admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-27T15:00:31.814574+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-27 15:03:20 +00:00
parent 78e8a5635e
commit b53233b946
82 changed files with 4520 additions and 386 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
CVE-2021/CVE-2021-305xx/CVE-2021-30560.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-30560",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2021-08-03T19:15:08.127",
"lastModified": "2023-10-31T15:15:08.450",
"vulnStatus": "Modified",
"lastModified": "2024-03-27T14:45:52.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -127,6 +127,35 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndExcluding": "8.2.12",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.6",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"
}
]
}
]
}
],
"references": [
@ -157,7 +186,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-23",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2022/dsa-5216",

51
CVE-2022/CVE-2022-429xx/CVE-2022-42915.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-42915",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-10-29T20:15:09.700",
"lastModified": "2023-11-07T03:53:41.050",
"vulnStatus": "Modified",
"lastModified": "2024-03-27T14:59:29.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -239,6 +239,35 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndExcluding": "8.2.12",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.6",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"
}
]
}
]
}
],
"references": [
@ -267,15 +296,27 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202212-01",

51
CVE-2022/CVE-2022-429xx/CVE-2022-42916.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-42916",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-10-29T02:15:09.047",
"lastModified": "2023-11-07T03:53:41.300",
"vulnStatus": "Modified",
"lastModified": "2024-03-27T14:59:02.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -115,6 +115,35 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndExcluding": "8.2.12",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.6",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"
}
]
}
]
}
],
"references": [
@ -151,15 +180,27 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202212-01",

35
CVE-2022/CVE-2022-435xx/CVE-2022-43551.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-43551",
"sourceIdentifier": "support@hackerone.com",
"published": "2022-12-23T15:15:15.777",
"lastModified": "2023-10-20T18:57:25.710",
"lastModified": "2024-03-27T14:58:37.930",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en la verificaci\u00f3n HSTS de curl &lt;7.87.0 que podr\u00eda omitirse para enga\u00f1arlo y seguir usando HTTP. Usando su soporte HSTS, se puede indicar a curl que use HTTPS en lugar de usar un paso HTTP de texto plano inseguro incluso cuando se proporciona HTTP en la URL. Sin embargo, el mecanismo HSTS podr\u00eda omitirse si el nombre de host en la URL dada utiliza primero caracteres IDN que se reemplazan por sus hom\u00f3logos ASCII como parte de la conversi\u00f3n de IDN. Como usar el car\u00e1cter UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) en lugar del punto com\u00fan ASCII (U+002E) `.`. Luego, en una solicitud posterior, no detecta el estado HSTS y realiza una transferencia de texto plano. Porque almacenar\u00eda la informaci\u00f3n IDN codificada pero la buscar\u00eda IDN decodificada."
}
],
"metrics": {
@ -123,6 +127,35 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndExcluding": "8.2.12",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.6",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"
}
]
}
]
}
],
"references": [

31
CVE-2022/CVE-2022-435xx/CVE-2022-43552.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-43552",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-02-09T20:15:10.950",
"lastModified": "2023-10-20T18:57:21.877",
"lastModified": "2024-03-27T14:55:09.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -89,6 +89,35 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndExcluding": "8.2.12",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.6",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"
}
]
}
]
}
],
"references": [

55
CVE-2022/CVE-2022-458xx/CVE-2022-45847.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-45847",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T14:15:08.270",
"lastModified": "2024-03-27T14:15:08.270",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WPAssist.Me WordPress Countdown Widget allows Cross-Site Scripting (XSS).This issue affects WordPress Countdown Widget: from n/a through 3.1.9.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wordpress-countdown-widget/wordpress-countdown-widget-plugin-3-1-9-1-cross-site-request-forgery-csrf-leading-to-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

31
CVE-2023/CVE-2023-239xx/CVE-2023-23914.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23914",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-02-23T20:15:13.637",
"lastModified": "2023-10-20T18:57:11.737",
"lastModified": "2024-03-27T14:55:05.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -201,6 +201,35 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndExcluding": "8.2.12",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.6",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"
}
]
}
]
}
],
"references": [

31
CVE-2023/CVE-2023-239xx/CVE-2023-23915.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23915",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-02-23T20:15:13.703",
"lastModified": "2023-10-20T18:57:08.397",
"lastModified": "2024-03-27T14:55:01.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -201,6 +201,35 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndExcluding": "8.2.12",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.6",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"
}
]
}
]
}
],
"references": [

41
CVE-2023/CVE-2023-239xx/CVE-2023-23916.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23916",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-02-23T20:15:13.777",
"lastModified": "2023-11-07T04:08:05.690",
"vulnStatus": "Modified",
"lastModified": "2024-03-27T14:54:58.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,7 +46,7 @@
]
},
{
"source": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"source": "support@hackerone.com",
"type": "Secondary",
"description": [
{
@ -231,6 +231,35 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndExcluding": "8.2.12",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.6",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"
}
]
}
]
}
],
"references": [
@ -252,7 +281,11 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO/",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202310-12",

41
CVE-2023/CVE-2023-275xx/CVE-2023-27533.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27533",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-03-30T20:15:07.373",
"lastModified": "2023-11-07T04:09:58.970",
"vulnStatus": "Modified",
"lastModified": "2024-03-27T14:54:51.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,7 +46,7 @@
]
},
{
"source": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"source": "support@hackerone.com",
"type": "Secondary",
"description": [
{
@ -216,6 +216,35 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndExcluding": "8.2.12",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.6",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"
}
]
}
]
}
],
"references": [
@ -236,7 +265,11 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202310-12",

45
CVE-2023/CVE-2023-275xx/CVE-2023-27534.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27534",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-03-30T20:15:07.427",
"lastModified": "2024-03-17T12:15:07.023",
"vulnStatus": "Modified",
"lastModified": "2024-03-27T14:54:34.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -216,6 +216,35 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndExcluding": "8.2.12",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.6",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"
}
]
}
]
}
],
"references": [
@ -229,11 +258,19 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00016.html",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202310-12",

