admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-06T17:00:38.413558+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-06 17:00:42 +00:00
parent 8b0541f095
commit d0bb9a5291
39 changed files with 1930 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2023/CVE-2023-351xx/CVE-2023-35188.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-35188",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-02-06T16:15:51.140",
"lastModified": "2024-02-06T16:15:51.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@solarwinds.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@solarwinds.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm",
"source": "psirt@solarwinds.com"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35188",
"source": "psirt@solarwinds.com"
}
]
}

59
CVE-2023/CVE-2023-461xx/CVE-2023-46183.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-46183",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-06T16:15:51.370",
"lastModified": "2024-02-06T16:15:51.370",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could allow a system administrator to obtain sensitive partition information. IBM X-Force ID: 269695."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269695",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7114982",
"source": "psirt@us.ibm.com"
}
]
}

76
CVE-2023/CVE-2023-490xx/CVE-2023-49038.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49038",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-29T21:15:08.620",
"lastModified": "2024-01-30T14:18:33.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T16:35:06.483",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,79 @@
"value": "La inyecci\u00f3n de comandos en la utilidad ping en Buffalo LS210D 1.78-0.03 permite a un atacante remoto autenticado inyectar comandos arbitrarios en el NAS como root."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:buffalo:ls210d_firmware:1.78-0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE4F37A-F2E5-45F4-A10C-CB92F4C9EF08"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:buffalo:ls210d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9960AF04-5AF3-408D-828C-FBDE6169C539"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/christopher-pace/CVE-2023-49038",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-503xx/CVE-2023-50395.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-50395",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-02-06T16:15:51.573",
"lastModified": "2024-02-06T16:15:51.573",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nSQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@solarwinds.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@solarwinds.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm",
"source": "psirt@solarwinds.com"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-50395",
"source": "psirt@solarwinds.com"
}
]
}

61
CVE-2023/CVE-2023-521xx/CVE-2023-52191.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-52191",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-01T10:15:09.700",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-06T16:58:26.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Torbjon Infogram \u2013 Add charts, maps and infographics allows Stored XSS.This issue affects Infogram \u2013 Add charts, maps and infographics: from n/a through 1.6.1.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Torbjon Infogram \u2013 Add charts, maps and infographics permite XSS almacenado. Este problema afecta a Infogram \u2013 Add charts, maps and infographics: desde n/a hasta 1.6. 1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:torbjon:infogram:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.1",
"matchCriteriaId": "E029EFBF-F440-46A1-981B-4E70EE5B8E25"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/infogram/wordpress-infogram-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

15
CVE-2023/CVE-2023-55xx/CVE-2023-5584.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-5584",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-06T15:15:08.247",
"lastModified": "2024-02-06T15:15:08.247",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: We have rejected this CVE as it was determined a non-security issue by the vendor."
}
],
"metrics": {},
"references": []
}

14
CVE-2023/CVE-2023-62xx/CVE-2023-6291.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6291",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-26T15:15:08.280",
"lastModified": "2024-02-04T20:15:46.173",
"vulnStatus": "Modified",
"lastModified": "2024-02-06T16:09:02.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -21,7 +21,7 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -29,12 +29,12 @@
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
"impactScore": 3.7
},
{
"source": "secalert@redhat.com",

10
CVE-2023/CVE-2023-66xx/CVE-2023-6679.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6679",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-11T19:15:09.440",
"lastModified": "2024-02-06T05:15:10.020",
"lastModified": "2024-02-06T15:15:08.397",
"vulnStatus": "Modified",
"descriptions": [
{
@ -41,19 +41,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]

12
CVE-2023/CVE-2023-69xx/CVE-2023-6915.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6915",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-15T10:15:26.627",
"lastModified": "2024-01-31T12:16:04.157",
"lastModified": "2024-02-06T15:15:08.610",
"vulnStatus": "Modified",
"descriptions": [
{
@ -41,8 +41,8 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
@ -50,10 +50,10 @@
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]

