admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-19T19:00:26.573949+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-19 19:03:29 +00:00
parent f92f7f9d20
commit dde6abae4c
325 changed files with 16430 additions and 382 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2016/CVE-2016-101xx/CVE-2016-10146.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-10146",
"sourceIdentifier": "security@debian.org",
"published": "2017-03-24T15:59:00.480",
"lastModified": "2017-11-04T01:29:15.787",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-19T17:29:29.617",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,13 +16,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -86,7 +86,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6EA542-A222-4E6A-869B-F3805CAFCDD0"
"versionEndExcluding": "6.9.6-8",
"matchCriteriaId": "D16E23CF-7B7A-4F5F-8A1A-7B8B334DCFA1"
}
]
}
@ -96,7 +97,11 @@
"references": [
{
"url": "http://www.debian.org/security/2017/dsa-3799",
"source": "security@debian.org"
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2017/01/16/6",
@ -144,7 +149,10 @@
},
{
"url": "https://security.gentoo.org/glsa/201702-09",
"source": "security@debian.org"
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
]
}
]
}

15
CVE-2016/CVE-2016-75xx/CVE-2016-7513.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-7513",
"sourceIdentifier": "security@debian.org",
"published": "2017-04-20T18:59:00.827",
"lastModified": "2017-05-09T12:40:08.853",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-19T17:29:36.137",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,13 +16,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -85,8 +85,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:imagemagick:imagemagick:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6BE7A5-6FF7-4916-B671-9EE11CA54F65"
"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.4-0",
"matchCriteriaId": "CFC2C780-A54E-4426-9C52-46A20216339E"
}
]
}

39
CVE-2017/CVE-2017-133xx/CVE-2017-13310.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-13310",
"sourceIdentifier": "security@android.com",
"published": "2024-11-15T22:15:14.177",
"lastModified": "2024-11-18T17:11:56.587",
"lastModified": "2024-11-19T17:35:00.887",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En createFromParcel de ViewPager.java, existe un posible problema de serializaci\u00f3n de lectura/escritura que conduce a una omisi\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios donde una aplicaci\u00f3n puede iniciar una actividad con privilegios del sistema sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-05-01",

39
CVE-2017/CVE-2017-133xx/CVE-2017-13311.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-13311",
"sourceIdentifier": "security@android.com",
"published": "2024-11-15T22:15:14.240",
"lastModified": "2024-11-18T17:11:56.587",
"lastModified": "2024-11-19T17:35:01.903",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En la funci\u00f3n read() de ProcessStats.java, existe un posible problema de serializaci\u00f3n de lectura/escritura que conduce a una omisi\u00f3n de permisos. Esto podr\u00eda provocar una escalada local de privilegios donde una aplicaci\u00f3n puede iniciar una actividad con privilegios del sistema sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-05-01",

21
CVE-2017/CVE-2017-133xx/CVE-2017-13315.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2017-13315",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T18:15:18.613",
"lastModified": "2024-11-19T18:15:18.613",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-05-01",
"source": "security@android.com"
}
]
}

21
CVE-2018/CVE-2018-93xx/CVE-2018-9338.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2018-9338",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T18:15:18.707",
"lastModified": "2024-11-19T18:15:18.707",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ResStringPool::setTo of ResourceTypes.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-06-01",
"source": "security@android.com"
}
]
}

54
CVE-2021/CVE-2021-37xx/CVE-2021-3741.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-3741",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:05.327",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:07:38.267",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -51,14 +73,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chatwoot:chatwoot:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.6.0",
"matchCriteriaId": "63976EA8-9880-4802-8B08-9E2C679FF9F9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/chatwoot/chatwoot/commit/6fdd4a29969be8423f31890b807d27d13627c50c",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Product"
]
},
{
"url": "https://huntr.com/bounties/1625474692857-chatwoot/chatwoot",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Broken Link"
]
}
]
}

52
CVE-2021/CVE-2021-37xx/CVE-2021-3742.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-3742",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:05.547",
"lastModified": "2024-11-18T15:35:00.667",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-19T17:10:48.657",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -73,14 +93,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chatwoot:chatwoot:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.0",
"matchCriteriaId": "DF45FE41-509A-469C-BD22-E4372D1A7310"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/chatwoot/chatwoot/commit/6fdd4a29969be8423f31890b807d27d13627c50c",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Product"
]
},
{
"url": "https://huntr.com/bounties/1625472546121-chatwoot/chatwoot",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Broken Link"
]
}
]
}

