From cf16e2f8c2060ab1a0cf549e81d57a759cd99f94 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 20 Oct 2024 10:03:18 +0000 Subject: [PATCH] Auto-Update: 2024-10-20T10:00:17.078428+00:00 --- CVE-2024/CVE-2024-101xx/CVE-2024-10193.json | 137 ++++++++++++++++++++ CVE-2024/CVE-2024-101xx/CVE-2024-10194.json | 137 ++++++++++++++++++++ CVE-2024/CVE-2024-101xx/CVE-2024-10195.json | 137 ++++++++++++++++++++ CVE-2024/CVE-2024-480xx/CVE-2024-48049.json | 56 ++++++++ CVE-2024/CVE-2024-492xx/CVE-2024-49286.json | 56 ++++++++ CVE-2024/CVE-2024-493xx/CVE-2024-49323.json | 56 ++++++++ CVE-2024/CVE-2024-493xx/CVE-2024-49324.json | 56 ++++++++ CVE-2024/CVE-2024-493xx/CVE-2024-49326.json | 56 ++++++++ CVE-2024/CVE-2024-493xx/CVE-2024-49327.json | 56 ++++++++ CVE-2024/CVE-2024-493xx/CVE-2024-49328.json | 56 ++++++++ CVE-2024/CVE-2024-493xx/CVE-2024-49329.json | 56 ++++++++ CVE-2024/CVE-2024-493xx/CVE-2024-49330.json | 56 ++++++++ CVE-2024/CVE-2024-493xx/CVE-2024-49331.json | 56 ++++++++ CVE-2024/CVE-2024-493xx/CVE-2024-49332.json | 56 ++++++++ CVE-2024/CVE-2024-493xx/CVE-2024-49334.json | 56 ++++++++ CVE-2024/CVE-2024-496xx/CVE-2024-49604.json | 56 ++++++++ CVE-2024/CVE-2024-496xx/CVE-2024-49606.json | 56 ++++++++ CVE-2024/CVE-2024-496xx/CVE-2024-49607.json | 56 ++++++++ CVE-2024/CVE-2024-496xx/CVE-2024-49608.json | 56 ++++++++ CVE-2024/CVE-2024-496xx/CVE-2024-49610.json | 56 ++++++++ CVE-2024/CVE-2024-496xx/CVE-2024-49611.json | 56 ++++++++ CVE-2024/CVE-2024-496xx/CVE-2024-49621.json | 56 ++++++++ CVE-2024/CVE-2024-496xx/CVE-2024-49622.json | 56 ++++++++ CVE-2024/CVE-2024-496xx/CVE-2024-49623.json | 56 ++++++++ CVE-2024/CVE-2024-496xx/CVE-2024-49624.json | 56 ++++++++ CVE-2024/CVE-2024-496xx/CVE-2024-49625.json | 56 ++++++++ CVE-2024/CVE-2024-496xx/CVE-2024-49626.json | 56 ++++++++ CVE-2024/CVE-2024-496xx/CVE-2024-49630.json | 56 ++++++++ CVE-2024/CVE-2024-496xx/CVE-2024-49631.json | 56 ++++++++ README.md | 35 ++++- _state.csv | 33 ++++- 31 files changed, 1927 insertions(+), 8 deletions(-) create mode 100644 CVE-2024/CVE-2024-101xx/CVE-2024-10193.json create mode 100644 CVE-2024/CVE-2024-101xx/CVE-2024-10194.json create mode 100644 CVE-2024/CVE-2024-101xx/CVE-2024-10195.json create mode 100644 CVE-2024/CVE-2024-480xx/CVE-2024-48049.json create mode 100644 CVE-2024/CVE-2024-492xx/CVE-2024-49286.json create mode 100644 CVE-2024/CVE-2024-493xx/CVE-2024-49323.json create mode 100644 CVE-2024/CVE-2024-493xx/CVE-2024-49324.json create mode 100644 CVE-2024/CVE-2024-493xx/CVE-2024-49326.json create mode 100644 CVE-2024/CVE-2024-493xx/CVE-2024-49327.json create mode 100644 CVE-2024/CVE-2024-493xx/CVE-2024-49328.json create mode 100644 CVE-2024/CVE-2024-493xx/CVE-2024-49329.json create mode 100644 CVE-2024/CVE-2024-493xx/CVE-2024-49330.json create mode 100644 CVE-2024/CVE-2024-493xx/CVE-2024-49331.json create mode 100644 CVE-2024/CVE-2024-493xx/CVE-2024-49332.json create mode 100644 CVE-2024/CVE-2024-493xx/CVE-2024-49334.json create mode 100644 CVE-2024/CVE-2024-496xx/CVE-2024-49604.json create mode 100644 CVE-2024/CVE-2024-496xx/CVE-2024-49606.json create mode 100644 CVE-2024/CVE-2024-496xx/CVE-2024-49607.json create mode 100644 CVE-2024/CVE-2024-496xx/CVE-2024-49608.json create mode 100644 CVE-2024/CVE-2024-496xx/CVE-2024-49610.json create mode 100644 CVE-2024/CVE-2024-496xx/CVE-2024-49611.json create mode 100644 CVE-2024/CVE-2024-496xx/CVE-2024-49621.json create mode 100644 CVE-2024/CVE-2024-496xx/CVE-2024-49622.json create mode 100644 CVE-2024/CVE-2024-496xx/CVE-2024-49623.json create mode 100644 CVE-2024/CVE-2024-496xx/CVE-2024-49624.json create mode 100644 CVE-2024/CVE-2024-496xx/CVE-2024-49625.json create mode 100644 CVE-2024/CVE-2024-496xx/CVE-2024-49626.json create mode 100644 CVE-2024/CVE-2024-496xx/CVE-2024-49630.json create mode 100644 CVE-2024/CVE-2024-496xx/CVE-2024-49631.json diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10193.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10193.json new file mode 100644 index 00000000000..4ee5aca10d6 --- /dev/null +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10193.