59
CVE-2024/CVE-2024-09xx/CVE-2024-0911.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0911",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-02-06T15:15:08.827",
"lastModified": "2024-02-06T15:15:08.827",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Indent. This issue may allow a local user to use a specially-crafted file to trigger a heap-based buffer overflow, which can lead to an application crash."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0911",
"source": "patrick@puiterwijk.org"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260399",
"source": "patrick@puiterwijk.org"
}
]
}

88
CVE-2024/CVE-2024-12xx/CVE-2024-1251.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1251",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-06T16:15:51.793",
"lastModified": "2024-02-06T16:15:51.793",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /general/email/outbox/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-252990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/rockersiyuan/CVE/blob/main/TongDa%20Sql%20inject.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252990",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252990",
"source": "cna@vuldb.com"
}
]
}

63
CVE-2024/CVE-2024-221xx/CVE-2024-22146.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22146",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T19:15:08.820",
"lastModified": "2024-01-31T19:54:43.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-06T15:51:01.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Magazine3 Schema & Structured Data for WP & AMP permite XSS almacenado. Este problema afecta a Schema & Structured Data for WP & AMP: desde n/a hasta 1.25."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magazine3:schema_\\&_structured_data_for_wp_\\&_amp:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.25",
"matchCriteriaId": "2D561161-6D83-49C8-8323-BE6A7FBEB565"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/schema-and-structured-data-for-wp/wordpress-schema-structured-data-for-wp-amp-plugin-1-25-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-221xx/CVE-2024-22150.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22150",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T19:15:09.013",
"lastModified": "2024-01-31T19:54:43.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-06T15:42:52.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PWR Plugins Portfolio & Image Gallery for WordPress | PowerFolio allows Stored XSS.This issue affects Portfolio & Image Gallery for WordPress | PowerFolio: from n/a through 3.1.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en PWR Plugins Portfolio & Image Gallery para WordPress | PowerFolio permite XSS almacenado. Este problema afecta a Portfolio & Image Gallery para WordPress | PowerFolio: desde n/a hasta 3.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pwrplugins:powerfolio:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1",
"matchCriteriaId": "E9ADCA69-47B9-4F97-B514-0E67CB790A66"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/portfolio-elementor/wordpress-powerfolio-plugin-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-221xx/CVE-2024-22153.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22153",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T19:15:09.270",
"lastModified": "2024-01-31T19:54:43.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T15:43:49.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood & Alexandre Faustino Stock Locations for WooCommerce allows Stored XSS.This issue affects Stock Locations for WooCommerce: from n/a through 2.5.9.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Fahad Mahmood & Alexandre Faustino Stock Locations para WooCommerce permite XSS almacenado. Este problema afecta a Stock Locations para WooCommerce: desde n/a hasta 2.5.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fahadmahmood8:stock_locations_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.6.0",
"matchCriteriaId": "C8E3E37C-88B7-4E07-86B0-7CBEF8A9D007"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/stock-locations-for-woocommerce/wordpress-stock-locations-for-woocommerce-plugin-2-5-9-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-221xx/CVE-2024-22158.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22158",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T19:15:09.470",
"lastModified": "2024-01-31T19:54:43.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-06T15:25:24.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles allows Stored XSS.This issue affects Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles: from n/a before 6.3.1.0.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en PeepSo Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles permite XSS almacenado. Este problema afecta a Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles: desde n/a antes de 6.3.1.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:peepso:peepso:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.3.1.0",
"matchCriteriaId": "ECA12CC3-0411-469A-AF91-9366DB139284"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/peepso-photos/wordpress-peepso-photos-add-on-plugin-6-3-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-221xx/CVE-2024-22159.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22159",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T19:15:09.650",