41
CVE-2023/CVE-2023-275xx/CVE-2023-27535.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27535",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-03-30T20:15:07.483",
"lastModified": "2023-11-07T04:09:59.127",
"vulnStatus": "Modified",
"lastModified": "2024-03-27T14:47:21.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,7 +46,7 @@
]
},
{
"source": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"source": "support@hackerone.com",
"type": "Secondary",
"description": [
{
@ -231,6 +231,35 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndExcluding": "8.2.12",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.6",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"
}
]
}
]
}
],
"references": [
@ -252,7 +281,11 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202310-12",

41
CVE-2023/CVE-2023-275xx/CVE-2023-27536.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27536",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-03-30T20:15:07.547",
"lastModified": "2023-11-07T04:09:59.200",
"vulnStatus": "Modified",
"lastModified": "2024-03-27T14:46:55.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,7 +46,7 @@
]
},
{
"source": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"source": "support@hackerone.com",
"type": "Secondary",
"description": [
{
@ -241,6 +241,35 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndExcluding": "8.2.12",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.6",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"
}
]
}
]
}
],
"references": [
@ -262,7 +291,11 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202310-12",

31
CVE-2023/CVE-2023-275xx/CVE-2023-27537.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27537",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-03-30T20:15:07.617",
"lastModified": "2023-10-20T18:44:28.253",
"lastModified": "2024-03-27T14:46:22.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -209,6 +209,35 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndExcluding": "8.2.12",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.6",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"
}
]
}
]
}
],
"references": [

31
CVE-2023/CVE-2023-275xx/CVE-2023-27538.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27538",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-03-30T20:15:07.677",
"lastModified": "2023-10-20T18:43:26.050",
"lastModified": "2024-03-27T14:46:06.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -236,6 +236,35 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndExcluding": "8.2.12",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.6",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"
}
]
}
]
}
],
"references": [

112
CVE-2023/CVE-2023-33xx/CVE-2023-3390.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3390",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-06-28T21:15:10.447",
"lastModified": "2024-01-11T19:15:10.293",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-03-27T14:11:37.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -91,8 +91,85 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16",
"versionEndExcluding": "6.4",
"matchCriteriaId": "1C12E20E-DA5B-46BA-A7C9-7190D48F59D6"
"versionEndExcluding": "4.14.322",
"matchCriteriaId": "972136DA-4F77-490A-B239-498F36EEDCBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.291",
"matchCriteriaId": "D2D2CA9F-4CC4-4AF5-8C6D-E58415AB782E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.251",
"matchCriteriaId": "7FA663C4-CA72-4B5A-8592-7354D978F58E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.188",
"matchCriteriaId": "43CAE50A-4A6C-488E-813C-F8DB77C13C8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.118",
"matchCriteriaId": "08F0D9B5-7024-417D-ABDD-BAAB8C645D72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.35",
"matchCriteriaId": "05A707A2-83A7-4FED-8BE0-DBB381F97694"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.3.9",
"matchCriteriaId": "7DE06036-A8A1-4685-8575-2B94D6FD3278"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
}
]
}
@ -102,7 +179,11 @@
"references": [
{
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97",
@ -121,15 +202,25 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230818-0004/",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5448",
@ -140,7 +231,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5461",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-340xx/CVE-2023-34020.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34020",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T14:15:08.683",
"lastModified": "2024-03-27T14:15:08.683",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/uncanny-learndash-toolkit/wordpress-uncanny-toolkit-for-learndash-plugin-3-6-4-3-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-393xx/CVE-2023-39311.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39311",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T14:15:09.013",
"lastModified": "2024-03-27T14:15:09.013",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/fusion-builder/wordpress-avada-builder-plugin-3-11-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-449xx/CVE-2023-44999.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44999",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T14:15:09.253",
"lastModified": "2024-03-27T14:15:09.253",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-gateway-stripe/wordpress-woocommerce-stripe-gateway-plugin-7-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-509xx/CVE-2023-50961.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-50961",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-03-27T13:15:46.300",
"lastModified": "2024-03-27T13:15:46.300",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275939."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275939",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7145262",
"source": "psirt@us.ibm.com"
}
]
}

12
CVE-2023/CVE-2023-524xx/CVE-2023-52447.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52447",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.580",
"lastModified": "2024-03-14T19:46:43.030",
"vulnStatus": "Analyzed",
"lastModified": "2024-03-27T14:15:09.523",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -84,6 +84,10 @@
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/37d98fb9c3144c0fddf7f6e99aece9927ac8dce6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/62fca83303d608ad4fec3f7428c8685680bb01b0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -98,6 +102,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/90c445799fd1dc214d7c6279c144e33a35e29ef2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bfd9b20c4862f41d4590fde11d70a5eeae53dcc5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

55
CVE-2023/CVE-2023-61xx/CVE-2023-6153.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6153",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-03-27T13:15:46.503",
"lastModified": "2024-03-27T13:15:46.503",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass.This issue affects TeoBASE: through 20240327.\u00a0NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-305"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0238",
"source": "iletisim@usom.gov.tr"
}
]
}

55
CVE-2023/CVE-2023-64xx/CVE-2023-6400.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6400",
"sourceIdentifier": "security@opentext.com",
"published": "2024-03-27T13:15:46.700",
"lastModified": "2024-03-27T13:15:46.700",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in OpenText\u2122 ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and 23.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@opentext.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.7,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@opentext.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000027630?language=en_US",
"source": "security@opentext.com"
}
]
}

15
CVE-2024/CVE-2024-224xx/CVE-2024-22413.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2024-22413",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-27T13:15:46.900",
"lastModified": "2024-03-27T13:15:46.900",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: Further research determined the issue is not a vulnerability. The Creditcoin blockchain team takes the stance that there is no real bug or vulnerability here and that the creditcoin-cli command is working as it was designed to."
}
],
"metrics": {},
"references": []
}

55
CVE-2024/CVE-2024-235xx/CVE-2024-23510.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-23510",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T14:15:09.627",
"lastModified": "2024-03-27T14:15:09.627",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Martyn Chamberlin Don't Muck My Markup.This issue affects Don't Muck My Markup: from n/a through 1.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/dont-muck-my-markup/wordpress-don-t-muck-my-markup-plugin-1-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-235xx/CVE-2024-23515.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-23515",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T14:15:09.920",
"lastModified": "2024-03-27T14:15:09.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video Players.This issue affects Post Video Players: from n/a through 1.159.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/video-playlist-and-gallery-plugin/wordpress-cincopa-video-and-media-plugin-1-158-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

