admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-01-28T21:00:21.071918+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-01-28 21:03:49 +00:00
parent fc04c9c92d
commit c2e6e0d623
112 changed files with 5098 additions and 705 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
CVE-2017/CVE-2017-133xx/CVE-2017-13317.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-13317",
"sourceIdentifier": "security@android.com",
"published": "2025-01-28T17:15:08.180",
"lastModified": "2025-01-28T17:15:08.180",
"lastModified": "2025-01-28T20:15:26.523",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2018-05-01",

43
CVE-2017/CVE-2017-133xx/CVE-2017-13318.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-13318",
"sourceIdentifier": "security@android.com",
"published": "2025-01-28T17:15:08.310",
"lastModified": "2025-01-28T17:15:08.310",
"lastModified": "2025-01-28T20:15:27.443",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,46 @@
"value": "In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2018-05-01",

39
CVE-2018/CVE-2018-93xx/CVE-2018-9373.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-9373",
"sourceIdentifier": "security@android.com",
"published": "2025-01-28T17:15:08.427",
"lastModified": "2025-01-28T17:15:08.427",
"lastModified": "2025-01-28T20:15:27.593",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-06-01",

39
CVE-2018/CVE-2018-93xx/CVE-2018-9378.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-9378",
"sourceIdentifier": "security@android.com",
"published": "2025-01-28T17:15:08.530",
"lastModified": "2025-01-28T17:15:08.530",
"lastModified": "2025-01-28T20:15:27.727",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2018-06-01",

32
CVE-2022/CVE-2022-482xx/CVE-2022-48240.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48240",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:10.540",
"lastModified": "2024-11-21T07:33:01.640",
"lastModified": "2025-01-28T19:15:08.860",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-482xx/CVE-2022-48241.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48241",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:10.587",
"lastModified": "2024-11-21T07:33:01.753",
"lastModified": "2025-01-28T19:15:10.233",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-476"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-482xx/CVE-2022-48242.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48242",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:10.633",
"lastModified": "2024-11-21T07:33:01.867",
"lastModified": "2025-01-28T19:15:10.467",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-862"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-482xx/CVE-2022-48246.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48246",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:10.817",
"lastModified": "2024-11-21T07:33:02.350",
"lastModified": "2025-01-28T20:15:27.897",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-862"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-482xx/CVE-2022-48247.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48247",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:10.867",
"lastModified": "2024-11-21T07:33:02.467",
"lastModified": "2025-01-28T20:15:28.050",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-862"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-482xx/CVE-2022-48248.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48248",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:10.910",
"lastModified": "2024-11-21T07:33:02.590",
"lastModified": "2025-01-28T20:15:28.203",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-862"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-482xx/CVE-2022-48249.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48249",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:10.957",
"lastModified": "2024-11-21T07:33:02.707",
"lastModified": "2025-01-28T20:15:28.360",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-862"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-482xx/CVE-2022-48250.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48250",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:10.997",
"lastModified": "2024-11-21T07:33:02.830",
"lastModified": "2025-01-28T20:15:28.510",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-862"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-483xx/CVE-2022-48368.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48368",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:11.037",
"lastModified": "2024-11-21T07:33:16.043",
"lastModified": "2025-01-28T20:15:28.660",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-862"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-483xx/CVE-2022-48369.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48369",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:11.083",
"lastModified": "2024-11-21T07:33:16.170",
"lastModified": "2025-01-28T19:15:10.660",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-862"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-483xx/CVE-2022-48370.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48370",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:11.120",
"lastModified": "2024-11-21T07:33:16.287",
"lastModified": "2025-01-28T19:15:10.870",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-862"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-483xx/CVE-2022-48371.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48371",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:11.163",
"lastModified": "2024-11-21T07:33:16.403",
"lastModified": "2025-01-28T19:15:11.250",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-862"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-483xx/CVE-2022-48386.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48386",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:11.877",
"lastModified": "2024-11-21T07:33:18.177",
"lastModified": "2025-01-28T20:15:28.820",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

22
CVE-2023/CVE-2023-265xx/CVE-2023-26595.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26595",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-23T02:15:09.353",
"lastModified": "2024-11-21T07:51:49.420",
"lastModified": "2025-01-28T19:15:11.500",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},

12
CVE-2023/CVE-2023-290xx/CVE-2023-29092.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-29092",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-09T02:15:12.127",
"lastModified": "2024-11-21T07:56:31.913",
"lastModified": "2025-01-28T20:15:29.033",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -65,6 +65,16 @@
"value": "CWE-755"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-300xx/CVE-2023-30056.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-30056",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-09T21:15:11.673",
"lastModified": "2024-11-21T07:59:45.070",
"lastModified": "2025-01-28T20:15:29.300",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-384"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-300xx/CVE-2023-30083.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-30083",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-09T16:15:14.373",
"lastModified": "2024-11-21T07:59:46.473",
"lastModified": "2025-01-28T20:15:29.483",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-120"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-318xx/CVE-2023-31804.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31804",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-09T16:15:14.993",
"lastModified": "2024-11-21T08:02:16.610",
"lastModified": "2025-01-28T19:15:12.820",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-319xx/CVE-2023-31974.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31974",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-09T13:15:18.550",
"lastModified": "2024-11-21T08:02:27.473",
"lastModified": "2025-01-28T20:15:30.003",
"vulnStatus": "Modified",
"cveTags": [
{
@ -39,6 +39,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -52,6 +72,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