55
CVE-2021/CVE-2021-38xx/CVE-2021-3838.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-3838",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:05.763",
"lastModified": "2024-11-18T15:35:01.380",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-19T17:11:23.277",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -73,14 +93,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dompdf_project:dompdf:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.0",
"matchCriteriaId": "CF3441FB-3B15-4935-8A8F-964D7DDFBCAD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

78
CVE-2021/CVE-2021-38xx/CVE-2021-3841.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-3841",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:05.980",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:11:49.017",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -40,6 +62,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
@ -51,14 +83,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.9.10",
"matchCriteriaId": "E2B404E6-8985-428A-A7C4-880A4947766B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.10.0",
"versionEndExcluding": "1.10.11",
"matchCriteriaId": "687E9BB6-A926-4A62-B44E-7A1B236D6C6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.11.0",
"versionEndExcluding": "1.11.2",
"matchCriteriaId": "D4D032BB-B314-42A5-808D-5861B909F76F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sylius/sylius/commit/3da169e0c23e752974d74223cc536c29a2a82edc",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/1625506791178-Sylius/Sylius",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Broken Link"
]
}
]
}

55
CVE-2021/CVE-2021-39xx/CVE-2021-3902.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-3902",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:06.190",
"lastModified": "2024-11-18T15:35:01.797",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-19T17:12:15.650",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -73,14 +93,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dompdf_project:dompdf:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.0",
"matchCriteriaId": "CF3441FB-3B15-4935-8A8F-964D7DDFBCAD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/dompdf/dompdf/commit/f56bc8e40be6c0ae0825e6c7396f4db80620b799",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/a6071c07-806f-429a-8656-a4742e4191b1",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

57
CVE-2021/CVE-2021-39xx/CVE-2021-3986.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-3986",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-11-15T11:15:06.400",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:12:50.000",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -51,14 +73,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janeczku:calibre-web:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.6.15",
"matchCriteriaId": "CB86DF8E-5F67-41CA-B657-D8E0A61CD22A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/janeczku/calibre-web/commit/6f5390ead5df9779ac81fadefffb476e03f93548",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/394af194-61a7-4e33-b373-877d4c766fca",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

56
CVE-2022/CVE-2022-474xx/CVE-2022-47424.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2022-47424",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T18:15:19.020",
"lastModified": "2024-11-19T18:15:19.020",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-5-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

21
CVE-2023/CVE-2023-212xx/CVE-2023-21270.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2023-21270",
"sourceIdentifier": "security@android.com",
"published": "2024-11-19T18:15:19.253",
"lastModified": "2024-11-19T18:15:19.253",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
}
]
}

14
CVE-2023/CVE-2023-293xx/CVE-2023-29381.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29381",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-06T16:15:09.800",
"lastModified": "2023-07-12T22:58:46.303",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-19T18:35:02.840",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

63
CVE-2023/CVE-2023-356xx/CVE-2023-35659.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35659",
"sourceIdentifier": "security@android.com",
"published": "2024-11-13T18:15:19.763",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T18:31:32.413",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,66 @@
"value": "En DevmemIntChangeSparse de devicemem_server.c, existe la posibilidad de que se ejecute un c\u00f3digo arbitrario debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda provocar una escalada local de privilegios en el n\u00facleo sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2024-11-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-356xx/CVE-2023-35686.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35686",
"sourceIdentifier": "security@android.com",
"published": "2024-11-13T18:15:19.860",
"lastModified": "2024-11-15T14:00:09.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T18:09:16.243",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,66 @@
"value": "En PVRSRVRGXKickTA3DKM de rgxta3d.c, existe la posibilidad de ejecuci\u00f3n de c\u00f3digo arbitrario debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una escalada local de privilegios en el n\u00facleo sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2024-11-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

39
CVE-2023/CVE-2023-522xx/CVE-2023-52268.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52268",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-12T19:15:07.580",
"lastModified": "2024-11-13T17:01:16.850",
"lastModified": "2024-11-19T17:35:07.247",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "El m\u00f3dulo Portal del usuario final anterior a la versi\u00f3n 1.0.65 para FreeScout a veces permite que un atacante se autentique como un usuario arbitrario porque se puede enviar un token de sesi\u00f3n al endpoint /auth. NOTA: este m\u00f3dulo no forma parte de freescout-helpdesk/freescout en GitHub."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"references": [
{
"url": "https://freescout.net/module/end-user-portal/",