45
CVE-2024/CVE-2024-266xx/CVE-2024-26624.json
View File

@ -2,51 +2,14 @@
"id": "CVE-2024-26624",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:12.360",
"lastModified": "2024-03-06T15:18:08.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-27T14:15:10.163",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: fix lockdep positive in sk_diag_dump_icons()\n\nsyzbot reported a lockdep splat [1].\n\nBlamed commit hinted about the possible lockdep\nviolation, and code used unix_state_lock_nested()\nin an attempt to silence lockdep.\n\nIt is not sufficient, because unix_state_lock_nested()\nis already used from unix_state_double_lock().\n\nWe need to use a separate subclass.\n\nThis patch adds a distinct enumeration to make things\nmore explicit.\n\nAlso use swap() in unix_state_double_lock() as a clean up.\n\nv2: add a missing inline keyword to unix_state_lock_nested()\n\n[1]\nWARNING: possible circular locking dependency detected\n6.8.0-rc1-syzkaller-00356-g8a696a29c690 #0 Not tainted\n\nsyz-executor.1/2542 is trying to acquire lock:\n ffff88808b5df9e8 (rlock-AF_UNIX){+.+.}-{2:2}, at: skb_queue_tail+0x36/0x120 net/core/skbuff.c:3863\n\nbut task is already holding lock:\n ffff88808b5dfe70 (&u->lock/1){+.+.}-{2:2}, at: unix_dgram_sendmsg+0xfc7/0x2200 net/unix/af_unix.c:2089\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (&u->lock/1){+.+.}-{2:2}:\n lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n _raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378\n sk_diag_dump_icons net/unix/diag.c:87 [inline]\n sk_diag_fill+0x6ea/0xfe0 net/unix/diag.c:157\n sk_diag_dump net/unix/diag.c:196 [inline]\n unix_diag_dump+0x3e9/0x630 net/unix/diag.c:220\n netlink_dump+0x5c1/0xcd0 net/netlink/af_netlink.c:2264\n __netlink_dump_start+0x5d7/0x780 net/netlink/af_netlink.c:2370\n netlink_dump_start include/linux/netlink.h:338 [inline]\n unix_diag_handler_dump+0x1c3/0x8f0 net/unix/diag.c:319\n sock_diag_rcv_msg+0xe3/0x400\n netlink_rcv_skb+0x1df/0x430 net/netlink/af_netlink.c:2543\n sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x7e6/0x980 net/netlink/af_netlink.c:1367\n netlink_sendmsg+0xa37/0xd70 net/netlink/af_netlink.c:1908\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_write_iter+0x39a/0x520 net/socket.c:1160\n call_write_iter include/linux/fs.h:2085 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xa74/0xca0 fs/read_write.c:590\n ksys_write+0x1a0/0x2c0 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\n-> #0 (rlock-AF_UNIX){+.+.}-{2:2}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x1909/0x5ab0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162\n skb_queue_tail+0x36/0x120 net/core/skbuff.c:3863\n unix_dgram_sendmsg+0x15d9/0x2200 net/unix/af_unix.c:2112\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n ____sys_sendmsg+0x592/0x890 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmmsg+0x3b2/0x730 net/socket.c:2724\n __do_sys_sendmmsg net/socket.c:2753 [inline]\n __se_sys_sendmmsg net/socket.c:2750 [inline]\n __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2750\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 \n---truncated---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: af_unix: corrige el bloqueo positivo en sk_diag_dump_icons() syzbot inform\u00f3 un bloqueo del bloqueo [1]. La confirmaci\u00f3n culpada insinu\u00f3 la posible violaci\u00f3n de lockdep y el c\u00f3digo us\u00f3 unix_state_lock_nested() en un intento de silenciar lockdep. No es suficiente, porque unix_state_lock_nested() ya se usa desde unix_state_double_lock(). Necesitamos usar una subclase separada. Este parche agrega una enumeraci\u00f3n distinta para hacer las cosas m\u00e1s expl\u00edcitas. Utilice tambi\u00e9n swap() en unix_state_double_lock() como limpieza. v2: agregue una palabra clave en l\u00ednea faltante a unix_state_lock_nested() [1] ADVERTENCIA: se detect\u00f3 posible dependencia de bloqueo circular 6.8.0-rc1-syzkaller-00356-g8a696a29c690 #0 No contaminado syz-executor.1/2542 est\u00e1 intentando adquirir el bloqueo: ffff88808b5df9e8 (rlock-AF_UNIX){+.+.}-{2:2}, en: skb_queue_tail+0x36/0x120 net/core/skbuff.c:3863 pero la tarea ya mantiene el bloqueo: ffff88808b5dfe70 (&amp;u-&gt;lock/1) {+.+.}-{2:2}, en: unix_dgram_sendmsg+0xfc7/0x2200 net/unix/af_unix.c:2089 cuyo bloqueo ya depende del nuevo bloqueo. la cadena de dependencia existente (en orden inverso) es: -&gt; #1 (&amp;u-&gt;lock/1){+.+.}-{2:2}: lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754 _raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378 sk_diag_dump_icons net/unix/diag.c:87 [en l\u00ednea] sk_diag_fill+0x6ea/0xfe0 net/unix/diag.c:157 sk_diag_dump net/unix/diag.c: 196 [en l\u00ednea] unix_diag_dump+0x3e9/0x630 net/unix/diag.c:220 netlink_dump+0x5c1/0xcd0 net/netlink/af_netlink.c:2264 __netlink_dump_start+0x5d7/0x780 net/netlink/af_netlink.c:2370 netlink_dump_start include/linux /netlink.h:338 [en l\u00ednea] unix_diag_handler_dump+0x1c3/0x8f0 net/unix/diag.c:319 sock_diag_rcv_msg+0xe3/0x400 netlink_rcv_skb+0x1df/0x430 net/netlink/af_netlink.c:2543 sock_diag_rcv+0x2a/0x 40 neto/n\u00facleo /sock_diag.c:280 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [en l\u00ednea] netlink_unicast+0x7e6/0x980 net/netlink/af_netlink.c:1367 netlink_sendmsg+0xa37/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/ socket.c:730 [en l\u00ednea] __sock_sendmsg net/socket.c:745 [en l\u00ednea] sock_write_iter+0x39a/0x520 net/socket.c:1160 call_write_iter include/linux/fs.h:2085 [en l\u00ednea] new_sync_write fs/read_write.c :497 [en l\u00ednea] vfs_write+0xa74/0xca0 fs/read_write.c:590 ksys_write+0x1a0/0x2c0 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf5/0x230 arch /x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x63/0x6b -&gt; #0 (rlock-AF_UNIX){+.+.}-{2:2}: check_prev_add kernel/locking/lockdep.c:3134 [en l\u00ednea] check_prevs_add kernel/locking/lockdep.c:3253 [en l\u00ednea] validar_chain+0x1909/0x5ab0 kernel/locking/lockdep.c:3869 __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137 lock_acquire+0x1e3/0x530 kernel/locking/ lockdep.c:5754 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [en l\u00ednea] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 skb_queue_tail+0x36/0x120 net/core/skbuff.c:3863 unix_dgram_send mensaje+0x15d9/ 0x2200 net/unix/af_unix.c:2112 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] __sock_sendmsg net/socket.c:745 [en l\u00ednea] ____sys_sendmsg+0x592/0x890 net/socket.c:2584 ___sys_sendmsg net/socket.c :2638 [en l\u00ednea] __sys_sendmmsg+0x3b2/0x730 net/socket.c:2724 __do_sys_sendmmsg net/socket.c:2753 [en l\u00ednea] __se_sys_sendmmsg net/socket.c:2750 [en l\u00ednea] __x64_sys_sendmmsg+0xa0/0xb0 net /socket.c: 2750 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x63/0x6b otra informaci\u00f3n que podr\u00eda ayudarnos a depurar esto: Posible escenario de bloqueo inseguro : CPU0 ---truncado---"
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4d322dce82a1d44f8c83f0f54f95dd1b8dcf46c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5e7f3e0381c002cb2abde42f09ad511991a8ebaf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/875f31aaa67e306098befa5e798a049075910fa7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a2104f43876408b164be5fd58f9b6a3a73b77746",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b169ffde733c5adf01788ae091c377f0eca44806",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c2d272a9a1e8f22ba584589219f6fe1886a3595f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c8f6b3b864cb876e9ee21666a391c9ee290682ac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f199018dc762dfa501f6d96a424468a0f3c10d9e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
"references": []
}

