivity parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting en el producto Tessi Docubase Document Management 5.x permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro idactivity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tessi:docubase:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3FCA90-0A8A-4A9D-8613-1C8DA52D6BEE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://docubase.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "http://tessi.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/MohamedAzizMSALLEMI/Docubase_Security/blob/main/CVE-2024-37672.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

78
CVE-2024/CVE-2024-376xx/CVE-2024-37673.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2024-37673",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-21T17:15:11.053",
"lastModified": "2024-06-21T19:15:20.857",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:41:19.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting en el producto Tessi Docubase Document Management versi\u00f3n 5.x permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de nombre de archivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tessi:docubase:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3FCA90-0A8A-4A9D-8613-1C8DA52D6BEE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://docubase.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "http://tessi.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/MohamedAzizMSALLEMI/Docubase_Security/blob/main/CVE-2024-37673.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

78
CVE-2024/CVE-2024-376xx/CVE-2024-37675.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2024-37675",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-21T17:15:11.143",
"lastModified": "2024-06-21T19:15:20.857",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:41:31.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter \"sectionContent\" related to the functionality of adding notes to an uploaded file."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting en el producto Tessi Docubase Document Management versi\u00f3n 5.x permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro \"sectionContent\" relacionado con la funcionalidad de agregar notas a un archivo cargado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tessi:docubase:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3FCA90-0A8A-4A9D-8613-1C8DA52D6BEE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://docubase.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "http://tessi.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/MohamedAzizMSALLEMI/Docubase_Security/blob/main/CVE-2024-37675.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

20
CVE-2024/CVE-2024-376xx/CVE-2024-37677.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-37677",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-24T19:15:15.527",
"lastModified": "2024-06-24T19:26:35.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive information."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dabaizhizhu/123/issues/2",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-376xx/CVE-2024-37679.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-37679",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-24T19:15:15.617",
"lastModified": "2024-06-24T19:26:35.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., LTd Finnesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dabaizhizhu/123/issues/4",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-376xx/CVE-2024-37680.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-37680",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-24T19:15:15.697",
"lastModified": "2024-06-24T19:26:35.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the URL:weburl."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dabaizhizhu/123/issues/5",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-377xx/CVE-2024-37732.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-37732",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-24T19:15:15.780",
"lastModified": "2024-06-24T19:26:35.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file."
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/Aa272899/CHG-sec/issues/I9UO7X",
"source": "cve@mitre.org"
}
]
}

4
CVE-2024/CVE-2024-378xx/CVE-2024-37825.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37825",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-24T14:15:12.430",
"lastModified": "2024-06-24T14:15:12.430",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:47.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-383xx/CVE-2024-38369.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38369",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-24T17:15:10.593",
"lastModified": "2024-06-24T17:15:10.593",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:35.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-383xx/CVE-2024-38373.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38373",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-24T17:15:10.830",
"lastModified": "2024-06-24T17:15:10.830",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:35.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-383xx/CVE-2024-38384.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38384",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-24T14:15:12.547",
"lastModified": "2024-06-24T14:15:12.547",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:47.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