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2024-10193", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-20T08:15:02.300", + "lastModified": "2024-10-20T08:15:02.300", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://docs.google.com/document/d/13XWnFITW31u5J8HeQj8Zm-7oLt-M1DtQ/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.280967", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.280967", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.422811", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10194.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10194.json new file mode 100644 index 00000000000..20093441378 --- /dev/null +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10194.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2024-10194", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-20T08:15:02.710", + "lastModified": "2024-10-20T08:15:02.710", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "ADJACENT", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 8.3 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 6.5, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://docs.google.com/document/d/1PodIMRe1f0Ql83jUXV5VIoc-Xsf9VC1K", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.280968", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.280968", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.422834", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10195.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10195.json new file mode 100644 index 00000000000..71152d97530 --- /dev/null +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10195.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2024-10195", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-20T09:15:02.393", + "lastModified": "2024-10-20T09:15:02.393", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by leads to sql injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://asciinema.org/a/2mwkmDqRZfeAYTu5hHre1r4QB", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.280969", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.280969", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.422994", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-480xx/CVE-2024-48049.json b/CVE-2024/CVE-2024-480xx/CVE-2024-48049.json new file mode 100644 index 00000000000..c3a7a116d94 --- /dev/null +++ b/CVE-2024/CVE-2024-480xx/CVE-2024-48049.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-48049", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T08:15:03.000", + "lastModified": "2024-10-20T08:15:03.000", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mighty Plugins Mighty Builder allows Stored XSS.This issue affects Mighty Builder: from n/a through 1.0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/mighty-builder/wordpress-mighty-builder-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-492xx/CVE-2024-49286.json b/CVE-2024/CVE-2024-492xx/CVE-2024-49286.json new file mode 100644 index 00000000000..b382ff7408c --- /dev/null +++ b/CVE-2024/CVE-2024-492xx/CVE-2024-49286.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49286", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T08:15:03.233", + "lastModified": "2024-10-20T08:15:03.233", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Moridrin SSV Events allows PHP Local File Inclusion.This issue affects SSV Events: from n/a through 3.2.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/ssv-events/wordpress-ssv-events-plugin-3-2-7-local-file-inclusion-to-rce-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49323.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49323.json new file mode 100644 index 00000000000..756224baa5c --- /dev/null +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49323.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49323", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T08:15:03.460", + "lastModified": "2024-10-20T08:15:03.460", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sourav All in One Slider allows Reflected XSS.This issue affects All in One Slider: from n/a through 1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/all-in-one-slider/wordpress-all-in-one-slider-plugin-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49324.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49324.json new file mode 100644 index 00000000000..9aa34d9f28f --- /dev/null +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49324.