"lastModified": "2024-01-31T19:54:43.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-06T15:37:01.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional allows Reflected XSS.This issue affects WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en realmag777 WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional permite XSS reflejado. Este problema afecta a WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional: desde n/a hasta 1.0.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluginus:wolf_-_wordpress_posts_bulk_editor_and_products_manager_professional:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.8",
"matchCriteriaId": "0F354D3C-B26C-4866-92D1-DE33AE6D8732"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bulk-editor/wordpress-wolf-wordpress-posts-bulk-editor-and-manager-professional-plugin-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-222xx/CVE-2024-22282.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22282",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T18:15:48.423",
"lastModified": "2024-01-31T19:54:43.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-06T16:55:19.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Torbert SimpleMap Store Locator allows Reflected XSS.This issue affects SimpleMap Store Locator: from n/a through 2.6.1.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Michael Torbert SimpleMap Store Locator permite XSS reflejado. Este problema afecta a SimpleMap Store Locator: desde n/a hasta 2.6.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simplemap-plugin:simplemap_store_locator:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.6.1",
"matchCriteriaId": "4DBDD7B6-8025-4661-A989-4CECD3B9D288"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/simplemap/wordpress-simplemap-store-locator-plugin-2-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-222xx/CVE-2024-22286.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22286",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T18:15:48.663",
"lastModified": "2024-01-31T19:54:43.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-06T15:08:36.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aluka BA Plus \u2013 Before & After Image Slider FREE allows Reflected XSS.This issue affects BA Plus \u2013 Before & After Image Slider FREE: from n/a through 1.0.3.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Aluka BA Plus \u2013 Before & After Image Slider FREE permite XSS reflejado. Este problema afecta a BA Plus \u2013 Before & After Image Slider FREE: desde n/a hasta 1.0.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aluka:ba_plus:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.3",
"matchCriteriaId": "3AF2463C-B445-46C3-8781-17B475FD56A9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ba-plus-before-after-image-slider-free/wordpress-ba-plus-plugin-1-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-222xx/CVE-2024-22289.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22289",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T18:15:48.863",
"lastModified": "2024-01-31T19:54:43.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-06T15:15:04.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cybernetikz Post views Stats allows Reflected XSS.This issue affects Post views Stats: from n/a through 1.3.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en cybernetikz Post views Stats permiten XSS reflejado. Este problema afecta a Post views Stats: desde n/a hasta 1.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cybernetikz:post_views_stats:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3",
"matchCriteriaId": "168B4545-E28B-4DF8-B5D0-1B846D58933B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/post-views-stats/wordpress-post-views-stats-plugin-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-222xx/CVE-2024-22292.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22292",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T18:15:49.053",
"lastModified": "2024-01-31T19:54:43.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-06T15:23:23.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.2.8.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Delower WP To Do permite XSS almacenado. Este problema afecta a WP To Do: desde n/a hasta 1.2.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:delower:wp_to_do:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.8",
"matchCriteriaId": "9F8E9731-5ED1-47A1-8842-9E2C3C5B7277"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-todo/wordpress-wp-to-do-plugin-1-2-8-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-222xx/CVE-2024-22293.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22293",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T18:15:49.250",
"lastModified": "2024-01-31T19:54:43.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-06T15:44:56.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.This issue affects BP Profile Search: from n/a through 5.5.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Andrea Tarantini BP Profile Search permite XSS reflejado. Este problema afecta a BP Profile Search: desde n/a hasta 5.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dontdream:bp_profile_search:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.5",
"matchCriteriaId": "5C5BF536-8E69-424D-BC6A-87A35064406B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bp-profile-search/wordpress-bp-profile-search-plugin-5-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-222xx/CVE-2024-22295.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22295",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T18:15:49.443",