61
CVE-2023/CVE-2023-487xx/CVE-2023-48777.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48777",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T21:15:52.350",
"lastModified": "2024-11-21T08:32:25.547",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-28T19:20:32.813",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -51,14 +71,39 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-18-0-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
},
"nodes": [
{
"url": "https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-18-0-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elementor:website_builder:*:*:*:*:free:wordpress:*:*",
"versionStartIncluding": "3.3.0",
"versionEndExcluding": "3.18.2",
"matchCriteriaId": "5734EBDA-44EA-4977-9F7F-6E561FEADF99"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-18-0-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-18-0-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

96
CVE-2023/CVE-2023-62xx/CVE-2023-6214.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6214",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-02T17:15:07.970",
"lastModified": "2024-11-21T08:43:23.150",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-28T19:28:35.700",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,30 +39,78 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.3.6/extensions/wc-sales-notification/classes/class.sale_notification.php",
"source": "security@wordfence.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3048999/ht-mega-for-elementor/trunk/extensions/wc-sales-notification/classes/class.sale_notification.php?old=2654447&old_path=ht-mega-for-elementor%2Ftrunk%2Fextensions%2Fwc-sales-notification%2Fclasses%2Fclass.sale_notification.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/54043c6a-48a1-48e8-ba61-a7e8a1773036?source=cve",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.3.6/extensions/wc-sales-notification/classes/class.sale_notification.php",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3048999/ht-mega-for-elementor/trunk/extensions/wc-sales-notification/classes/class.sale_notification.php?old=2654447&old_path=ht-mega-for-elementor%2Ftrunk%2Fextensions%2Fwc-sales-notification%2Fclasses%2Fclass.sale_notification.php",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/54043c6a-48a1-48e8-ba61-a7e8a1773036?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hasthemes:ht_mega:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.4.7",
"matchCriteriaId": "F64698EC-D902-4904-80B0-DF35E6C2E51F"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.3.6/extensions/wc-sales-notification/classes/class.sale_notification.php",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3048999/ht-mega-for-elementor/trunk/extensions/wc-sales-notification/classes/class.sale_notification.php?old=2654447&old_path=ht-mega-for-elementor%2Ftrunk%2Fextensions%2Fwc-sales-notification%2Fclasses%2Fclass.sale_notification.php",
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/54043c6a-48a1-48e8-ba61-a7e8a1773036?source=cve",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.3.6/extensions/wc-sales-notification/classes/class.sale_notification.php",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3048999/ht-mega-for-elementor/trunk/extensions/wc-sales-notification/classes/class.sale_notification.php?old=2654447&old_path=ht-mega-for-elementor%2Ftrunk%2Fextensions%2Fwc-sales-notification%2Fclasses%2Fclass.sale_notification.php",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/54043c6a-48a1-48e8-ba61-a7e8a1773036?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

36
CVE-2024/CVE-2024-00xx/CVE-2024-0044.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-0044",
"sourceIdentifier": "security@android.com",
"published": "2024-03-11T17:15:45.450",
"lastModified": "2024-12-17T15:50:36.227",
"vulnStatus": "Analyzed",
"lastModified": "2025-01-28T20:15:30.207",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
"value": "In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
@ -115,34 +115,16 @@
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/65bd134b0a82c51a143b89821d5cdd00ddc31792",
"source": "security@android.com",
"tags": [
"Mailing List",
"Patch"
]
"url": "https://android.googlesource.com/platform/frameworks/base/+/836750619a8bce0bf78fe0549f9990e294671563",
"source": "security@android.com"
},
{
"url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2",
"source": "security@android.com",
"tags": [
"Third Party Advisory"
]
"url": "https://android.googlesource.com/platform/frameworks/base/+/954b2874b85b6cd0d6bb12cd677cdf22e5dbd77b",
"source": "security@android.com"
},
{
"url": "https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html",
"source": "security@android.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://source.android.com/security/bulletin/2024-03-01",
"source": "security@android.com",
"tags": [
"Not Applicable"
]
"url": "https://source.android.com/security/bulletin/2024-10-01",
"source": "security@android.com"
},
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/65bd134b0a82c51a143b89821d5cdd00ddc31792",

6
CVE-2024/CVE-2024-120xx/CVE-2024-12085.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-12085",
"sourceIdentifier": "secalert@redhat.com",
"published": "2025-01-14T18:15:25.123",
"lastModified": "2025-01-28T08:15:28.440",
"lastModified": "2025-01-28T19:15:13.630",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -72,6 +72,10 @@
"url": "https://access.redhat.com/errata/RHSA-2025:0714",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:0774",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-12085",
"source": "secalert@redhat.com"

16
CVE-2024/CVE-2024-134xx/CVE-2024-13484.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-13484",
"sourceIdentifier": "secalert@redhat.com",
"published": "2025-01-28T18:15:32.537",
"lastModified": "2025-01-28T18:15:32.537",
"lastModified": "2025-01-28T19:15:13.753",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -15,7 +15,7 @@
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
@ -35,6 +35,18 @@
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-13484",