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49324", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T09:15:03.227", + "lastModified": "2024-10-20T09:15:03.227", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Sovratec Sovratec Case Management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/sovratec-case-management/wordpress-sovratec-case-management-plugin-1-0-0-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49326.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49326.json new file mode 100644 index 00000000000..8ae398e19ef --- /dev/null +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49326.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49326", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T09:15:03.750", + "lastModified": "2024-10-20T09:15:03.750", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Vasilis Kerasiotis Affiliator allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through 2.1.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/affiliator-lite/wordpress-affiliator-plugin-2-1-3-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49327.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49327.json new file mode 100644 index 00000000000..39061300f38 --- /dev/null +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49327.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49327", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T09:15:04.440", + "lastModified": "2024-10-20T09:15:04.440", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Asep Bagja Priandana Woostagram Connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through 1.0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woostagram-connect/wordpress-woostagram-connect-plugin-1-0-2-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49328.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49328.json new file mode 100644 index 00000000000..62d7b5e71b2 --- /dev/null +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49328.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49328", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T08:15:03.667", + "lastModified": "2024-10-20T08:15:03.667", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/rest-api-fns/wordpress-wp-rest-api-fns-plugin-plugin-1-0-0-account-takeover-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49329.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49329.json new file mode 100644 index 00000000000..bd393fdfab8 --- /dev/null +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49329.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49329", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T09:15:04.860", + "lastModified": "2024-10-20T09:15:04.860", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Vivek Tamrakar WP REST API FNS allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/rest-api-fns/wordpress-wp-rest-api-fns-plugin-1-0-0-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49330.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49330.json new file mode 100644 index 00000000000..449b2cf44d8 --- /dev/null +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49330.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49330", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T09:15:05.133", + "lastModified": "2024-10-20T09:15:05.133", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/nicebackgrounds/wordpress-nice-backgrounds-plugin-1-0-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49331.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49331.json new file mode 100644 index 00000000000..183b866eb8c --- /dev/null +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49331.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49331", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T09:15:05.377", + "lastModified": "2024-10-20T09:15:05.377", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through 4.2.38." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/plms/wordpress-property-lot-management-system-plugin-4-2-38-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49332.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49332.json new file mode 100644 index 00000000000..6d23dc331f4 --- /dev/null +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49332.