52
CVE-2024/CVE-2024-266xx/CVE-2024-26651.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2024-26651",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-27T14:15:10.243",
"lastModified": "2024-03-27T14:15:10.243",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsr9800: Add check for usbnet_get_endpoints\n\nAdd check for usbnet_get_endpoints() and return the error if it fails\nin order to transfer the error."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/07161b2416f740a2cb87faa5566873f401440a61",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/276873ae26c8d75b00747c1dadb9561d6ef20581",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/424eba06ed405d557077339edb19ce0ebe39e7c7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6b4a39acafaf0186ed8e97c16e0aa6fca0e52009",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8a8b6a24684bc278036c3f159f7b3a31ad89546a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9c402819620a842cbfe39359a3ddfaac9adc8384",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e39a3a14eafcf17f03c037290b78c8f483529028",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/efba65777f98457773c5b65e3135c6132d3b015f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f546cc19f9b82975238d0ba413adc27714750774",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2024/CVE-2024-266xx/CVE-2024-26652.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-26652",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-27T14:15:10.297",
"lastModified": "2024-03-27T14:15:10.297",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: pds_core: Fix possible double free in error handling path\n\nWhen auxiliary_device_add() returns error and then calls\nauxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release\ncalls kfree(padev) to free memory. We shouldn't call kfree(padev)\nagain in the error handling path.\n\nFix this by cleaning up the redundant kfree() and putting\nthe error handling back to where the errors happened."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/995f802abff209514ac2ee03b96224237646cec3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ba18deddd6d502da71fd6b6143c53042271b82bd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ffda0e962f270b3ec937660afd15b685263232d3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