133
CVE-2024/CVE-2024-386xx/CVE-2024-38662.json
View File

@ -2,39 +2,154 @@
"id": "CVE-2024-38662",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-21T12:15:11.180",
"lastModified": "2024-06-21T15:58:51.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T18:34:17.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Allow delete from sockmap/sockhash only if update is allowed\n\nWe have seen an influx of syzkaller reports where a BPF program attached to\na tracepoint triggers a locking rule violation by performing a map_delete\non a sockmap/sockhash.\n\nWe don't intend to support this artificial use scenario. Extend the\nexisting verifier allowed-program-type check for updating sockmap/sockhash\nto also cover deleting from a map.\n\nFrom now on only BPF programs which were previously allowed to update\nsockmap/sockhash can delete from these map types."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bpf: permitir la eliminaci\u00f3n de sockmap/sockhash solo si se permite la actualizaci\u00f3n. Hemos visto una afluencia de informes de syzkaller donde un programa BPF adjunto a un punto de seguimiento desencadena una violaci\u00f3n de la regla de bloqueo al realizar un map_delete en un mapa de calcetines/sockhash. No pretendemos apoyar este escenario de uso artificial. Ampl\u00ede la verificaci\u00f3n de tipo de programa permitido del verificador existente para actualizar sockmap/sockhash para cubrir tambi\u00e9n la eliminaci\u00f3n de un mapa. De ahora en adelante, s\u00f3lo los programas BPF a los que anteriormente se les permit\u00eda actualizar sockmap/sockhash pueden eliminar de estos tipos de mapas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndExcluding": "5.10.219",
"matchCriteriaId": "5311C980-4CDF-4C10-8875-F04ED0F03398"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15",
"versionEndExcluding": "5.15.161",
"matchCriteriaId": "E2AB5A01-EFFD-4A24-8CCB-4A016C8C4BB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1",
"versionEndExcluding": "6.1.93",
"matchCriteriaId": "7446FC33-DC4F-4D31-94B5-FB577CFA66F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "53BC60D9-65A5-4D8F-96C8-149F09214DBD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.4",
"matchCriteriaId": "A500F935-F0ED-4DC7-AD02-9D7C365D13AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C40DD2D9-90E3-4E95-9F1A-E7C680F11F2A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/000a65bf1dc04fb2b65e2abf116f0bc0fc2ee7b1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/11e8ecc5b86037fec43d07b1c162e233e131b1d9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/29467edc23818dc5a33042ffb4920b49b090e63d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6693b172f008846811f48a099f33effc26068e1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b81e1c5a3c70398cf76631ede63a03616ed1ba3c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

4
CVE-2024/CVE-2024-386xx/CVE-2024-38663.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38663",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-24T14:15:12.630",
"lastModified": "2024-06-24T14:15:12.630",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:47.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-386xx/CVE-2024-38664.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38664",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-24T14:15:12.707",
"lastModified": "2024-06-24T14:15:12.707",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:35.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-386xx/CVE-2024-38667.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38667",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-24T14:15:12.790",
"lastModified": "2024-06-24T14:15:12.790",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:35.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

165
CVE-2024/CVE-2024-387xx/CVE-2024-38780.json
View File

@ -2,47 +2,190 @@
"id": "CVE-2024-38780",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-21T12:15:11.253",
"lastModified": "2024-06-21T15:58:51.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:17:28.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf/sw-sync: don't enable IRQ from sync_print_obj()\n\nSince commit a6aa8fca4d79 (\"dma-buf/sw-sync: Reduce irqsave/irqrestore from\nknown context\") by error replaced spin_unlock_irqrestore() with\nspin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despite\nsync_print_obj() is called from sync_debugfs_show(), lockdep complains\ninconsistent lock state warning.\n\nUse plain spin_{lock,unlock}() for sync_print_obj(), for\nsync_debugfs_show() is already using spin_{lock,unlock}_irq()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dma-buf/sw-sync: no habilitar IRQ desde sync_print_obj() Desde el commit a6aa8fca4d79 (\"dma-buf/sw-sync: reducir irqsave/irqrestore desde el contexto conocido\" ) por error reemplaz\u00f3 spin_unlock_irqrestore() con spin_unlock_irq() tanto para sync_debugfs_show() como para sync_print_obj() a pesar de que sync_print_obj() se llama desde sync_debugfs_show(), lockdep se queja de una advertencia de estado de bloqueo inconsistente. Utilice spin_{lock,unlock}() simple para sync_print_obj(), ya que sync_debugfs_show() ya est\u00e1 usando spin_{lock,unlock}_irq()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14",
"matchCriteriaId": "B315D019-A13E-4F3D-A112-34814763334F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19",
"versionEndExcluding": "4.19.316",
"matchCriteriaId": "34445C8D-D7E6-4796-B792-C9257E89257B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4",
"versionEndExcluding": "5.4.278",
"matchCriteriaId": "8E2371B0-4787-4038-B526-021D4CF93B31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndExcluding": "5.10.219",
"matchCriteriaId": "5311C980-4CDF-4C10-8875-F04ED0F03398"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15",
"versionEndExcluding": "5.15.161",
"matchCriteriaId": "E2AB5A01-EFFD-4A24-8CCB-4A016C8C4BB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1",
"versionEndExcluding": "6.1.93",
"matchCriteriaId": "7446FC33-DC4F-4D31-94B5-FB577CFA66F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "53BC60D9-65A5-4D8F-96C8-149F09214DBD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.4",
"matchCriteriaId": "A500F935-F0ED-4DC7-AD02-9D7C365D13AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C40DD2D9-90E3-4E95-9F1A-E7C680F11F2A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/165b25e3ee9333f7b04f8db43895beacb51582ed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1ff116f68560a25656933d5a18e7619cb6773d8a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/242b30466879e6defa521573c27e12018276c33a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8a283cdfc8beeb14024387a925247b563d614e1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9d75fab2c14a25553a1664586ed122c316bd1878",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a4ee78244445ab73af22bfc5a5fc543963b25aef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b794918961516f667b0c745aebdfebbb8a98df39",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