106
CVE-2024/CVE-2024-00xx/CVE-2024-0012.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0012",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-11-18T16:15:11.683",
"lastModified": "2024-11-19T02:00:02.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:17:29.723",
"vulnStatus": "Analyzed",
"cveTags": [],
"cisaExploitAdd": "2024-11-18",
"cisaActionDue": "2024-12-09",
@ -63,9 +63,41 @@
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -77,10 +109,78 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.2.0",
"versionEndExcluding": "10.2.12",
"matchCriteriaId": "7D294CCB-C898-444E-BD41-D423B96F8E23"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.0",
"versionEndExcluding": "11.0.6",
"matchCriteriaId": "47CBEECE-EA41-4A58-8AE9-D695C76D4019"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.1.0",
"versionEndExcluding": "11.1.5",
"matchCriteriaId": "413284AC-F55E-4037-90D4-D63A5FFC20C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.2.0",
"versionEndExcluding": "11.2.4",
"matchCriteriaId": "7E4D3A51-0A40-4B19-AAFC-A2484B1CF5D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:*",
"matchCriteriaId": "3D33A0FB-7538-42BF-84E8-7CCD7EEF9355"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:*",
"matchCriteriaId": "FB95D77F-1263-4D47-A0BB-94A6DA937115"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.6:-:*:*:*:*:*:*",
"matchCriteriaId": "2B6C3AFF-3649-484C-A2FB-B71EE02FF176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:-:*:*:*:*:*:*",
"matchCriteriaId": "7B2C0E11-A6CE-419D-86A0-3930DE25B544"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*",
"matchCriteriaId": "C01AD190-F3C2-4349-A063-8C5C78B725B9"
}
]
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-0012",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-102xx/CVE-2024-10224.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2024-10224",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-11-19T18:15:19.773",
"lastModified": "2024-11-19T18:15:19.773",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a \"pesky pipe\" (such as passing \"commands|\" as a filename) or by passing arbitrary strings to eval()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://github.com/rschupp/Module-ScanDeps/security/advisories/GHSA-g597-359q-v529",
"source": "security@ubuntu.com"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10224",
"source": "security@ubuntu.com"
},
{
"url": "https://www.qualys.com/2024/11/19/needrestart/needrestart.txt",
"source": "security@ubuntu.com"
}
]
}

53
CVE-2024/CVE-2024-103xx/CVE-2024-10311.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10311",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-15T10:15:03.980",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:03:19.177",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -51,14 +71,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cmorillas1:external_database_based_actions:0.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "ABD4AC2F-E69A-46AF-B924-0DF7B53A8E6E"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/external-database-based-actions/trunk/lib/edba-admin-ajax-controller.php?rev=1785239#L8",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d41a8c39-8b06-45b2-afe4-8c695faf8cb8?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-105xx/CVE-2024-10575.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10575",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2024-11-13T05:15:11.233",
"lastModified": "2024-11-13T17:01:16.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:28:06.750",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cybersecurity@se.com",
"type": "Secondary",
@ -95,10 +115,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_it_gateway:1.21.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B416D9C9-F5FE-4837-AD8D-99A02B61F61E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_it_gateway:1.22.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "95F485CD-6B41-47EA-9F89-8BF8822893A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_it_gateway:1.22.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA248E9-160E-46B5-BE1B-DB2B79D50746"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_it_gateway:1.23.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FB2D5E-ACF8-4582-A3C6-E0F099A9442C"
}
]
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/doc/SEVD-2024-317-04/SEVD-2024-317-04.pdf",
"source": "cybersecurity@se.com"
"source": "cybersecurity@se.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

32
CVE-2024/CVE-2024-108xx/CVE-2024-10800.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10800",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-13T05:15:11.680",
"lastModified": "2024-11-13T17:01:16.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:08:44.767",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vanquish:user_extra_fields:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "16.7",
"matchCriteriaId": "51950C34-787B-4170-BD3D-E8D82995ACDB"
}
]
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/user-extra-fields/12949844",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a18fa7e6-813d-4b48-bd4e-5232fb8382d1?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-108xx/CVE-2024-10820.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10820",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-13T04:15:04.510",
"lastModified": "2024-11-13T17:01:16.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:38:16.363",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vanquish:woocommerce_upload_files:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "84.4",
"matchCriteriaId": "AA68A2FD-A07C-4338-85E0-C3296BB8777A"
}
]
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/woocommerce-upload-files/11442983",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b9371b37-53c5-4a4f-a500-c6d58d4d3c5a?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