59
CVE-2024/CVE-2024-270xx/CVE-2024-27091.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-27091",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-27T13:15:47.023",
"lastModified": "2024-03-27T13:15:47.023",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims CSRF token and issue a request to change another user's email address to perform a full account takeover. Due to the script element not impacting the CORS policy, requests will succeed. This vulnerability is fixed in 4.2.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/GeoNode/geonode/commit/e53bdeff331f4b577918927d60477d4b50cca02f",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-rwcv-whm8-fmxm",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-272xx/CVE-2024-27270.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-27270",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-03-27T13:15:47.213",
"lastModified": "2024-03-27T13:15:47.213",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284576",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7145231",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2024/CVE-2024-287xx/CVE-2024-28784.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-28784",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-03-27T13:15:47.403",
"lastModified": "2024-03-27T13:15:47.403",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285893",
"source": "psirt@us.ibm.com"
},
{
"url": "https://https://www.ibm.com/support/pages/node/7145260",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2024/CVE-2024-288xx/CVE-2024-28852.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-28852",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-27T14:15:10.340",
"lastModified": "2024-03-27T14:15:10.340",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use `rule` as a variable are not secure. For example, when querying a song, when querying a podcast, we need to use `$rule` variable. This vulnerability is fixed in 6.3.1\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/ampache/ampache/blob/bcaa9a4624acf8c8cc4c135be77b846731fb1ba2/src/Repository/Model/Search.php#L1732-L1740",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ampache/ampache/security/advisories/GHSA-g7hx-hm68-f639",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-288xx/CVE-2024-28853.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-28853",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-27T14:15:10.573",
"lastModified": "2024-03-27T14:15:10.573",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting (XSS) vulnerability in ampache before v6.3.1 allows a remote attacker to execute code via a crafted payload to serval parameters in the post request of /preferences.php?action=admin_update_preferences. This vulnerability is fixed in 6.3.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.5,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/ampache/ampache/security/advisories/GHSA-prw2-7cr3-5mx8",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29758.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29758",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T14:15:10.790",
"lastModified": "2024-03-27T14:15:10.790",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.72.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/co-marquage-service-public/wordpress-co-marquage-service-public-fr-plugin-0-5-72-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29759.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29759",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T14:15:10.993",
"lastModified": "2024-03-27T14:15:10.993",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/calculated-fields-form/wordpress-calculated-fields-form-plugin-1-2-54-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29760.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29760",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T14:15:11.200",
"lastModified": "2024-03-27T14:15:11.200",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through 7.1.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-jetpack/wordpress-booster-for-woocommerce-plugin-7-1-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29761.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29761",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T14:15:11.423",
"lastModified": "2024-03-27T14:15:11.423",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Krunal Prajapati WP Post Disclaimer allows Stored XSS.This issue affects WP Post Disclaimer: from n/a through 1.0.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-post-disclaimer/wordpress-wp-post-disclaimer-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29762.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29762",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T14:15:11.650",
"lastModified": "2024-03-27T14:15:11.650",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows Stored XSS.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.8.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/off-canvas-sidebars/wordpress-off-canvas-sidebars-menus-slidebars-plugin-0-5-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29763.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29763",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T14:15:11.870",
"lastModified": "2024-03-27T14:15:11.870",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Reflected XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-meta-data-filter-and-taxonomy-filter/wordpress-mdtf-meta-data-and-taxonomies-filter-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29764.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29764",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T14:15:12.067",
"lastModified": "2024-03-27T14:15:12.067",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui allows Stored XSS.This issue affects Molongui: from n/a through 4.7.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/molongui-authorship/wordpress-molongui-plugin-4-7-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29765.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29765",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T14:15:12.283",
"lastModified": "2024-03-27T14:15:12.283",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alireza Sedghi Aparat for WordPress allows Stored XSS.This issue affects Aparat for WordPress: from n/a through 2.2.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-aparat/wordpress-aparat-for-wordpress-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29766.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29766",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:47.600",
"lastModified": "2024-03-27T13:15:47.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StreamWeasels StreamWeasels Twitch Integration allows Stored XSS.This issue affects StreamWeasels Twitch Integration: from n/a through 1.7.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/streamweasels-twitch-integration/wordpress-streamweasels-twitch-integration-plugin-1-7-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29767.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29767",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:47.790",
"lastModified": "2024-03-27T13:15:47.790",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wobbie.Nl Doneren met Mollie allows Reflected XSS.This issue affects Doneren met Mollie: from n/a through 2.10.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/doneren-met-mollie/wordpress-doneren-met-mollie-plugin-2-10-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29768.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29768",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:47.980",
"lastModified": "2024-03-27T13:15:47.980",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra allows Stored XSS.This issue affects Astra: from n/a through 4.6.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/astra/wordpress-astra-theme-4-6-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29769.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29769",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:48.177",
"lastModified": "2024-03-27T13:15:48.177",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portfolio Gallery \u2013 Image Gallery Plugin allows Stored XSS.This issue affects Portfolio Gallery \u2013 Image Gallery Plugin: from n/a through 1.5.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/portfolio-filter-gallery/wordpress-portfolio-gallery-plugin-1-5-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29770.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29770",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:48.360",
"lastModified": "2024-03-27T13:15:48.360",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pretty Links Shortlinks by Pretty Links allows Reflected XSS.This issue affects Shortlinks by Pretty Links: from n/a through 3.6.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/pretty-link/wordpress-pretty-links-plugin-3-6-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29771.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29771",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:48.553",
"lastModified": "2024-03-27T13:15:48.553",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress allows Stored XSS.This issue affects Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress: from n/a through 1.0.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/dracula-dark-mode/wordpress-dracula-dark-mode-ai-powered-automatic-dark-mode-for-wordpress-plugin-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29772.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29772",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:48.740",
"lastModified": "2024-03-27T13:15:48.740",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stormhill Media MyBookTable Bookstore allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through 3.3.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mybooktable/wordpress-mybooktable-bookstore-plugin-3-3-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29773.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29773",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T14:15:12.530",
"lastModified": "2024-03-27T14:15:12.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through 4.5.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/print-google-cloud-print-gcp-woocommerce/wordpress-bizprint-plugin-4-5-5-csrf-to-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29774.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29774",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:48.933",
"lastModified": "2024-03-27T13:15:48.933",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpDirectoryKit WP Directory Kit allows Reflected XSS.This issue affects WP Directory Kit: from n/a through 1.2.9.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpdirectorykit/wordpress-wp-directory-kit-plugin-1-2-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29775.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29775",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:49.120",
"lastModified": "2024-03-27T13:15:49.120",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vinoth06. Frontend Dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through 2.2.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/frontend-dashboard/wordpress-frontend-dashboard-plugin-2-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