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49332", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T09:15:05.560", + "lastModified": "2024-10-20T09:15:05.560", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Giveaway Boost allows Object Injection.This issue affects Giveaway Boost: from n/a through 2.1.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/giveaway-boost/wordpress-giveaway-boost-plugin-2-1-4-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49334.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49334.json new file mode 100644 index 00000000000..4fc4954fcdf --- /dev/null +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49334.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49334", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T08:15:03.907", + "lastModified": "2024-10-20T08:15:03.907", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Unizoe Web Solutions jLayer Parallax Slider allows Reflected XSS.This issue affects jLayer Parallax Slider: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/jlayer-parallax-slider-wp/wordpress-jlayer-parallax-slider-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49604.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49604.json new file mode 100644 index 00000000000..ec8c89669ee --- /dev/null +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49604.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49604", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T08:15:04.117", + "lastModified": "2024-10-20T08:15:04.117", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-registration/wordpress-simple-user-registration-plugin-5-5-account-takeover-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49606.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49606.json new file mode 100644 index 00000000000..e41ce180177 --- /dev/null +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49606.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49606", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T08:15:04.323", + "lastModified": "2024-10-20T08:15:04.323", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dotsquares Google Map Locations allows Reflected XSS.This issue affects Google Map Locations: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/google-map-locations/wordpress-google-map-locations-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49607.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49607.json new file mode 100644 index 00000000000..82970169673 --- /dev/null +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49607.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49607", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T09:15:05.763", + "lastModified": "2024-10-20T09:15:05.763", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-dropbox-dropins/wordpress-wp-dropbox-dropins-plugin-1-0-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49608.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49608.json new file mode 100644 index 00000000000..0de74aa2f20 --- /dev/null +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49608.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49608", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T09:15:05.973", + "lastModified": "2024-10-20T09:15:05.973", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": ": Incorrect Privilege Assignment vulnerability in Gerry Ntabuhashe GERRYWORKS Post by Mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/gerryworks-post-by-mail/wordpress-gerryworks-post-by-mail-plugin-1-0-privilege-escalation-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49610.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49610.json new file mode 100644 index 00000000000..12f1fcee20f --- /dev/null +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49610.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49610", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T09:15:06.190", + "lastModified": "2024-10-20T09:15:06.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Jack Zhu allows Upload a Web Shell to a Web Server.This issue affects photokit: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/photokit/wordpress-photokit-plugin-1-0-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49611.