74
CVE-2024/CVE-2024-20xx/CVE-2024-2084.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2084",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-02T17:15:15.543",
"lastModified": "2024-11-21T09:09:00.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-28T19:27:44.577",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hasthemes:ht_mega:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.4.7",
"matchCriteriaId": "F64698EC-D902-4904-80B0-DF35E6C2E51F"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3048999/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e5417d3-c466-4caf-9fb6-26d6e2c06fe1?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3048999/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e5417d3-c466-4caf-9fb6-26d6e2c06fe1?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-20xx/CVE-2024-2085.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2085",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-02T17:15:15.710",
"lastModified": "2024-11-21T09:09:00.743",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-28T19:27:14.843",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hasthemes:ht_mega:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.4.7",
"matchCriteriaId": "F64698EC-D902-4904-80B0-DF35E6C2E51F"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3048999/ht-mega-for-elementor/trunk/includes/widgets/htmega_accordion.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f9c5bed-a399-43e2-be40-d669e90d3736?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3048999/ht-mega-for-elementor/trunk/includes/widgets/htmega_accordion.php",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f9c5bed-a399-43e2-be40-d669e90d3736?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-21xx/CVE-2024-2120.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2120",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-27T07:15:53.447",
"lastModified": "2024-11-21T09:09:04.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-28T20:31:11.527",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elementor:website_builder:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "3.20.2",
"matchCriteriaId": "8DCAEDE1-337C-4805-8D80-262C0EA00332"
}
]
}
]
}
],
"references": [
{
"url": "https://elementor.com/pro/changelog/?utm_source=wp-plugins&utm_campaign=pro-changelog&utm_medium=wp-dash",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de1742d4-f498-4ad4-b6a1-88cb60e83afc?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://elementor.com/pro/changelog/?utm_source=wp-plugins&utm_campaign=pro-changelog&utm_medium=wp-dash",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de1742d4-f498-4ad4-b6a1-88cb60e83afc?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-21xx/CVE-2024-2139.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2139",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-27T03:15:12.510",
"lastModified": "2024-11-21T09:09:06.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-28T19:24:14.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:master-addons:master_addons:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.0.5.7",
"matchCriteriaId": "792C9386-3384-486A-A9DD-F833F6144331"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3050636/master-addons",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8910b6f0-1bf4-4ac0-93b7-54db7c15392c?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3050636/master-addons",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8910b6f0-1bf4-4ac0-93b7-54db7c15392c?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-22xx/CVE-2024-2203.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2203",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-27T03:15:12.737",
"lastModified": "2024-11-21T09:09:14.967",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-28T19:35:13.377",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,93 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "5.4.2",
"matchCriteriaId": "4B36FF78-C353-4F77-B50A-80BB7E081A6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:pro:wordpress:*:*",
"versionEndExcluding": "5.4.2",
"matchCriteriaId": "D2E71713-0C46-41F0-89D3-E6DE9EA4762C"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3056776/the-plus-addons-for-elementor-page-builder",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc7ff863-3a8e-41cd-ae20-78bb4577c16a?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3056776/the-plus-addons-for-elementor-page-builder",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc7ff863-3a8e-41cd-ae20-78bb4577c16a?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-22xx/CVE-2024-2210.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2210",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-27T03:15:12.937",
"lastModified": "2024-11-21T09:09:15.777",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-28T20:21:57.503",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,22 +39,70 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3056776/the-plus-addons-for-elementor-page-builder",
"source": "security@wordfence.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30579058-54f4-4496-9275-078faf99823f?source=cve",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3056776/the-plus-addons-for-elementor-page-builder",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30579058-54f4-4496-9275-078faf99823f?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "5.4.2",
"matchCriteriaId": "4B36FF78-C353-4F77-B50A-80BB7E081A6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:pro:wordpress:*:*",
"versionEndExcluding": "5.4.2",
"matchCriteriaId": "D2E71713-0C46-41F0-89D3-E6DE9EA4762C"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3056776/the-plus-addons-for-elementor-page-builder",
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30579058-54f4-4496-9275-078faf99823f?source=cve",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3056776/the-plus-addons-for-elementor-page-builder",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30579058-54f4-4496-9275-078faf99823f?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

24
CVE-2024/CVE-2024-231xx/CVE-2024-23138.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-23138",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-03-18T00:15:07.587",
"lastModified": "2024-11-21T08:57:02.143",
"lastModified": "2025-01-28T19:15:13.887",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\n"
"value": "A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@autodesk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",

24
CVE-2024/CVE-2024-231xx/CVE-2024-23139.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-23139",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-03-18T00:15:07.663",
"lastModified": "2024-11-21T08:57:02.360",
"lastModified": "2025-01-28T20:15:30.430",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1.5.3.0 and prior may lead to code execution or information disclosure through maliciously crafted ActionScript Byte Code \u201cABC\u201d files. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.\n"
"value": "An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1.5.3.0 and prior may lead to code execution or information disclosure through maliciously crafted ActionScript Byte Code \u201cABC\u201d files. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
},
{
"lang": "es",
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@autodesk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",

61
CVE-2024/CVE-2024-259xx/CVE-2024-25962.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25962",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-03-27T11:15:46.240",
"lastModified": "2024-11-21T09:01:39.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-28T20:34:04.520",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,16 +69,49 @@
"value": "CWE-284"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:insightiq:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5569D676-3632-4002-A1FF-56DCF5B2489C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000223551/dsa-2024-134-security-update-for-dell-insightiq-for-proprietary-code-vulnerability",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.dell.com/support/kbdoc/en-us/000223551/dsa-2024-134-security-update-for-dell-insightiq-for-proprietary-code-vulnerability",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-263xx/CVE-2024-26317.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-26317",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T18:15:38.613",
"lastModified": "2025-01-27T18:15:38.613",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:30.597",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret."
},
{
"lang": "es",
"value": "En illumos illumos-gate 2024-02-15, se produce un error en el algoritmo de suma de puntos de curva el\u00edptica que utiliza coordenadas afines a jacobianas mixtas, lo que hace que el algoritmo arroje un resultado de POINT_AT_INFINITY cuando no deber\u00eda. Un atacante intermediario podr\u00eda utilizar esto para interferir en una conexi\u00f3n, lo que provocar\u00eda que la parte atacada calcule un secreto compartido incorrecto."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://drive.google.com/file/d/1aGLAFz20-fc7ZLiWouegyK_65jCkGTDb/view?usp=sharing",