"lastModified": "2024-01-31T19:54:43.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-06T15:49:30.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery allows Stored XSS.This issue affects Photo Gallery, Images, Slider in Rbs Image Gallery: from n/a through 3.2.17.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en RoboSoft Photo Gallery, Images, Slider en Rbs Image Gallery permite XSS almacenado. Este problema afecta a Photo Gallery, Images y Slider en Rbs Image Gallery: desde n/ a hasta 3.2.17."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:robogallery:robo_gallery:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.17",
"matchCriteriaId": "29B1FD90-1044-4572-A252-04C020312665"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/robo-gallery/wordpress-robo-gallery-plugin-3-2-17-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-222xx/CVE-2024-22297.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22297",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T18:15:49.627",
"lastModified": "2024-01-31T19:54:43.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-06T15:38:07.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeboxr CBX Map for Google Map & OpenStreetMap allows Stored XSS.This issue affects CBX Map for Google Map & OpenStreetMap: from n/a through 1.1.11.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Codeboxr CBX Map para Google Map y OpenStreetMap permite XSS almacenado. Este problema afecta a CBX Map para Google Map y OpenStreetMap: desde n/a hasta 1.1.11."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeboxr:cbx_map:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.11",
"matchCriteriaId": "CDADD17B-CAB4-427A-BBAC-480B75E27270"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cbxgooglemap/wordpress-cbx-map-for-google-map-openstreetmap-plugin-1-1-11-cross-site-scripting-xss-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-223xx/CVE-2024-22302.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22302",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T17:15:34.247",
"lastModified": "2024-01-31T19:54:51.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T15:03:44.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignazio Scimone Albo Pretorio On line allows Stored XSS.This issue affects Albo Pretorio On line: from n/a through 4.6.6.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Ignazio Scimone Albo Pretorio On line permite XSS almacenado. Este problema afecta a Albo Pretorio On line: desde n/a hasta 4.6.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:albo_pretorio_on_line_project:albo_pretorio_on_line:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.6.6",
"matchCriteriaId": "78A016F4-8BA6-4855-9C13-13D9B5A5F132"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-223xx/CVE-2024-22307.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22307",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T17:15:36.710",
"lastModified": "2024-01-31T19:54:51.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T15:52:58.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.7.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en WP Lab WP-Lister Lite para eBay permite XSS reflejado. Este problema afecta a WP-Lister Lite para eBay: desde n/a hasta 3.5.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wplab:wp-lister_lite_for_ebay:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.5.7",
"matchCriteriaId": "F704E8AF-694F-4B2D-884D-83308B5F5D18"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-lister-for-ebay/wordpress-wp-lister-lite-for-ebay-plugin-3-5-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-223xx/CVE-2024-22310.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22310",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T17:15:38.113",
"lastModified": "2024-01-31T19:54:51.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T16:08:42.910",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Formzu Inc. Formzu WP allows Stored XSS.This issue affects Formzu WP: from n/a through 1.6.7.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Formzu Inc. Formzu WP permite XSS almacenado. Este problema afecta a Formzu WP: desde n/a hasta 1.6.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:formzu:formzu_wp:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.7",
"matchCriteriaId": "24EF936C-2730-4281-BD95-D02CC98C9AB5"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/formzu-wp/wordpress-formzu-wp-plugin-1-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-228xx/CVE-2024-22859.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-22859",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-01T07:15:08.793",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T16:29:48.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en livewire anterior a v3.0.4, permite a atacantes remotos ejecutar c\u00f3digo arbitrario en la funci\u00f3n getCsrfToken."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laravel:livewire:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.0.4",
"matchCriteriaId": "E69D02F4-9773-421F-AF91-21CC5069FD1E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/livewire/livewire/commit/5d887316f2aaf83c0e380ac5e72766f19700fa3b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