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49611.json new file mode 100644 index 00000000000..5875db76464 --- /dev/null +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49611.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49611", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T08:15:04.523", + "lastModified": "2024-10-20T08:15:04.523", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Paxman Product Website Showcase allows Upload a Web Shell to a Web Server.This issue affects Product Website Showcase: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/product-websites-showcase/wordpress-product-website-showcase-plugin-1-0-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49621.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49621.json new file mode 100644 index 00000000000..f4855053d5f --- /dev/null +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49621.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49621", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T09:15:06.390", + "lastModified": "2024-10-20T09:15:06.390", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Apa APA Register Newsletter Form allows SQL Injection.This issue affects APA Register Newsletter Form: from n/a through 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/apa-register-newsletter-form/wordpress-apa-register-newsletter-form-plugin-1-0-0-csrf-to-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49622.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49622.json new file mode 100644 index 00000000000..e2370b1527c --- /dev/null +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49622.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49622", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T09:15:06.613", + "lastModified": "2024-10-20T09:15:06.613", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Apa Apa Banner Slider allows SQL Injection.This issue affects Apa Banner Slider: from n/a through 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/apa-banner-slider/wordpress-apa-banner-slider-plugin-1-0-0-csrf-to-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49623.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49623.json new file mode 100644 index 00000000000..8570977a3c3 --- /dev/null +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49623.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49623", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T09:15:06.810", + "lastModified": "2024-10-20T09:15:06.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hasan Movahed Duplicate Title Validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 8.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/duplicate-title-validate/wordpress-duplicate-title-validate-plugin-1-0-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49624.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49624.json new file mode 100644 index 00000000000..3f9ab90cf40 --- /dev/null +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49624.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49624", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T09:15:07.013", + "lastModified": "2024-10-20T09:15:07.013", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Smartdevth Advanced Advertising System allows Object Injection.This issue affects Advanced Advertising System: from n/a through 1.3.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/advanced-advertising-system/wordpress-advanced-advertising-system-plugin-1-3-1-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49625.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49625.json new file mode 100644 index 00000000000..34a9eb684a6 --- /dev/null +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49625.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49625", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T09:15:07.220", + "lastModified": "2024-10-20T09:15:07.220", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Brandon Clark SiteBuilder Dynamic Components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/sitebuilder-dynamic-components/wordpress-sitebuilder-dynamic-components-plugin-1-0-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49626.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49626.json new file mode 100644 index 00000000000..efb17f731ca --- /dev/null +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49626.