74
CVE-2024/CVE-2024-27xx/CVE-2024-2790.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2790",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-02T17:15:19.513",
"lastModified": "2024-11-21T09:10:31.453",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-28T19:26:37.203",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hasthemes:ht_mega:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.4.9",
"matchCriteriaId": "E6BEFE54-3972-44AD-99BA-B0453EAF3803"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3063395%40ht-mega-for-elementor&new=3063395%40ht-mega-for-elementor&sfp_email=&sfph_mail=#file4",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52ba91f1-21a2-4d7c-8801-b5e72a00c37d?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3063395%40ht-mega-for-elementor&new=3063395%40ht-mega-for-elementor&sfp_email=&sfph_mail=#file4",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52ba91f1-21a2-4d7c-8801-b5e72a00c37d?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-299xx/CVE-2024-29911.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29911",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T07:15:51.690",
"lastModified": "2024-11-21T09:08:36.040",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-28T20:25:31.467",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -51,14 +71,38 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/master-addons/wordpress-master-addons-for-elementor-plugin-2-0-5-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
},
"nodes": [
{
"url": "https://patchstack.com/database/vulnerability/master-addons/wordpress-master-addons-for-elementor-plugin-2-0-5-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:master-addons:master_addons:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.0.5.6",
"matchCriteriaId": "64DD097A-EC4F-409B-BCE5-05EFE3E9282C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/master-addons/wordpress-master-addons-for-elementor-plugin-2-0-5-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/master-addons/wordpress-master-addons-for-elementor-plugin-2-0-5-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-299xx/CVE-2024-29913.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29913",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T07:15:52.420",
"lastModified": "2024-11-21T09:08:36.307",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-28T20:29:09.363",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -51,14 +71,38 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/tutor-lms-elementor-addons/wordpress-tutor-lms-elementor-addons-plugin-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
},
"nodes": [
{
"url": "https://patchstack.com/database/vulnerability/tutor-lms-elementor-addons/wordpress-tutor-lms-elementor-addons-plugin-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeum:tutor_lms_elementor_addons:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1.4",
"matchCriteriaId": "AC3061D3-CAFC-4E42-9348-E5ACA1D534B7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/tutor-lms-elementor-addons/wordpress-tutor-lms-elementor-addons-plugin-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/tutor-lms-elementor-addons/wordpress-tutor-lms-elementor-addons-plugin-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-301xx/CVE-2024-30182.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30182",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T12:15:12.320",
"lastModified": "2024-11-21T09:11:22.890",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-28T20:39:34.613",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -51,14 +71,38 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
},
"nodes": [
{
"url": "https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hasthemes:ht_mega:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.4.4",
"matchCriteriaId": "53BB2AD6-F72F-4564-B8DF-F6E51A3129E3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

84
CVE-2024/CVE-2024-33xx/CVE-2024-3307.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3307",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-02T17:15:24.357",
"lastModified": "2024-11-21T09:29:21.743",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-28T19:25:45.740",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,33 +36,101 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hasthemes:ht_mega:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.5.0",
"matchCriteriaId": "462E1B57-9BD7-4DA5-91A9-8ACA0F8195BE"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/includes/widgets/htmega_countdown.php#L1251",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3071480%40ht-mega-for-elementor%2Ftrunk&old=3063395%40ht-mega-for-elementor%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c8452e54-7a81-4921-b531-8cb3b0953dab?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/includes/widgets/htmega_countdown.php#L1251",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3071480%40ht-mega-for-elementor%2Ftrunk&old=3063395%40ht-mega-for-elementor%2Ftrunk&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c8452e54-7a81-4921-b531-8cb3b0953dab?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-33xx/CVE-2024-3308.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3308",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-02T17:15:24.520",
"lastModified": "2024-11-21T09:29:21.867",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-28T19:24:31.713",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,89 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hasthemes:ht_mega:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.5.0",
"matchCriteriaId": "462E1B57-9BD7-4DA5-91A9-8ACA0F8195BE"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3071480%40ht-mega-for-elementor%2Ftrunk&old=3063395%40ht-mega-for-elementor%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/33b5e231-1b53-4646-ae9c-48babf1ebbd7?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3071480%40ht-mega-for-elementor%2Ftrunk&old=3063395%40ht-mega-for-elementor%2Ftrunk&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/33b5e231-1b53-4646-ae9c-48babf1ebbd7?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

21
CVE-2024/CVE-2024-347xx/CVE-2024-34732.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-34732",
"sourceIdentifier": "security@android.com",
"published": "2025-01-28T20:15:30.790",
"lastModified": "2025-01-28T20:15:30.790",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"source": "security@android.com"
}
]
}

21
CVE-2024/CVE-2024-347xx/CVE-2024-34733.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-34733",
"sourceIdentifier": "security@android.com",
"published": "2025-01-28T20:15:30.893",
"lastModified": "2025-01-28T20:15:30.893",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"source": "security@android.com"
}
]
}