43
CVE-2024/CVE-2024-297xx/CVE-2024-29776.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-29776",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:49.313",
"lastModified": "2024-03-27T13:15:49.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"references": [
{
"url": "https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-3-3-9-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29777.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29777",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:49.480",
"lastModified": "2024-03-27T13:15:49.480",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Reflected XSS.This issue affects Forminator: from n/a through 1.29.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/forminator/wordpress-forminator-plugin-1-29-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29788.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29788",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:49.673",
"lastModified": "2024-03-27T13:15:49.673",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Web Player allows Stored XSS.This issue affects Podlove Web Player: from n/a through 5.7.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/podlove-web-player/wordpress-podlove-web-player-plugin-5-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29789.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29789",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:49.860",
"lastModified": "2024-03-27T13:15:49.860",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Walter Pinem OneClick Chat to Order allows Stored XSS.This issue affects OneClick Chat to Order: from n/a through 1.0.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/oneclick-whatsapp-order/wordpress-oneclick-chat-to-order-plugin-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29790.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29790",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:50.050",
"lastModified": "2024-03-27T13:15:50.050",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Squirrly SEO Plugin by Squirrly SEO allows Reflected XSS.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.16.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/squirrly-seo/wordpress-squirrly-seo-plugin-12-3-16-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29791.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29791",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:50.240",
"lastModified": "2024-03-27T13:15:50.240",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 2.01.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bulk-noindex-nofollow-toolkit-by-mad-fish/wordpress-bulk-noindex-nofollow-toolkit-plugin-2-01-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29792.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29792",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:50.440",
"lastModified": "2024-03-27T13:15:50.440",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.93.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-93-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29793.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29793",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:50.637",
"lastModified": "2024-03-27T13:15:50.637",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch MailChimp Forms by MailMunch allows Stored XSS.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mailchimp-forms-by-mailmunch/wordpress-mailchimp-forms-by-mailmunch-plugin-3-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29794.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29794",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:50.823",
"lastModified": "2024-03-27T13:15:50.823",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Conversios Conversios.Io allows Reflected XSS.This issue affects Conversios.Io: from n/a through 6.9.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/enhanced-e-commerce-for-woocommerce-store/wordpress-conversios-io-plugin-6-9-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29795.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29795",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:51.017",
"lastModified": "2024-03-27T13:15:51.017",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Interfacelab Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more allows Stored XSS.This issue affects Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more: from n/a through 4.5.24.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ilab-media-tools/wordpress-media-cloud-for-amazon-s3-cloudflare-r2-google-cloud-storage-digitalocean-spaces-and-more-plugin-4-5-24-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29796.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29796",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:51.210",
"lastModified": "2024-03-27T13:15:51.210",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hot Themes Hot Random Image allows Stored XSS.This issue affects Hot Random Image: from n/a through 1.8.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/hot-random-image/wordpress-hot-random-image-plugin-1-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29797.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29797",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:51.407",
"lastModified": "2024-03-27T13:15:51.407",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Darko Grid Shortcodes allows Stored XSS.This issue affects Grid Shortcodes: from n/a through 1.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/grid-shortcodes/wordpress-grid-shortcodes-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29798.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29798",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:51.603",
"lastModified": "2024-03-27T13:15:51.603",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Appsmav Gratisfaction allows Stored XSS.This issue affects Gratisfaction: from n/a through 4.3.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce/wordpress-gratisfaction-plugin-4-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-297xx/CVE-2024-29799.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29799",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:51.800",
"lastModified": "2024-03-27T13:15:51.800",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Epsiloncool WP Fast Total Search allows Stored XSS.This issue affects WP Fast Total Search: from n/a through 1.59.211.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/fulltext-search/wordpress-wp-fast-total-search-plugin-1-59-211-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-298xx/CVE-2024-29801.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29801",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:52.010",
"lastModified": "2024-03-27T13:15:52.010",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Petri Damst\u00e9n Fullscreen Galleria allows Stored XSS.This issue affects Fullscreen Galleria: from n/a through 1.6.11.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/fullscreen-galleria/wordpress-fullscreen-galleria-plugin-1-6-11-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-298xx/CVE-2024-29802.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29802",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:52.200",
"lastModified": "2024-03-27T13:15:52.200",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/football-pool/wordpress-football-pool-plugin-2-11-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-298xx/CVE-2024-29803.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29803",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:52.397",
"lastModified": "2024-03-27T13:15:52.397",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mehanoid.Pro FlatPM allows Stored XSS.This issue affects FlatPM: from n/a before 3.1.05.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/flatpm-wp/wordpress-flatpm-plugin-3-1-05-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-298xx/CVE-2024-29804.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29804",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:52.587",
"lastModified": "2024-03-27T13:15:52.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through 1.2.14.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/fancy-facebook-comments/wordpress-fancy-comments-wordpress-plugin-1-2-14-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-298xx/CVE-2024-29805.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29805",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:52.787",
"lastModified": "2024-03-27T13:15:52.787",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShopUp Shipping with Venipak for WooCommerce allows Reflected XSS.This issue affects Shipping with Venipak for WooCommerce: from n/a through 1.19.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wc-venipak-shipping/wordpress-shipping-with-venipak-for-woocommerce-plugin-1-19-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-298xx/CVE-2024-29806.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29806",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:52.987",
"lastModified": "2024-03-27T13:15:52.987",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reservation Diary ReDi Restaurant Reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/redi-restaurant-reservation/wordpress-redi-restaurant-reservation-plugin-24-0128-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-298xx/CVE-2024-29807.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29807",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:53.170",
"lastModified": "2024-03-27T13:15:53.170",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive DearFlip allows Stored XSS.This issue affects DearFlip: from n/a through 2.2.26.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/3d-flipbook-dflip-lite/wordpress-dearflip-plugin-2-2-26-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-298xx/CVE-2024-29811.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29811",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:53.367",
"lastModified": "2024-03-27T13:15:53.367",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Radio Player allows Stored XSS.This issue affects Radio Player: from n/a through 2.0.73.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/radio-player/wordpress-radio-player-plugin-2-0-73-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-298xx/CVE-2024-29812.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29812",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T13:15:53.560",
"lastModified": "2024-03-27T13:15:53.560",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/reviewx/wordpress-reviewx-plugin-1-6-22-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

92
CVE-2024/CVE-2024-29xx/CVE-2024-2976.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-2976",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-27T14:15:12.743",
"lastModified": "2024-03-27T14:15:12.743",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/R7WebsSecurityHandler.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.258145",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.258145",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.300997",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2024/CVE-2024-29xx/CVE-2024-2977.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-2977",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-27T14:15:13.000",
"lastModified": "2024-03-27T14:15:13.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda F1203 2.0.1.6. It has been rated as critical. Affected by this issue is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formQuickIndex.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.258146",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.258146",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.301028",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2024/CVE-2024-29xx/CVE-2024-2978.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-2978",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-27T14:15:13.267",
"lastModified": "2024-03-27T14:15:13.267",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Tenda F1203 2.0.1.6. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formSetCfm.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.258147",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.258147",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.301029",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2024/CVE-2024-29xx/CVE-2024-2979.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-2979",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-27T14:15:13.537",
"lastModified": "2024-03-27T14:15:13.537",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tenda F1203 2.0.1.6. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/setSchedWifi_end.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.258148",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.258148",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.301030",
"source": "cna@vuldb.com"
}
]
}

55
CVE-2024/CVE-2024-302xx/CVE-2024-30238.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-30238",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T14:15:13.800",
"lastModified": "2024-03-27T14:15:13.800",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.2.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/contest-gallery/wordpress-photos-and-files-contest-gallery-plugin-21-3-2-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