126
CVE-2024/CVE-2024-392xx/CVE-2024-39277.json
View File

@ -2,35 +2,145 @@
"id": "CVE-2024-39277",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-21T12:15:11.330",
"lastModified": "2024-06-21T15:58:51.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:17:48.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-mapping: benchmark: handle NUMA_NO_NODE correctly\n\ncpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark()\nresulting in the following sanitizer report:\n\nUBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28\nindex -1 is out of range for type 'cpumask [64][1]'\nCPU: 1 PID: 990 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n <TASK>\ndump_stack_lvl (lib/dump_stack.c:117)\nubsan_epilogue (lib/ubsan.c:232)\n__ubsan_handle_out_of_bounds (lib/ubsan.c:429)\ncpumask_of_node (arch/x86/include/asm/topology.h:72) [inline]\ndo_map_benchmark (kernel/dma/map_benchmark.c:104)\nmap_benchmark_ioctl (kernel/dma/map_benchmark.c:246)\nfull_proxy_unlocked_ioctl (fs/debugfs/file.c:333)\n__x64_sys_ioctl (fs/ioctl.c:890)\ndo_syscall_64 (arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nUse cpumask_of_node() in place when binding a kernel thread to a cpuset\nof a particular node.\n\nNote that the provided node id is checked inside map_benchmark_ioctl().\nIt's just a NUMA_NO_NODE case which is not handled properly later.\n\nFound by Linux Verification Center (linuxtesting.org)."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dma-mapping: benchmark: maneja NUMA_NO_NODE correctamente. Se puede llamar a cpumask_of_node() para NUMA_NO_NODE dentro de do_map_benchmark(), lo que genera el siguiente informe de sanitizaci\u00f3n: UBSAN: array-index-out-of- Los l\u00edmites en ./arch/x86/include/asm/topology.h:72:28 el \u00edndice -1 est\u00e1n fuera del rango para el tipo 'cpumask [64][1]' CPU: 1 PID: 990 Comm: dma_map_benchma No contaminado 6.9. 0-rc6 #29 Nombre de hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996) Seguimiento de llamadas: dump_stack_lvl (lib/dump_stack.c:117) ubsan_epilogue (lib/ubsan.c:232) __ubsan_handle_out_of_bounds (lib/ubsan. c:429) cpumask_of_node (arch/x86/include/asm/topology.h:72) [en l\u00ednea] do_map_benchmark (kernel/dma/map_benchmark.c:104) map_benchmark_ioctl (kernel/dma/map_benchmark.c:246) full_proxy_unlocked_ioctl (fs /debugfs/file.c:333) __x64_sys_ioctl (fs/ioctl.c:890) do_syscall_64 (arch/x86/entry/common.c:83) Entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Utilice cpumask_of_node( ) en su lugar al vincular un subproceso del kernel a un cpuset de un nodo en particular. Tenga en cuenta que la identificaci\u00f3n del nodo proporcionada se verifica dentro de map_benchmark_ioctl(). Es s\u00f3lo un caso NUMA_NO_NODE que no se maneja adecuadamente m\u00e1s adelante. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.11",
"matchCriteriaId": "89EC14A5-9B15-472C-A870-D93968B329AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15",
"versionEndExcluding": "5.15.161",
"matchCriteriaId": "E2AB5A01-EFFD-4A24-8CCB-4A016C8C4BB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1",
"versionEndExcluding": "6.1.93",
"matchCriteriaId": "7446FC33-DC4F-4D31-94B5-FB577CFA66F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "53BC60D9-65A5-4D8F-96C8-149F09214DBD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.4",
"matchCriteriaId": "A500F935-F0ED-4DC7-AD02-9D7C365D13AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C40DD2D9-90E3-4E95-9F1A-E7C680F11F2A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/50ee21bfc005e69f183d6b4b454e33f0c2571e1f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5a91116b003175302f2e6ad94b76fb9b5a141a41",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8e1ba9df9a35e8dc64f657a64e523c79ba01e464",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b41b0018e8ca06e985e87220a618ec633988fd13",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e64746e74f717961250a155e14c156616fcd981f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