21
CVE-2024/CVE-2024-347xx/CVE-2024-34748.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-34748",
"sourceIdentifier": "security@android.com",
"published": "2025-01-28T20:15:30.993",
"lastModified": "2025-01-28T20:15:30.993",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"source": "security@android.com"
}
]
}

114
CVE-2024/CVE-2024-389xx/CVE-2024-38998.json
View File

@ -2,119 +2,15 @@
"id": "CVE-2024-38998",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:05.223",
"lastModified": "2024-11-21T09:27:04.827",
"vulnStatus": "Modified",
"lastModified": "2025-01-28T20:15:31.103",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function config. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que jrburke requirejs v2.3.6 conten\u00eda un prototipo de contaminaci\u00f3n a trav\u00e9s de la funci\u00f3n config. Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (DoS) mediante la inyecci\u00f3n de propiedades arbitrarias."
"value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:requirejs:requirejs:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.3.7",
"matchCriteriaId": "9EEBD183-40A2-4E15-9050-33423032DF4C"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
"metrics": {},
"references": []
}

94
CVE-2024/CVE-2024-39xx/CVE-2024-3990.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3990",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-14T15:42:40.570",
"lastModified": "2024-11-21T09:30:51.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-28T19:23:34.850",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,41 +36,115 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hasthemes:ht_mega:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.5.1",
"matchCriteriaId": "4A112023-A359-490A-BBC3-36BD55B0F376"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.5.0/includes/widgets/htmega_tooltip.php#L620",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3074490%40ht-mega-for-elementor&new=3074490%40ht-mega-for-elementor&sfp_email=&sfph_mail=#file4",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3074490%40ht-mega-for-elementor&new=3074490%40ht-mega-for-elementor&sfp_email=&sfph_mail=#file5",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/98e74a23-b586-4d6a-b1ab-78838b0eed61?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.5.0/includes/widgets/htmega_tooltip.php#L620",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3074490%40ht-mega-for-elementor&new=3074490%40ht-mega-for-elementor&sfp_email=&sfph_mail=#file4",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3074490%40ht-mega-for-elementor&new=3074490%40ht-mega-for-elementor&sfp_email=&sfph_mail=#file5",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/98e74a23-b586-4d6a-b1ab-78838b0eed61?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

21
CVE-2024/CVE-2024-406xx/CVE-2024-40649.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40649",
"sourceIdentifier": "security@android.com",
"published": "2025-01-28T20:15:49.063",
"lastModified": "2025-01-28T20:15:49.063",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"source": "security@android.com"
}
]
}

21
CVE-2024/CVE-2024-406xx/CVE-2024-40651.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40651",
"sourceIdentifier": "security@android.com",
"published": "2025-01-28T20:15:49.160",
"lastModified": "2025-01-28T20:15:49.160",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"source": "security@android.com"
}
]
}

21
CVE-2024/CVE-2024-406xx/CVE-2024-40669.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40669",
"sourceIdentifier": "security@android.com",
"published": "2025-01-28T20:15:49.250",
"lastModified": "2025-01-28T20:15:49.250",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"source": "security@android.com"
}
]
}

21
CVE-2024/CVE-2024-406xx/CVE-2024-40670.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40670",
"sourceIdentifier": "security@android.com",
"published": "2025-01-28T20:15:49.343",
"lastModified": "2025-01-28T20:15:49.343",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"source": "security@android.com"
}
]
}

25
CVE-2024/CVE-2024-406xx/CVE-2024-40672.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-40672",
"sourceIdentifier": "security@android.com",
"published": "2025-01-28T20:15:49.433",
"lastModified": "2025-01-28T20:15:49.433",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/IntentResolver/+/ccd29124d0d2276a3071c0418c14dec188cd3727",
"source": "security@android.com"
},
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"source": "security@android.com"
}
]
}

25
CVE-2024/CVE-2024-406xx/CVE-2024-40673.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-40673",
"sourceIdentifier": "security@android.com",
"published": "2025-01-28T20:15:49.530",
"lastModified": "2025-01-28T20:15:49.530",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://android.googlesource.com/platform/libcore/+/b17fd2f8fe468e7d32e713b442f610cd33e4e7a9",
"source": "security@android.com"
},
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"source": "security@android.com"
}
]
}

25
CVE-2024/CVE-2024-406xx/CVE-2024-40674.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-40674",
"sourceIdentifier": "security@android.com",
"published": "2025-01-28T20:15:49.620",
"lastModified": "2025-01-28T20:15:49.620",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/debc548ac085ba1ab0582172b97d965e9a1ea43a",
"source": "security@android.com"
},
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"source": "security@android.com"
}
]
}

25
CVE-2024/CVE-2024-406xx/CVE-2024-40675.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-40675",
"sourceIdentifier": "security@android.com",
"published": "2025-01-28T20:15:49.710",
"lastModified": "2025-01-28T20:15:49.710",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/c6b5490ec659b5854fd429f453f75de5befa6359",
"source": "security@android.com"
},
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"source": "security@android.com"
}
]
}

25
CVE-2024/CVE-2024-406xx/CVE-2024-40676.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-40676",
"sourceIdentifier": "security@android.com",
"published": "2025-01-28T20:15:49.800",
"lastModified": "2025-01-28T20:15:49.800",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/e8a53246607b52b15269f97aef9ba7e928ba2473",
"source": "security@android.com"
},
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"source": "security@android.com"
}
]
}