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49626", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T08:15:04.730", + "lastModified": "2024-10-20T08:15:04.730", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Piyushmca Shipyaari Shipping Management allows Object Injection.This issue affects Shipyaari Shipping Management: from n/a through 1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/shipyaari-shipping-managment/wordpress-shipyaari-shipping-management-plugin-1-2-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49630.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49630.json new file mode 100644 index 00000000000..36affcecf73 --- /dev/null +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49630.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49630", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T08:15:04.933", + "lastModified": "2024-10-20T08:15:04.933", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HT Plugins WP Education allows Stored XSS.This issue affects WP Education: from n/a through 1.2.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-education/wordpress-wp-education-for-elementor-plugin-1-2-8-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49631.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49631.json new file mode 100644 index 00000000000..2dfd6baa198 --- /dev/null +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49631.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49631", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-20T08:15:05.130", + "lastModified": "2024-10-20T08:15:05.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Md Abdul Kader Easy Addons for Elementor allows Stored XSS.This issue affects Easy Addons for Elementor: from n/a through 1.3.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/easy-addons-for-elementor/wordpress-easy-addons-for-elementor-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index aa9a8c1f980..38372f4e401 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-20T08:00:17.292542+00:00 +2024-10-20T10:00:17.078428+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-20T07:15:02.103000+00:00 +2024-10-20T09:15:07.220000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -266184 +266213 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `29` -- [CVE-2024-10191](CVE-2024/CVE-2024-101xx/CVE-2024-10191.json) (`2024-10-20T06:15:02.413`) -- [CVE-2024-10192](CVE-2024/CVE-2024-101xx/CVE-2024-10192.json) (`2024-10-20T07:15:02.103`) +- [CVE-2024-49286](CVE-2024/CVE-2024-492xx/CVE-2024-49286.json) (`2024-10-20T08:15:03.233`) +- [CVE-2024-49323](CVE-2024/CVE-2024-493xx/CVE-2024-49323.json) (`2024-10-20T08:15:03.460`) +- [CVE-2024-49324](CVE-2024/CVE-2024-493xx/CVE-2024-49324.json) (`2024-10-20T09:15:03.227`) +- [CVE-2024-49326](CVE-2024/CVE-2024-493xx/CVE-2024-49326.json) (`2024-10-20T09:15:03.750`) +- [CVE-2024-49327](CVE-2024/CVE-2024-493xx/CVE-2024-49327.json) (`2024-10-20T09:15:04.440`) +- [CVE-2024-49328](CVE-2024/CVE-2024-493xx/CVE-2024-49328.json) (`2024-10-20T08:15:03.667`) +- [CVE-2024-49329](CVE-2024/CVE-2024-493xx/CVE-2024-49329.json) (`2024-10-20T09:15:04.860`) +- [CVE-2024-49330](CVE-2024/CVE-2024-493xx/CVE-2024-49330.json) (`2024-10-20T09:15:05.133`) +- [CVE-2024-49331](CVE-2024/CVE-2024-493xx/CVE-2024-49331.json) (`2024-10-20T09:15:05.377`) +- [CVE-2024-49332](CVE-2024/CVE-2024-493xx/CVE-2024-49332.json) (`2024-10-20T09:15:05.560`) +- [CVE-2024-49334](CVE-2024/CVE-2024-493xx/CVE-2024-49334.json) (`2024-10-20T08:15:03.907`) +- [CVE-2024-49604](CVE-2024/CVE-2024-496xx/CVE-2024-49604.json) (`2024-10-20T08:15:04.117`) +- [CVE-2024-49606](CVE-2024/CVE-2024-496xx/CVE-2024-49606.json) (`2024-10-20T08:15:04.323`) +- [CVE-2024-49607](CVE-2024/CVE-2024-496xx/CVE-2024-49607.json) (`2024-10-20T09:15:05.763`) +- [CVE-2024-49608](CVE-2024/CVE-2024-496xx/CVE-2024-49608.json) (`2024-10-20T09:15:05.973`) +- [CVE-2024-49610](CVE-2024/CVE-2024-496xx/CVE-2024-49610.json) (`2024-10-20T09:15:06.190`) +- [CVE-2024-49611](CVE-2024/CVE-2024-496xx/CVE-2024-49611.json) (`2024-10-20T08:15:04.523`) +- [CVE-2024-49621](CVE-2024/CVE-2024-496xx/CVE-2024-49621.json) (`2024-10-20T09:15:06.390`) +- [CVE-2024-49622](CVE-2024/CVE-2024-496xx/CVE-2024-49622.json) (`2024-10-20T09:15:06.613`) +- [CVE-2024-49623](CVE-2024/CVE-2024-496xx/CVE-2024-49623.json) (`2024-10-20T09:15:06.810`) +- [CVE-2024-49624](CVE-2024/CVE-2024-496xx/CVE-2024-49624.json) (`2024-10-20T09:15:07.013`) +- [CVE-2024-49625](CVE-2024/CVE-2024-496xx/CVE-2024-49625.json) (`2024-10-20T09:15:07.220`) +- [CVE-2024-49626](CVE-2024/CVE-2024-496xx/CVE-2024-49626.json) (`2024-10-20T08:15:04.730`) +- [CVE-2024-49630](CVE-2024/CVE-2024-496xx/CVE-2024-49630.json) (`2024-10-20T08:15:04.933`) +- [CVE-2024-49631](CVE-2024/CVE-2024-496xx/CVE-2024-49631.json) (`2024-10-20T08:15:05.130`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 