4
CVE-2024/CVE-2024-392xx/CVE-2024-39291.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39291",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-24T14:15:12.863",
"lastModified": "2024-06-24T14:15:12.863",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:35.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-392xx/CVE-2024-39292.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39292",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-24T14:15:12.943",
"lastModified": "2024-06-24T14:15:12.943",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:35.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

69
CVE-2024/CVE-2024-44xx/CVE-2024-4477.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2024-4477",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-21T06:15:12.347",
"lastModified": "2024-06-21T11:22:01.687",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-24T19:34:12.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting"
},
{
"lang": "es",
"value": "El complemento WP Logs Book WordPress hasta la versi\u00f3n 1.0.1 no sanitiza ni escapa algunos de sus datos de registro antes de devolverlos a un panel de administraci\u00f3n, lo que genera un Cross-Site Scripting Almacenado no autenticado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:onetarek:wp_logs_book:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.1",
"matchCriteriaId": "6741B07F-84FB-4D46-815E-275BBAD5D6B4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/ab551552-944c-4e2a-9355-7011cbe553b0/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-46xx/CVE-2024-4616.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2024-4616",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-21T06:15:12.427",
"lastModified": "2024-06-21T11:22:01.687",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-24T19:34:00.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users"
},
{
"lang": "es",
"value": "El complemento Widget Bundle de WordPress hasta la versi\u00f3n 2.0.0 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera un Cross-Site Scripting Reflejado que podr\u00eda usarse solo contra usuarios no autenticados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:devnath_verma:widget_bundle:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.0",
"matchCriteriaId": "BE45C4D0-99DA-495C-A032-A329C38D5963"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/d203bf3b-aee9-4755-b429-d6bbdd940890/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-47xx/CVE-2024-4748.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4748",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-06-24T14:15:13.030",
"lastModified": "2024-06-24T14:15:13.030",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:35.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

69
CVE-2024/CVE-2024-47xx/CVE-2024-4755.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2024-4755",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-21T06:15:12.507",
"lastModified": "2024-06-21T11:22:01.687",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-24T19:31:03.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento Google CSE WordPress hasta la versi\u00f3n 1.0.7 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erikeng:google_cse:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.7",
"matchCriteriaId": "FFDB6E6C-5D13-47A8-9A87-EF3094CA1671"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/adc6ea6d-29d8-4ad0-b0db-2540e8b3f9a9/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-48xx/CVE-2024-4839.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4839",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-24T13:15:11.900",
"lastModified": "2024-06-24T13:15:11.900",
"vulnStatus": "Received",
"lastModified": "2024-06-24T19:26:47.037",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