67
CVE-2024/CVE-2024-233xx/CVE-2024-23344.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-23344",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-06T16:15:52.120",
"lastModified": "2024-02-06T16:15:52.120",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/Enalean/tuleap/commit/0329e21d268510bc00fed707406103edabf10e42",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-m3v5-2j5q-x85w",
"source": "security-advisories@github.com"
},
{
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0329e21d268510bc00fed707406103edabf10e42",
"source": "security-advisories@github.com"
},
{
"url": "https://tuleap.net/plugins/tracker/?aid=35862",
"source": "security-advisories@github.com"
}
]
}

56
CVE-2024/CVE-2024-238xx/CVE-2024-23841.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23841",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T18:15:48.313",
"lastModified": "2024-01-30T20:48:58.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T15:20:17.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input (e.g. by redirecting a user to a specifically-crafted link) or arrange to have malicious input be returned by a GraphQL server (e.g. by persisting it in a database). To fix this issue, please update to version 0.7.0 or later."
},
{
"lang": "es",
"value": "apollo-client-nextjs es el soporte del cliente Apollo para el enrutador de aplicaciones Next.js. El paquete NPM @apollo/experimental-apollo-client-nextjs es afectado por una vulnerabilidad de cross site scripting. Para aprovechar esta vulnerabilidad, un atacante necesitar\u00eda inyectar informaci\u00f3n maliciosa (por ejemplo, redirigiendo a un usuario a un enlace manipulado espec\u00edficamente) o hacer arreglos para que un servidor GraphQL devuelva la informaci\u00f3n maliciosa (por ejemplo, persisti\u00e9ndola en una base de datos). Para solucionar este problema, actualice a la versi\u00f3n 0.7.0 o posterior."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apollographql:apollo_client:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "0.7.0",
"matchCriteriaId": "B087C2A8-7ACE-448A-9BC0-F2C5BEA8C1B2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/apollographql/apollo-client-nextjs/commit/b92bc42abd5f8e17d4db361c36bd08e4f541a46b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/apollographql/apollo-client-nextjs/security/advisories/GHSA-rv8p-rr2h-fgpg",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

24
CVE-2024/CVE-2024-240xx/CVE-2024-24000.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-24000",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T16:15:52.317",
"lastModified": "2024-02-06T16:15:52.317",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24000.txt",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/jishenghua/jshERP",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-240xx/CVE-2024-24013.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-24013",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T16:15:52.363",
"lastModified": "2024-02-06T16:15:52.363",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/201206030/novel-plus",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24013.txt",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-240xx/CVE-2024-24015.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-24015",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T16:15:52.410",
"lastModified": "2024-02-06T16:15:52.410",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/201206030/novel-plus",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24015.txt",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-242xx/CVE-2024-24291.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24291",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T16:15:52.460",
"lastModified": "2024-02-06T16:15:52.460",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL."
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/wgd0ay/wgd0ay/issues/I8WSD1",
"source": "cve@mitre.org"
}
]
}

55
CVE-2024/CVE-2024-245xx/CVE-2024-24590.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24590",
"sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"published": "2024-02-06T15:15:09.100",
"lastModified": "2024-02-06T15:15:09.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of untrusted data can occur in version 0.17.0 or newer of Allegro AI\u2019s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user\u2019s system when interacted with.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/",
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c"
}
]
}

55
CVE-2024/CVE-2024-245xx/CVE-2024-24591.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24591",
"sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"published": "2024-02-06T15:15:09.367",
"lastModified": "2024-02-06T15:15:09.367",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability in version 1.4.0 or newer of Allegro AI\u2019s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user\u2019s system when interacted with.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/",
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c"
}
]
}

55
CVE-2024/CVE-2024-245xx/CVE-2024-24592.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24592",
"sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"published": "2024-02-06T15:15:09.730",
"lastModified": "2024-02-06T15:15:09.730",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Lack of authentication in all versions of the fileserver component of Allegro AI\u2019s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files. \n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-425"
}
]
}
],
"references": [
{
"url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/",
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c"
}
]
}

55
CVE-2024/CVE-2024-245xx/CVE-2024-24593.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24593",
"sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"published": "2024-02-06T15:15:09.977",
"lastModified": "2024-02-06T15:15:09.977",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in all versions of the api and web server components of Allegro AI\u2019s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to compromise confidential workspaces and files, leak sensitive information, and target instances of the ClearML platform within closed off networks.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/",
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c"
}
]
}

55
CVE-2024/CVE-2024-245xx/CVE-2024-24594.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24594",
"sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"published": "2024-02-06T15:15:10.203",
"lastModified": "2024-02-06T15:15:10.203",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI\u2019s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/",
"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c"
}
]
}