0c6cddae623..eb93bae4e4c 100644 --- a/_state.csv +++ b/_state.csv @@ -242308,8 +242308,11 @@ CVE-2024-10171,0,0,60d7017912088a83451045313890efea0a3c4a8f38779b7c5b7680aa67b3f CVE-2024-10173,0,0,694065e426755de8442b8b1e2a83d2200f1796f2f77c0caced3c41944e1a6b83,2024-10-20T05:15:02.830000 CVE-2024-1018,0,0,6a41753bbb9bddfdeb27e8da1aa301f604399583ccfe73ec2b7c0e024f66f45f,2024-05-17T02:35:10.733000 CVE-2024-1019,0,0,9d34fb91efb6a448073ac765944da7eab7ec7fd07c6fef378639c859599f6841,2024-02-20T02:15:49.973000 -CVE-2024-10191,1,1,0d543e8a82bc8c79a47d9712105c05a38228b23d0440b597d65516663ce860f2,2024-10-20T06:15:02.413000 -CVE-2024-10192,1,1,9f3a26656d3a0aa5ee219d066ee638d49fb09c17860b4f18ed9a6f860568e3c9,2024-10-20T07:15:02.103000 +CVE-2024-10191,0,0,0d543e8a82bc8c79a47d9712105c05a38228b23d0440b597d65516663ce860f2,2024-10-20T06:15:02.413000 +CVE-2024-10192,0,0,9f3a26656d3a0aa5ee219d066ee638d49fb09c17860b4f18ed9a6f860568e3c9,2024-10-20T07:15:02.103000 +CVE-2024-10193,1,1,b93daf4f357fcb75b4b37e60362b781cc35ddbaaea37fe390b0a2133c2aa00aa,2024-10-20T08:15:02.300000 +CVE-2024-10194,1,1,01d2cafbf34c62e6f1147d9592057704a8ba426a02b5123a102e0bc34f4d9f79,2024-10-20T08:15:02.710000 +CVE-2024-10195,1,1,ed593f10b27233229e70d7006e552e63b4bf846b117fb3ae7173871eb91ce5c3,2024-10-20T09:15:02.393000 CVE-2024-1020,0,0,d848db5207b830f092dac5463c394c0f65f6423556f55d15e70d177c797c2de1,2024-05-17T02:35:10.867000 CVE-2024-1021,0,0,89180a6ed9705fc79d8d8a15633a1cfe9e27adac2a4a623501249d49427826d0,2024-05-17T02:35:10.970000 CVE-2024-1022,0,0,f42eaa1b302319f7e3148377e0522c31bf6c16d407215c446c1d3f1b55b4debd,2024-05-17T02:35:11.070000 @@ -262165,6 +262168,7 @@ CVE-2024-48043,0,0,d7022e96ce1ce67c4f59e004a095bf6b87f052300567a30fb9f9fb2d5938d CVE-2024-48046,0,0,423091e4b5e8d6a105e8bdc778f5cf951b1df2d4a2635710b325a5130f1d15ea,2024-10-18T12:52:33.507000 CVE-2024-48047,0,0,3283398b8a8a75e7e31eaa0ac97fe84164a0704ec4cafc99d8da73b654c081f8,2024-10-18T12:52:33.507000 CVE-2024-48048,0,0,eca0ce0d3598806c22101f7f6a854102f0b0e3e7ffa812170ec79d143adac13e,2024-10-18T12:52:33.507000 +CVE-2024-48049,1,1,c6cef7042c3715849b7db8cf2901ac7f2456fb67bd07d6a07453176e6135ff84,2024-10-20T08:15:03 CVE-2024-4805,0,0,a2ff69b1db9dd7c01e8bcdbe532fffb4f68853ea688982e077b1b01529f57c85,2024-06-04T19:20:50.553000 CVE-2024-4806,0,0,f8a0e203429c4f99450a15aa6a4b26ee8c7effa68e79948138bc0eccf2af8e7f,2024-06-04T19:20:50.670000 CVE-2024-4807,0,0,e5ccc41d46958232939be978f4766518ab72a806619364a653b00c23b63fbc68,2024-06-04T19:20:50.770000 @@ -262431,6 +262435,7 @@ CVE-2024-49282,0,0,3a6f5cd82ec68a1bfbe1f4f156ef6268706ea2c2772c6f37ca60ccaad2879 CVE-2024-49283,0,0,261a1f8cfe011441b757e2549150d49caf0cbd82863bcb1702fead1f8711ada8,2024-10-18T12:52:33.507000 CVE-2024-49284,0,0,bec1f0da1bcb0850e4841345e95550bca16d99530b59e5207d183ff1f4e1c3e0,2024-10-18T12:52:33.507000 CVE-2024-49285,0,0,6f46c329c3d1526d526943e0333d6d72992c68afd2913a4ef362b73e606f2e17,2024-10-18T12:52:33.507000 +CVE-2024-49286,1,1,afd3215a4f6eb26b8efcaa632ef4959bc1f464dea27447d4b8933cf82ca9222b,2024-10-20T08:15:03.233000 CVE-2024-49287,0,0,0066d2fce1ed85532c90a9906dc911278ca46d873038b8dcfb2d0c4b3b95c685,2024-10-18T12:52:33.507000 CVE-2024-49288,0,0,9794858fdab905561c3b5d43269f1d3f1bacba7fba1bb0436d9d456534b0053f,2024-10-18T12:52:33.507000 CVE-2024-49289,0,0,1007ec713acd15fdb5c2262f73a22207aad725968297cd9b79b0f4fcd3d741cb,2024-10-18T12:52:33.507000 @@ -262464,7 +262469,17 @@ CVE-2024-49319,0,0,42677cde087b60b4589de437a49f5349c2181024ba44b1ead05df0b607435 CVE-2024-4932,0,0,c4279e0e81804cf3f06e3c52edfd706c295877ccc3771ef54ad83261fb500b37,2024-05-17T02:40:43.357000 CVE-2024-49320,0,0,f646a0aed9b94f9c2a4b6085270ae6d0667dce332670da7784078783e12bfcb6,2024-10-18T12:52:33.507000 