64
CVE-2024/CVE-2024-48xx/CVE-2024-4874.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4874",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-22T05:15:11.837",
"lastModified": "2024-06-24T12:57:36.513",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-24T19:41:12.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bricksbuilder:bricks:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.9.9",
"matchCriteriaId": "07E03076-E07E-4943-A79F-E3FD5CE283E0"
}
]
}
]
}
],
"references": [
{
"url": "https://bricksbuilder.io/release/bricks-1-9-9/#access-control-fix-for-user-role-contributor",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d63e898-43e5-42b5-96b6-1453352e0cae?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-49xx/CVE-2024-4969.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2024-4969",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-21T06:15:12.587",
"lastModified": "2024-06-21T11:22:01.687",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-24T19:30:53.110",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack"
},
{
"lang": "es",
"value": "El complemento Widget Bundle de WordPress hasta la versi\u00f3n 2.0.0 no tiene comprobaciones CSRF al registrar widgets, lo que podr\u00eda permitir a los atacantes habilitar/deshabilitar los widgets del administrador registrado a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:devnath_verma:widget_bundle:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.0",
"matchCriteriaId": "BE45C4D0-99DA-495C-A032-A329C38D5963"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/1a7ec5dc-eda4-4fed-9df9-f41d2b937fed/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-49xx/CVE-2024-4970.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2024-4970",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-21T06:15:12.670",
"lastModified": "2024-06-21T11:22:01.687",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-24T19:30:39.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento Widget Bundle de WordPress hasta la versi\u00f3n 2.0.0 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:devnath_verma:widget_bundle:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.0",
"matchCriteriaId": "BE45C4D0-99DA-495C-A032-A329C38D5963"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/4a9fc352-7ec2-4992-9cda-7bdca4f42788/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-50xx/CVE-2024-5058.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-5058",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T12:15:11.443",
"lastModified": "2024-06-21T15:58:51.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T19:18:35.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Typing Text allows Stored XSS.This issue affects Typing Text: from n/a through 1.2.5."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WPDeveloper Typing Text permite XSS Almacenado. Este problema afecta a Typing Text: desde n/a hasta 1.2.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdeveloper:typing_text:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.6",
"matchCriteriaId": "3AEBE339-1429-45D5-80F6-6FC12D86000D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/typing-text/wordpress-typing-text-plugin-1-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-50xx/CVE-2024-5059.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-5059",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-21T13:15:12.727",
"lastModified": "2024-06-21T15:58:38.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-24T18:49:29.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through 1.4.0."
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en A WP Life Event Management Tickets Booking. Este problema afecta a Event Management Tickets Booking: desde n/a hasta 1.4.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:awplife:event_monster:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.0",
"matchCriteriaId": "8B2AB4C2-3AC7-4A9D-B8AA-20C72EA37E19"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/event-monster/wordpress-event-monster-plugin-1-4-0-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2024/CVE-2024-51xx/CVE-2024-5191.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2024-5191",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-21T07:15:10.420",
"lastModified": "2024-06-21T11:22:01.687",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-24T19:25:23.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Branda \u2013 White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018mime_types\u2019 parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Branda \u2013 White Label WordPress, Custom Login Page Customizer para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro 'mime_types' en todas las versiones hasta la 3.4.17 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de autor y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -34,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpmudev:branda:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.4.18",
"matchCriteriaId": "FABF85B8-0B1C-4050-BE76-254B421DA27F"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/branda-white-labeling/tags/3.4.17/inc/modules/utilities/images.php#L58",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3104910/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/31f4bad5-3a11-42c6-a336-6bd178ab5113?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-54xx/CVE-2024-5447.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2024-5447",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-21T06:15:12.757",
"lastModified": "2024-06-21T11:22:01.687",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-24T19:27:17.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode de WordPress hasta la versi\u00f3n 1.7 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenadoincluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en configuraci\u00f3n multisitio)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mohsinrasool:paypal_pay_now\\,_buy_now\\,_donation_and_cart_buttons_shortcode:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.7",
"matchCriteriaId": "A28078A9-0A0F-4191-8C1C-54BE39B0EF6C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/a692b869-1666-42d1-b56d-dfcccd68ab67/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

Some files were not shown because too many files have changed in this diff Show More