73
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-06T15:00:56.371292+00:00
2024-02-06T17:00:38.413558+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-06T14:57:33.760000+00:00
2024-02-06T16:58:26.023000+00:00
```
### Last Data Feed Release
@ -29,44 +29,57 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237767
237783
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `16`
* [CVE-2023-5584](CVE-2023/CVE-2023-55xx/CVE-2023-5584.json) (`2024-02-06T15:15:08.247`)
* [CVE-2023-35188](CVE-2023/CVE-2023-351xx/CVE-2023-35188.json) (`2024-02-06T16:15:51.140`)
* [CVE-2023-46183](CVE-2023/CVE-2023-461xx/CVE-2023-46183.json) (`2024-02-06T16:15:51.370`)
* [CVE-2023-50395](CVE-2023/CVE-2023-503xx/CVE-2023-50395.json) (`2024-02-06T16:15:51.573`)
* [CVE-2024-0911](CVE-2024/CVE-2024-09xx/CVE-2024-0911.json) (`2024-02-06T15:15:08.827`)
* [CVE-2024-24590](CVE-2024/CVE-2024-245xx/CVE-2024-24590.json) (`2024-02-06T15:15:09.100`)
* [CVE-2024-24591](CVE-2024/CVE-2024-245xx/CVE-2024-24591.json) (`2024-02-06T15:15:09.367`)
* [CVE-2024-24592](CVE-2024/CVE-2024-245xx/CVE-2024-24592.json) (`2024-02-06T15:15:09.730`)
* [CVE-2024-24593](CVE-2024/CVE-2024-245xx/CVE-2024-24593.json) (`2024-02-06T15:15:09.977`)
* [CVE-2024-24594](CVE-2024/CVE-2024-245xx/CVE-2024-24594.json) (`2024-02-06T15:15:10.203`)
* [CVE-2024-1251](CVE-2024/CVE-2024-12xx/CVE-2024-1251.json) (`2024-02-06T16:15:51.793`)
* [CVE-2024-23344](CVE-2024/CVE-2024-233xx/CVE-2024-23344.json) (`2024-02-06T16:15:52.120`)
* [CVE-2024-24000](CVE-2024/CVE-2024-240xx/CVE-2024-24000.json) (`2024-02-06T16:15:52.317`)
* [CVE-2024-24013](CVE-2024/CVE-2024-240xx/CVE-2024-24013.json) (`2024-02-06T16:15:52.363`)
* [CVE-2024-24015](CVE-2024/CVE-2024-240xx/CVE-2024-24015.json) (`2024-02-06T16:15:52.410`)
* [CVE-2024-24291](CVE-2024/CVE-2024-242xx/CVE-2024-24291.json) (`2024-02-06T16:15:52.460`)
### CVEs modified in the last Commit
Recently modified CVEs: `92`
Recently modified CVEs: `22`
* [CVE-2024-20823](CVE-2024/CVE-2024-208xx/CVE-2024-20823.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-20824](CVE-2024/CVE-2024-208xx/CVE-2024-20824.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-20825](CVE-2024/CVE-2024-208xx/CVE-2024-20825.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-20826](CVE-2024/CVE-2024-208xx/CVE-2024-20826.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-20827](CVE-2024/CVE-2024-208xx/CVE-2024-20827.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-20828](CVE-2024/CVE-2024-208xx/CVE-2024-20828.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-24808](CVE-2024/CVE-2024-248xx/CVE-2024-24808.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-23304](CVE-2024/CVE-2024-233xx/CVE-2024-23304.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-22433](CVE-2024/CVE-2024-224xx/CVE-2024-22433.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-22365](CVE-2024/CVE-2024-223xx/CVE-2024-22365.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-0684](CVE-2024/CVE-2024-06xx/CVE-2024-0684.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-25140](CVE-2024/CVE-2024-251xx/CVE-2024-25140.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-23917](CVE-2024/CVE-2024-239xx/CVE-2024-23917.