25
CVE-2024/CVE-2024-406xx/CVE-2024-40677.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-40677",
"sourceIdentifier": "security@android.com",
"published": "2025-01-28T20:15:49.890",
"lastModified": "2025-01-28T20:15:49.890",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/apps/Settings/+/db26138f07db830e3fb78283d37de3c0296d93cb",
"source": "security@android.com"
},
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"source": "security@android.com"
}
]
}

45
CVE-2024/CVE-2024-484xx/CVE-2024-48416.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-48416",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T17:15:15.770",
"lastModified": "2025-01-27T17:15:15.770",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:49.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/fromSetLanDhcpsClientbinding."
},
{
"lang": "es",
"value": "Edimax AC1200 Wi-Fi 5 de doble banda router BR-6476AC 1.06 es vulnerable a un desbordamiento de b\u00fafer a trav\u00e9s de /goform/fromSetLanDhcpsClientbinding."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://edimax.com",

45
CVE-2024/CVE-2024-484xx/CVE-2024-48417.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-48417",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T17:15:15.867",
"lastModified": "2025-01-27T17:15:15.867",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:50.143",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in : /bin/goahead via /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and /goform/fromSetFilterClientFilter."
},
{
"lang": "es",
"value": "Edimax AC1200 Wi-Fi 5 de doble banda router BR-6476AC 1.06 es vulnerable a Cross Site Scripting (XSS) en: /bin/goahead a trav\u00e9s de /goform/setStaticRoute, /goform/fromSetFilterUrlFilter y /goform/fromSetFilterClientFilter."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://edimax.com",

45
CVE-2024/CVE-2024-484xx/CVE-2024-48418.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-48418",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T17:15:15.960",
"lastModified": "2025-01-27T17:15:15.960",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:50.283",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary shell commands."
},
{
"lang": "es",
"value": "En Edimax AC1200 Wi-Fi 5 Dual-Band router BR-6476AC 1.06, la solicitud /goform/fromSetDDNS no gestiona correctamente los caracteres especiales en ninguno de los par\u00e1metros proporcionados por el usuario, lo que permite que un atacante con acceso a la interfaz web inyecte y ejecute comandos de shell arbitrarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://edimax.com",

45
CVE-2024/CVE-2024-484xx/CVE-2024-48419.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-48419",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T17:15:16.053",
"lastModified": "2025-01-27T17:15:16.053",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:50.423",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access to the web interface to inject and execute arbitrary shell commands, with \"root\" privileges."
},
{
"lang": "es",
"value": "Edimax AC1200 Wi-Fi 5 Dual-Band router BR-6476AC 1.06 presenta problemas de inyecci\u00f3n de comandos en /bin/goahead. En concreto, estos problemas se pueden desencadenar a trav\u00e9s de /goform/tracerouteDiagnosis, /goform/pingDiagnosis y /goform/fromSysToolPingCmd. Cada uno de estos problemas permite que un atacante con acceso a la interfaz web inyecte y ejecute comandos de shell arbitrarios, con privilegios de \"superusuario\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://edimax.com",

45
CVE-2024/CVE-2024-484xx/CVE-2024-48420.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-48420",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T17:15:16.153",
"lastModified": "2025-01-27T17:15:16.153",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:50.573",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/getWifiBasic."
},
{
"lang": "es",
"value": "Edimax AC1200 Wi-Fi 5 de doble banda router BR-6476AC 1.06 es vulnerable a un desbordamiento de b\u00fafer a trav\u00e9s de /goform/getWifiBasic."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://edimax.com",

41
CVE-2024/CVE-2024-486xx/CVE-2024-48662.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48662",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T23:15:08.843",
"lastModified": "2025-01-27T23:15:08.843",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:50.727",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "Cross Site Scripting vulnerability in AdGuard Application v.7.18.1 (4778) and before allows an attacker to execute arbitrary code via a crafted payload to the fontMatrix component."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/VuDuc09/vuln_research/tree/main/CVE-2024-48662",

96
CVE-2024/CVE-2024-48xx/CVE-2024-4875.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4875",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-21T09:15:09.103",
"lastModified": "2024-11-21T09:43:46.460",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-28T19:20:29.297",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,30 +39,78 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php#L52",
"source": "security@wordfence.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3088899/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bdd3868a-d741-42b4-bc7f-6fb5d33bb71b?source=cve",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php#L52",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3088899/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bdd3868a-d741-42b4-bc7f-6fb5d33bb71b?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hasthemes:ht_mega:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.5.3",
"matchCriteriaId": "9F8E02F4-4CC0-4308-ABF8-BBE1284D6154"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php#L52",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3088899/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php",
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bdd3868a-d741-42b4-bc7f-6fb5d33bb71b?source=cve",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php#L52",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3088899/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bdd3868a-d741-42b4-bc7f-6fb5d33bb71b?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-51xx/CVE-2024-5173.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5173",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-26T02:15:09.340",
"lastModified": "2024-11-21T09:47:07.830",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-28T19:18:40.393",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hasthemes:ht_mega:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.5.6",
"matchCriteriaId": "5D86A6BF-ECC5-44FA-8DF1-FF16B0310E93"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.5.3/includes/widgets/htmega_videoplayer.php#L549",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aac9569e-d33d-45b3-bd03-2e7f48536ae5?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.5.3/includes/widgets/htmega_videoplayer.php#L549",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aac9569e-d33d-45b3-bd03-2e7f48536ae5?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