100
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-03-27T13:00:53.399042+00:00
2024-03-27T15:00:31.814574+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-03-27T12:29:41.530000+00:00
2024-03-27T14:59:29.493000+00:00
```
### Last Data Feed Release
@ -33,67 +33,61 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
242946
243009
```
### CVEs added in the last Commit
Recently added CVEs: `23`
Recently added CVEs: `63`
- [CVE-2023-6173](CVE-2023/CVE-2023-61xx/CVE-2023-6173.json) (`2024-03-27T12:15:08.370`)
- [CVE-2024-25962](CVE-2024/CVE-2024-259xx/CVE-2024-25962.json) (`2024-03-27T11:15:46.240`)
- [CVE-2024-29813](CVE-2024/CVE-2024-298xx/CVE-2024-29813.json) (`2024-03-27T12:15:08.757`)
- [CVE-2024-29814](CVE-2024/CVE-2024-298xx/CVE-2024-29814.json) (`2024-03-27T12:15:08.950`)
- [CVE-2024-29815](CVE-2024/CVE-2024-298xx/CVE-2024-29815.json) (`2024-03-27T12:15:09.140`)
- [CVE-2024-29816](CVE-2024/CVE-2024-298xx/CVE-2024-29816.json) (`2024-03-27T12:15:09.443`)
- [CVE-2024-29817](CVE-2024/CVE-2024-298xx/CVE-2024-29817.json) (`2024-03-27T12:15:09.917`)
- [CVE-2024-29818](CVE-2024/CVE-2024-298xx/CVE-2024-29818.json) (`2024-03-27T12:15:10.410`)
- [CVE-2024-29819](CVE-2024/CVE-2024-298xx/CVE-2024-29819.json) (`2024-03-27T11:15:46.453`)
- [CVE-2024-29933](CVE-2024/CVE-2024-299xx/CVE-2024-29933.json) (`2024-03-27T11:15:46.653`)
- [CVE-2024-29934](CVE-2024/CVE-2024-299xx/CVE-2024-29934.json) (`2024-03-27T11:15:46.850`)
- [CVE-2024-29935](CVE-2024/CVE-2024-299xx/CVE-2024-29935.json) (`2024-03-27T11:15:47.040`)
- [CVE-2024-29936](CVE-2024/CVE-2024-299xx/CVE-2024-29936.json) (`2024-03-27T11:15:47.223`)
- [CVE-2024-30177](CVE-2024/CVE-2024-301xx/CVE-2024-30177.json) (`2024-03-27T11:15:47.413`)
- [CVE-2024-30178](CVE-2024/CVE-2024-301xx/CVE-2024-30178.json) (`2024-03-27T11:15:47.600`)
- [CVE-2024-30179](CVE-2024/CVE-2024-301xx/CVE-2024-30179.json) (`2024-03-27T12:15:10.883`)
- [CVE-2024-30180](CVE-2024/CVE-2024-301xx/CVE-2024-30180.json) (`2024-03-27T12:15:11.357`)
- [CVE-2024-30181](CVE-2024/CVE-2024-301xx/CVE-2024-30181.json) (`2024-03-27T12:15:11.840`)
- [CVE-2024-30182](CVE-2024/CVE-2024-301xx/CVE-2024-30182.json) (`2024-03-27T12:15:12.320`)
- [CVE-2024-30183](CVE-2024/CVE-2024-301xx/CVE-2024-30183.json) (`2024-03-27T12:15:12.780`)
- [CVE-2024-30184](CVE-2024/CVE-2024-301xx/CVE-2024-30184.json) (`2024-03-27T12:15:13.260`)
- [CVE-2024-30185](CVE-2024/CVE-2024-301xx/CVE-2024-30185.json) (`2024-03-27T12:15:13.710`)
- [CVE-2024-30186](CVE-2024/CVE-2024-301xx/CVE-2024-30186.json) (`2024-03-27T12:15:14.173`)
- [CVE-2024-29777](CVE-2024/CVE-2024-297xx/CVE-2024-29777.json) (`2024-03-27T13:15:49.480`)
- [CVE-2024-2978](CVE-2024/CVE-2024-29xx/CVE-2024-2978.json) (`2024-03-27T14:15:13.267`)
- [CVE-2024-29788](CVE-2024/CVE-2024-297xx/CVE-2024-29788.json) (`2024-03-27T13:15:49.673`)
- [CVE-2024-29789](CVE-2024/CVE-2024-297xx/CVE-2024-29789.json) (`2024-03-27T13:15:49.860`)
- [CVE-2024-2979](CVE-2024/CVE-2024-29xx/CVE-2024-2979.json) (`2024-03-27T14:15:13.537`)
- [CVE-2024-29790](CVE-2024/CVE-2024-297xx/CVE-2024-29790.json) (`2024-03-27T13:15:50.050`)
- [CVE-2024-29791](CVE-2024/CVE-2024-297xx/CVE-2024-29791.json) (`2024-03-27T13:15:50.240`)
- [CVE-2024-29792](CVE-2024/CVE-2024-297xx/CVE-2024-29792.json) (`2024-03-27T13:15:50.440`)
- [CVE-2024-29793](CVE-2024/CVE-2024-297xx/CVE-2024-29793.json) (`2024-03-27T13:15:50.637`)
- [CVE-2024-29794](CVE-2024/CVE-2024-297xx/CVE-2024-29794.json) (`2024-03-27T13:15:50.823`)
- [CVE-2024-29795](CVE-2024/CVE-2024-297xx/CVE-2024-29795.json) (`2024-03-27T13:15:51.017`)
- [CVE-2024-29796](CVE-2024/CVE-2024-297xx/CVE-2024-29796.json) (`2024-03-27T13:15:51.210`)
- [CVE-2024-29797](CVE-2024/CVE-2024-297xx/CVE-2024-29797.json) (`2024-03-27T13:15:51.407`)
- [CVE-2024-29798](CVE-2024/CVE-2024-297xx/CVE-2024-29798.json) (`2024-03-27T13:15:51.603`)
- [CVE-2024-29799](CVE-2024/CVE-2024-297xx/CVE-2024-29799.json) (`2024-03-27T13:15:51.800`)
- [CVE-2024-29801](CVE-2024/CVE-2024-298xx/CVE-2024-29801.json) (`2024-03-27T13:15:52.010`)
- [CVE-2024-29802](CVE-2024/CVE-2024-298xx/CVE-2024-29802.json) (`2024-03-27T13:15:52.200`)
- [CVE-2024-29803](CVE-2024/CVE-2024-298xx/CVE-2024-29803.json) (`2024-03-27T13:15:52.397`)
- [CVE-2024-29804](CVE-2024/CVE-2024-298xx/CVE-2024-29804.json) (`2024-03-27T13:15:52.587`)
- [CVE-2024-29805](CVE-2024/CVE-2024-298xx/CVE-2024-29805.json) (`2024-03-27T13:15:52.787`)
- [CVE-2024-29806](CVE-2024/CVE-2024-298xx/CVE-2024-29806.json) (`2024-03-27T13:15:52.987`)
- [CVE-2024-29807](CVE-2024/CVE-2024-298xx/CVE-2024-29807.json) (`2024-03-27T13:15:53.170`)