CVE-2024-49322,0,0,541e4efebd0d76588052862000e37b2e98e8b9ac15619c2b0422f26ed3288fd3,2024-10-18T12:52:33.507000 +CVE-2024-49323,1,1,a0c9fe1ee25043a5c6ce05b64b3da5b674bffb891728ab885f2c49640cf68957,2024-10-20T08:15:03.460000 +CVE-2024-49324,1,1,cc2f963c5f422ee0027ce69cf8bf6eafe929476dcf60ea9a2e07206d47bfbab4,2024-10-20T09:15:03.227000 +CVE-2024-49326,1,1,d7908215e9d2214195d5bc633c5438a600bd9c43bad62020f15072425e6fcc81,2024-10-20T09:15:03.750000 +CVE-2024-49327,1,1,e41bb1c667eb48938a61682c1c37a793df0b5de0b414fa2a241672410499ff91,2024-10-20T09:15:04.440000 +CVE-2024-49328,1,1,0d6ecb7d5c6fcb51275a237ec2f39deaca4172d76585df39c61a1b0c61d9109a,2024-10-20T08:15:03.667000 +CVE-2024-49329,1,1,59670216a09b4738ba946011f66a4c6a99a3913bbd36d8936b66a62208466f47,2024-10-20T09:15:04.860000 CVE-2024-4933,0,0,4d4c0ec531cab6a4561c767f5a9082d29f26ceefaadcc74bb08507bf05ca5d17,2024-06-04T19:20:54.643000 +CVE-2024-49330,1,1,4a14d60e6487eed0a0e509e68520c01a154c90f737f6d3f17ca17d212bc1005a,2024-10-20T09:15:05.133000 +CVE-2024-49331,1,1,8315190692b66bdd9dc06750b13ee16e7d7ed6ee7975da2ee77eecdc1b9ec128,2024-10-20T09:15:05.377000 +CVE-2024-49332,1,1,b946a62d8dd58f6ed9eeec4e464b268cf9dc10e8958bc966734228931575c636,2024-10-20T09:15:05.560000 +CVE-2024-49334,1,1,593a46afaef51690e8b3758fb4bd27c91fe210e50d585ffc4f5027ebabcfb2a7,2024-10-20T08:15:03.907000 CVE-2024-4934,0,0,fd5d4b9709dde517f56a9aae7369c165c45ceba9bcf88bee680213c2fc56b62f,2024-08-01T13:59:37.220000 CVE-2024-49340,0,0,37285f025630fd9eb79c4269f84ef859e190bfac2e34728b5f3d3dbad2273eb0,2024-10-16T16:38:14.557000 CVE-2024-4936,0,0,51b2c41822c3ce01e84bd55c02328ac3499013d52d632d2af56d406c35d5a658,2024-08-06T18:29:27.013000 @@ -262504,9 +262519,23 @@ CVE-2024-49580,0,0,2a4b2f9ee960712197ef0f3776cc1a15f015ed4f9adbe3a24755a9ff67152 CVE-2024-4959,0,0,862ee7700763d202e5d5dada80050e48cca3b83d56a63673f2017bcf5adb7503,2024-07-03T02:08:22.750000 CVE-2024-49593,0,0,28b8568333d09b89b040a623f287dcf302e51d7008368ee150b7fde946577e54,2024-10-18T12:53:04.627000 CVE-2024-4960,0,0,1e2962fabc78c9680506fb58bfd339ee733c096965130a77b4df6d334c6fc642,2024-08-01T21:15:53.753000 +CVE-2024-49604,1,1,b40933b0080b8f014da1d2708b99a9bd5694c1bc5fb401c2b9cc2bcd9eb9aabe,2024-10-20T08:15:04.117000 +CVE-2024-49606,1,1,970c4f813628b1c92dfe10abaccfba5e5bb9dcacf698b41a73eab726e1985769,2024-10-20T08:15:04.323000 +CVE-2024-49607,1,1,394d1823ee45ac19dcec09bf4d66a301e3354aa44e2c061cc1cf9d5564aabd0c,2024-10-20T09:15:05.763000 +CVE-2024-49608,1,1,5703481f68249d421fa1894222a1c8fdcb1148e41f290d4834fe8cacc7c5c9f2,2024-10-20T09:15:05.973000 CVE-2024-4961,0,0,fcb73b246c680abaae254870453939d7dbf5d8c46c3dbb2f7ab747d994c3a111,2024-08-01T21:15:53.893000 +CVE-2024-49610,1,1,b101be7ee593fa54887871bddc9d836a4ce7e6f96fc62bf46db38e2c2511cac7,2024-10-20T09:15:06.190000 +CVE-2024-49611,1,1,c4b41ef91e7d543f2fac2d2d92091ee29cb741f381295d71e0c877c5c7190fbe,2024-10-20T08:15:04.523000 CVE-2024-4962,0,0,b9e851b58a3c7e382510249caa4fcb1d6185432495cf3586b8784f0d9e4becfd,2024-08-01T21:15:54 +CVE-2024-49621,1,1,31c5fc383c2bcd92c8016fc1e37275b190c35f48a40db581601ab773f1a0cc51,2024-10-20T09:15:06.390000 +CVE-2024-49622,1,1,bc572e3dd5a73f77b49c87edadcb0ac0fb6fabc75afd5e88d295cad9a4c6127f,2024-10-20T09:15:06.613000 +CVE-2024-49623,1,1,f6c67fa2af542014e989cfcfe48235a26dcefd0e335430c5b37d90bf937998d5,2024-10-20T09:15:06.810000 +CVE-2024-49624,1,1,8847baeee1605f47537944445db3a53a137bb62a458b2490652be0df62649a76,2024-10-20T09:15:07.013000 +CVE-2024-49625,1,1,b834beffa72f84e4ed52feffb817767630e94087ee1dc7bde031b748f614fba0,2024-10-20T09:15:07.220000 +CVE-2024-49626,1,1,8eec36db163acf17703deb452e38c37d7800102b1591ba9946f04fb09303b66d,2024-10-20T08:15:04.730000 CVE-2024-4963,0,0,ef1fba35c0790604656a5e5622c9c7f4af0f1d1414e5784cd7a21207910d8397,2024-08-01T21:15:54.113000 +CVE-2024-49630,1,1,c6691254deb15688d63a82ac964df1c02ee7fab215e1972b2aba0fd7a14bf009,2024-10-20T08:15:04.933000 +CVE-2024-49631,1,1,8a93e4c32c1333afdbac1599269c1679d369ac64b691a32e25df596e3de86d58,2024-10-20T08:15:05.130000 CVE-2024-4964,0,0,786ceb95d48675f478c0edd25187f0304d39eb81096edb79d2e9ae0401f68be3,2024-08-01T21:15:54.223000 CVE-2024-4965,0,0,5bd9bf33c1ad1b27237ab2761363d4d9817c8f50155c84d844f98b12772718a0,2024-08-08T15:15:18.730000 CVE-2024-4966,0,0,ca96dc16e6a41cb4de3af3c10d7787996b0688fd8eb0522e09efb3ad5052b418,2024-05-17T02:40:44.507000