114
CVE-2024/CVE-2024-52xx/CVE-2024-5215.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5215",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-26T07:15:11.013",
"lastModified": "2024-11-21T09:47:12.033",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-28T19:17:56.683",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,57 +36,143 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hasthemes:ht_mega:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.5.6",
"matchCriteriaId": "5D86A6BF-ECC5-44FA-8DF1-FF16B0310E93"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/includes/widgets/htmega_user_login_form.php#L1961",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/includes/widgets/htmega_user_register_form.php#L2910",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/includes/widgets/htmega_videoplayer.php#L520",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3106524/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://wordpress.org/plugins/ht-mega-for-elementor/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/86dfdc4f-1cc2-4b0d-b79c-bee3d6956eb4?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/includes/widgets/htmega_user_login_form.php#L1961",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/includes/widgets/htmega_user_register_form.php#L2910",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/includes/widgets/htmega_videoplayer.php#L520",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3106524/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://wordpress.org/plugins/ht-mega-for-elementor/#developers",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/86dfdc4f-1cc2-4b0d-b79c-bee3d6956eb4?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-547xx/CVE-2024-54728.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54728",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T23:15:09.353",
"lastModified": "2025-01-27T23:15:09.353",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:50.873",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,46 @@
"value": "Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 allows unauthorized attackers to access system logcat logs."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/xu-yanbo202000460009/00dacd7bfede713a0f052a531da4fabd",

45
CVE-2024/CVE-2024-552xx/CVE-2024-55228.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-55228",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T17:15:16.633",
"lastModified": "2025-01-27T17:15:16.633",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:51.017",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) en el m\u00f3dulo Producto de Dolibarr v21.0.0-beta permite a los atacantes ejecutar web scripts o HTMl arbitrarios a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro T\u00edtulo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Dqtdqt/a942bbce9a5fc851dce366902411c768",

41
CVE-2024/CVE-2024-561xx/CVE-2024-56178.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56178",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T23:15:09.480",
"lastModified": "2025-01-27T23:15:09.480",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:51.173",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "An issue was discovered in Couchbase Server 7.6.x through 7.6.3. A user with the security_admin_local role can create a new user in a group that has the admin role."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
}
],
"references": [
{
"url": "https://www.couchbase.com/alerts/",

41
CVE-2024/CVE-2024-563xx/CVE-2024-56316.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56316",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T23:15:09.607",
"lastModified": "2025-01-27T23:15:09.607",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:51.320",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized user input in the TR069 API allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069 requests on TCP port 9675 or 7547. Rebooting does not resolve the permanent Denial of Service."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://www.y-security.de/news-en/axess-auto-configuration-server-denial-of-service-cve-2024-56316/",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56947.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56947",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:16.187",
"lastModified": "2025-01-27T19:15:16.187",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:51.500",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 allows attackers to access sensitive user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/241208-BeautyCam/241208-BeautyCam.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56948.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56948",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:16.290",
"lastModified": "2025-01-27T19:15:16.290",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:51.650",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0 allows attackers to access sensitive user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en KuGou Technology CO. LTD KuGou Music iOS v20.0.0 permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/241211-KuGouMusic/241211-KuGouMusic.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56949.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56949",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:16.383",
"lastModified": "2025-01-27T19:15:16.383",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:51.797",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows attackers to access sensitive user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/241212-UniversitySearch/241212-UniversitySearch.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56950.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56950",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:16.480",
"lastModified": "2025-01-27T19:15:16.480",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:51.960",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/241213-KuGouConcept/241213-KuGouConcept.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56951.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56951",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:16.583",
"lastModified": "2025-01-27T19:15:16.583",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:52.107",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.13 allows attackers to access sensitive user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.13 permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/241216-UUGameBooster/241216-UUGameBooster.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56952.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56952",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:16.697",
"lastModified": "2025-01-27T19:15:16.697",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:52.250",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en la aplicaci\u00f3n Baidu Lite (versi\u00f3n iOS) 6.40.0 de Beijing Baidu Netcom Science & Technology Co Ltd permite a los atacantes acceder a informaci\u00f3n del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/241217-BaiduLite/241217-BaiduLite.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56953.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56953",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:16.823",
"lastModified": "2025-01-27T19:15:16.823",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:52.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en Baidu (China) Co Ltd Baidu Input Method (versi\u00f3n iOS) v12.6.13 permite a los atacantes acceder a informaci\u00f3n del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/241217-BaiduInput/241217-BaiduInput.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56954.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56954",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:16.933",
"lastModified": "2025-01-27T19:15:16.933",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:52.540",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attackers to access sensitive user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/241219-HaokanVideo/241219-HaokanVideo.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56955.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56955",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:17.040",
"lastModified": "2025-01-27T19:15:17.040",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:52.693",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en QQMail iOS 6.6.4 de Tencent Technology (Shenzhen) Company Limited permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/241220-QQMail/241220-QQMail.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56957.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56957",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:17.147",
"lastModified": "2025-01-27T19:15:17.147",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:52.837",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/241222-WPSOffice/241222-WPSOffice.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56959.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56959",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:17.247",
"lastModified": "2025-01-27T19:15:17.247",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:52.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/241225-Anyihua/241225-Anyihua.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56960.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56960",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:17.347",
"lastModified": "2025-01-27T19:15:17.347",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:53.127",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/241226-BeiKeHoldings/241226-BeiKeHoldings.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56962.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56962",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:17.447",
"lastModified": "2025-01-27T19:15:17.447",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:53.273",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/241227-WeSing/241227-WeSing.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56963.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56963",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:17.547",
"lastModified": "2025-01-27T19:15:17.547",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:53.423",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input iOS 12.2.0 allows attackers to access sensitive user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en Beijing Sogou Technology Development Co., Ltd Sogou Input iOS 12.2.0 permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/241228-SogouInput/241228-SogouInput.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56964.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56964",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:17.647",
"lastModified": "2025-01-27T19:15:17.647",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:53.577",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Che Hao Duo Used Automobile Agency (Beijing) Co., Ltd Guazi Used Car iOS 10.15.1 allows attackers to access sensitive user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en Che Hao Duo Used Automobile Agency (Beijing) Co., Ltd Guazi Used Car iOS 10.15.1 permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/241229-GuaziUsedCar/241229-GuaziUsedCar.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56965.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56965",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:17.747",
"lastModified": "2025-01-27T19:15:17.747",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:53.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS 8.16.0 allows attackers to access sensitive user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS 8.16.0 permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/241230-Shihuo/241230-Shihuo.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56966.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56966",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:17.850",
"lastModified": "2025-01-27T19:15:17.850",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:53.873",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Shanghai Xuan Ting Entertainment Information & Technology Co., Ltd Qidian Reader iOS 5.9.384 allows attackers to access sensitive user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en Shanghai Xuan Ting Entertainment Information & Technology Co., Ltd Qidian Reader iOS 5.9.384 permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/241231-QidianReader/241231-QidianReader.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56967.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56967",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:17.947",
"lastModified": "2025-01-27T19:15:17.947",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:54.010",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.20 allows attackers to access sensitive user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.20 permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/250103-PolyBuzz/250103-PolyBuzz.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56968.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56968",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:18.057",
"lastModified": "2025-01-27T19:15:18.057",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:54.157",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload."
},
{
"lang": "es",
"value": "Un problema en Govee Home iOS 6.5.01 de Shenzhen Intellirocks Tech Co. Ltd permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un payload manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/250106-GoveeHome/250106-GoveeHome.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56969.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56969",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:18.157",
"lastModified": "2025-01-27T19:15:18.157",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:54.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7.8.010 allows attackers to access sensitive user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7.8.010 permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/250107-BeautyPlus/250107-BeautyPlus.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56971.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56971",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:18.260",
"lastModified": "2025-01-27T19:15:18.260",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:54.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technology Co., Ltd Shuqi Novel iOS 5.3.8 allows attackers to access sensitive user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en Zhiyuan Yuedu (Guangzhou) Literature Information Technology Co., Ltd Shuqi Novel iOS 5.3.8 permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/250108-ShuqiNovel/250108-ShuqiNovel.pdf",