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-24936](CVE-2024/CVE-2024-249xx/CVE-2024-24936.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-24937](CVE-2024/CVE-2024-249xx/CVE-2024-24937.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-24938](CVE-2024/CVE-2024-249xx/CVE-2024-24938.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-24939](CVE-2024/CVE-2024-249xx/CVE-2024-24939.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-24940](CVE-2024/CVE-2024-249xx/CVE-2024-24940.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-24941](CVE-2024/CVE-2024-249xx/CVE-2024-24941.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-24942](CVE-2024/CVE-2024-249xx/CVE-2024-24942.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-24943](CVE-2024/CVE-2024-249xx/CVE-2024-24943.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-0690](CVE-2024/CVE-2024-06xx/CVE-2024-0690.json) (`2024-02-06T13:53:38.513`)
* [CVE-2024-23673](CVE-2024/CVE-2024-236xx/CVE-2024-23673.json) (`2024-02-06T14:15:55.190`)
* [CVE-2024-22162](CVE-2024/CVE-2024-221xx/CVE-2024-22162.json) (`2024-02-06T14:46:24.473`)
* [CVE-2024-22163](CVE-2024/CVE-2024-221xx/CVE-2024-22163.json) (`2024-02-06T14:57:33.760`)
* [CVE-2023-6679](CVE-2023/CVE-2023-66xx/CVE-2023-6679.json) (`2024-02-06T15:15:08.397`)
* [CVE-2023-6915](CVE-2023/CVE-2023-69xx/CVE-2023-6915.json) (`2024-02-06T15:15:08.610`)
* [CVE-2023-6291](CVE-2023/CVE-2023-62xx/CVE-2023-6291.json) (`2024-02-06T16:09:02.867`)
* [CVE-2023-49038](CVE-2023/CVE-2023-490xx/CVE-2023-49038.json) (`2024-02-06T16:35:06.483`)
* [CVE-2023-52191](CVE-2023/CVE-2023-521xx/CVE-2023-52191.json) (`2024-02-06T16:58:26.023`)
* [CVE-2024-22302](CVE-2024/CVE-2024-223xx/CVE-2024-22302.json) (`2024-02-06T15:03:44.550`)
* [CVE-2024-22286](CVE-2024/CVE-2024-222xx/CVE-2024-22286.json) (`2024-02-06T15:08:36.300`)
* [CVE-2024-22289](CVE-2024/CVE-2024-222xx/CVE-2024-22289.json) (`2024-02-06T15:15:04.717`)
* [CVE-2024-23841](CVE-2024/CVE-2024-238xx/CVE-2024-23841.json) (`2024-02-06T15:20:17.970`)
* [CVE-2024-22292](CVE-2024/CVE-2024-222xx/CVE-2024-22292.json) (`2024-02-06T15:23:23.247`)
* [CVE-2024-22158](CVE-2024/CVE-2024-221xx/CVE-2024-22158.json) (`2024-02-06T15:25:24.303`)
* [CVE-2024-22159](CVE-2024/CVE-2024-221xx/CVE-2024-22159.json) (`2024-02-06T15:37:01.700`)
* [CVE-2024-22297](CVE-2024/CVE-2024-222xx/CVE-2024-22297.json) (`2024-02-06T15:38:07.050`)
* [CVE-2024-22150](CVE-2024/CVE-2024-221xx/CVE-2024-22150.json) (`2024-02-06T15:42:52.927`)
* [CVE-2024-22153](CVE-2024/CVE-2024-221xx/CVE-2024-22153.json) (`2024-02-06T15:43:49.957`)
* [CVE-2024-22293](CVE-2024/CVE-2024-222xx/CVE-2024-22293.json) (`2024-02-06T15:44:56.407`)
* [CVE-2024-22295](CVE-2024/CVE-2024-222xx/CVE-2024-22295.json) (`2024-02-06T15:49:30.457`)
* [CVE-2024-22146](CVE-2024/CVE-2024-221xx/CVE-2024-22146.json) (`2024-02-06T15:51:01.533`)
* [CVE-2024-22307](CVE-2024/CVE-2024-223xx/CVE-2024-22307.json) (`2024-02-06T15:52:58.037`)
* [CVE-2024-22310](CVE-2024/CVE-2024-223xx/CVE-2024-22310.json) (`2024-02-06T16:08:42.910`)
* [CVE-2024-22859](CVE-2024/CVE-2024-228xx/CVE-2024-22859.json) (`2024-02-06T16:29:48.453`)
* [CVE-2024-22282](CVE-2024/CVE-2024-222xx/CVE-2024-22282.json) (`2024-02-06T16:55:19.983`)
## Download and Usage