- [CVE-2024-29811](CVE-2024/CVE-2024-298xx/CVE-2024-29811.json) (`2024-03-27T13:15:53.367`)
- [CVE-2024-29812](CVE-2024/CVE-2024-298xx/CVE-2024-29812.json) (`2024-03-27T13:15:53.560`)
- [CVE-2024-30238](CVE-2024/CVE-2024-302xx/CVE-2024-30238.json) (`2024-03-27T14:15:13.800`)
### CVEs modified in the last Commit
Recently modified CVEs: `202`
Recently modified CVEs: `17`
- [CVE-2024-29917](CVE-2024/CVE-2024-299xx/CVE-2024-29917.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-29918](CVE-2024/CVE-2024-299xx/CVE-2024-29918.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-29919](CVE-2024/CVE-2024-299xx/CVE-2024-29919.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-29920](CVE-2024/CVE-2024-299xx/CVE-2024-29920.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-29921](CVE-2024/CVE-2024-299xx/CVE-2024-29921.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-29922](CVE-2024/CVE-2024-299xx/CVE-2024-29922.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-29923](CVE-2024/CVE-2024-299xx/CVE-2024-29923.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-29924](CVE-2024/CVE-2024-299xx/CVE-2024-29924.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-29925](CVE-2024/CVE-2024-299xx/CVE-2024-29925.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-29926](CVE-2024/CVE-2024-299xx/CVE-2024-29926.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-29927](CVE-2024/CVE-2024-299xx/CVE-2024-29927.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-29928](CVE-2024/CVE-2024-299xx/CVE-2024-29928.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-29929](CVE-2024/CVE-2024-299xx/CVE-2024-29929.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-29930](CVE-2024/CVE-2024-299xx/CVE-2024-29930.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-29931](CVE-2024/CVE-2024-299xx/CVE-2024-29931.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-29932](CVE-2024/CVE-2024-299xx/CVE-2024-29932.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-30192](CVE-2024/CVE-2024-301xx/CVE-2024-30192.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-30193](CVE-2024/CVE-2024-301xx/CVE-2024-30193.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-30194](CVE-2024/CVE-2024-301xx/CVE-2024-30194.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-30195](CVE-2024/CVE-2024-301xx/CVE-2024-30195.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-30196](CVE-2024/CVE-2024-301xx/CVE-2024-30196.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-30197](CVE-2024/CVE-2024-301xx/CVE-2024-30197.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-30198](CVE-2024/CVE-2024-301xx/CVE-2024-30198.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-30199](CVE-2024/CVE-2024-301xx/CVE-2024-30199.json) (`2024-03-27T12:29:30.307`)
- [CVE-2024-30201](CVE-2024/CVE-2024-302xx/CVE-2024-30201.json) (`2024-03-27T12:29:30.307`)
- [CVE-2021-30560](CVE-2021/CVE-2021-305xx/CVE-2021-30560.json) (`2024-03-27T14:45:52.567`)
- [CVE-2022-42915](CVE-2022/CVE-2022-429xx/CVE-2022-42915.json) (`2024-03-27T14:59:29.493`)
- [CVE-2022-42916](CVE-2022/CVE-2022-429xx/CVE-2022-42916.json) (`2024-03-27T14:59:02.633`)
- [CVE-2022-43551](CVE-2022/CVE-2022-435xx/CVE-2022-43551.json) (`2024-03-27T14:58:37.930`)
- [CVE-2022-43552](CVE-2022/CVE-2022-435xx/CVE-2022-43552.json) (`2024-03-27T14:55:09.493`)
- [CVE-2023-23914](CVE-2023/CVE-2023-239xx/CVE-2023-23914.json) (`2024-03-27T14:55:05.320`)
- [CVE-2023-23915](CVE-2023/CVE-2023-239xx/CVE-2023-23915.json) (`2024-03-27T14:55:01.723`)
- [CVE-2023-23916](CVE-2023/CVE-2023-239xx/CVE-2023-23916.json) (`2024-03-27T14:54:58.033`)
- [CVE-2023-27533](CVE-2023/CVE-2023-275xx/CVE-2023-27533.json) (`2024-03-27T14:54:51.937`)
- [CVE-2023-27534](CVE-2023/CVE-2023-275xx/CVE-2023-27534.json) (`2024-03-27T14:54:34.810`)
- [CVE-2023-27535](CVE-2023/CVE-2023-275xx/CVE-2023-27535.json) (`2024-03-27T14:47:21.440`)
- [CVE-2023-27536](CVE-2023/CVE-2023-275xx/CVE-2023-27536.json) (`2024-03-27T14:46:55.040`)
- [CVE-2023-27537](CVE-2023/CVE-2023-275xx/CVE-2023-27537.json) (`2024-03-27T14:46:22.510`)
- [CVE-2023-27538](CVE-2023/CVE-2023-275xx/CVE-2023-27538.json) (`2024-03-27T14:46:06.490`)
- [CVE-2023-3390](CVE-2023/CVE-2023-33xx/CVE-2023-3390.json) (`2024-03-27T14:11:37.090`)
- [CVE-2023-52447](CVE-2023/CVE-2023-524xx/CVE-2023-52447.json) (`2024-03-27T14:15:09.523`)
- [CVE-2024-26624](CVE-2024/CVE-2024-266xx/CVE-2024-26624.json) (`2024-03-27T14:15:10.163`)
## Download and Usage

547
_state.csv
View File

File diff suppressed because it is too large Load Diff