49
CVE-2024/CVE-2024-569xx/CVE-2024-56972.json
View File

@ -2,16 +2,59 @@
"id": "CVE-2024-56972",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T19:15:18.360",
"lastModified": "2025-01-27T19:15:18.360",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:54.580",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attackers to access sensitive user information via supplying a crafted link."
},
{
"lang": "es",
"value": "Un problema en Midea Group Co., Ltd Midea Home iOS 9.3.12 permite a los atacantes acceder a informaci\u00f3n confidencial del usuario mediante el suministro de un enlace manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZhouZiyi1/Vuls/blob/main/250109-MideaHome/250109-MideaHome.pdf",

41
CVE-2024/CVE-2024-570xx/CVE-2024-57052.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-57052",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T23:15:09.723",
"lastModified": "2025-01-27T23:15:09.723",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:54.727",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/yahaha9/720fb45bbebda62dc198568c8d275df8",

45
CVE-2024/CVE-2024-572xx/CVE-2024-57272.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-57272",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T17:15:16.730",
"lastModified": "2025-01-27T17:15:16.730",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:54.870",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower is vulnerable to Cross Site Scripting (XSS)."
},
{
"lang": "es",
"value": "SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A y versiones anteriores es vulnerable a Cross Site Scripting (XSS)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/kklzzcun/Camera/blob/main/SecureSTATION%20%E5%AD%98%E5%9C%A8%E5%8F%8D%E5%B0%84%E5%BD%A2XSS%E6%BC%8F%E6%B4%9E.md",

41
CVE-2024/CVE-2024-573xx/CVE-2024-57373.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-57373",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T23:15:09.830",
"lastModified": "2025-01-27T23:15:09.830",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:55.040",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "Cross Site Request Forgery vulnerability in LifestyleStore v.1.0 allows a remote attacker to execute arbitrary cod and obtain sensitive information."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/cypherdavy/CVE-2024-57373",

41
CVE-2024/CVE-2024-575xx/CVE-2024-57546.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-57546",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T23:15:09.947",
"lastModified": "2025-01-27T23:15:09.947",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:55.203",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb",

41
CVE-2024/CVE-2024-575xx/CVE-2024-57547.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-57547",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T23:15:10.057",
"lastModified": "2025-01-27T23:15:10.057",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:55.367",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb",

41
CVE-2024/CVE-2024-575xx/CVE-2024-57548.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-57548",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-27T23:15:10.180",
"lastModified": "2025-01-27T23:15:10.180",
"vulnStatus": "Received",
"lastModified": "2025-01-28T20:15:55.547",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "CMSimple 5.16 allows the user to edit log.php file via print page."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/h4ckr4v3n/afbb87b5a05f283dbee705709c2769eb",

Some files were not shown because too many files have changed in this diff Show More