65
CVE-2024/CVE-2024-108xx/CVE-2024-10828.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10828",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-13T04:15:04.727",
"lastModified": "2024-11-13T17:01:16.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:41:59.290",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -51,18 +71,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:algolplus:advanced_order_export_for_woocommerce:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "3.5.6",
"matchCriteriaId": "5C510F9A-1E98-4847-AC8E-241A112E55F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:algolplus:advanced_order_export_for_woocommerce:*:*:*:*:pro:wordpress:*:*",
"versionEndExcluding": "3.5.6",
"matchCriteriaId": "DCCAA2F3-3B49-4AB4-9291-512D0D90E67E"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/classes/PHPExcel/Shared/XMLWriter.php#L83",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/classes/core/trait-woe-core-extractor.php#L996",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1c6eed6-7b3f-4b37-85f8-6613527daa54?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-110xx/CVE-2024-11003.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-11003",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-11-19T18:15:19.973",
"lastModified": "2024-11-19T18:15:19.973",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://github.com/liske/needrestart/commit/0f80a348883f72279a859ee655f58da34babefb0",
"source": "security@ubuntu.com"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10224",
"source": "security@ubuntu.com"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11003",
"source": "security@ubuntu.com"
},
{
"url": "https://www.qualys.com/2024/11/19/needrestart/needrestart.txt",
"source": "security@ubuntu.com"
}
]
}

62
CVE-2024/CVE-2024-112xx/CVE-2024-11210.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11210",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-14T15:15:07.800",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T18:42:44.733",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,22 +140,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eyoucms:eyoucms:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93E4C1DE-2ECB-4B4F-A8C8-049B56D1C46C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nn0nkey/nn0nkey/blob/main/eyoucms/mlcy.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.284525",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.284525",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.437451",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

87
CVE-2024/CVE-2024-12xx/CVE-2024-1212.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1212",
"sourceIdentifier": "security@progress.com",
"published": "2024-02-21T18:15:50.417",
"lastModified": "2024-11-19T02:00:02.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:24:39.480",
"vulnStatus": "Analyzed",
"cveTags": [],
"cisaExploitAdd": "2024-11-18",
"cisaActionDue": "2024-12-09",
@ -21,6 +21,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -44,6 +64,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -55,22 +85,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:loadmaster:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.48.1",
"versionEndExcluding": "7.2.48.10",
"matchCriteriaId": "E1B68CCC-11F4-4ECF-9284-5D46ABA70846"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:loadmaster:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.54.0",
"versionEndExcluding": "7.2.54.8",
"matchCriteriaId": "9D8FAFF9-0C1A-49D3-AB63-10DC49A46881"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:loadmaster:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.55.0",
"versionEndExcluding": "7.2.59.2",
"matchCriteriaId": "6E8F83C9-8D7C-4DC2-BA3D-AB92709D364F"
}
]
}
]
}
],
"references": [
{
"url": "https://freeloadbalancer.com/",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Product"
]
},
{
"url": "https://kemptechnologies.com/",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Product"
]
},
{
"url": "https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Release Notes"
]
}
]
}

39
CVE-2024/CVE-2024-244xx/CVE-2024-24425.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24425",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-15T19:15:05.927",
"lastModified": "2024-11-18T17:11:56.587",
"lastModified": "2024-11-19T17:35:09.450",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que Magma v1.8.0 y OAI EPC Federation v1.20 conten\u00edan una lectura fuera de los l\u00edmites en la funci\u00f3n amf_as_establish_req en /tasks/amf/amf_as.cpp. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un paquete NAS manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://cellularsecurity.org/ransacked",

39
CVE-2024/CVE-2024-244xx/CVE-2024-24446.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24446",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-15T19:15:06.220",
"lastModified": "2024-11-18T17:11:56.587",
"lastModified": "2024-11-19T17:35:10.263",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una desreferencia de puntero no inicializado en OpenAirInterface CN5G AMF hasta v2.0.0 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un mensaje InitialContextSetupResponse creado a medida enviado a AMF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://cellularsecurity.org/ransacked",

39
CVE-2024/CVE-2024-252xx/CVE-2024-25253.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25253",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-11T23:15:05.393",
"lastModified": "2024-11-12T13:55:21.227",
"lastModified": "2024-11-19T17:35:11.063",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que Driver Booster v10.6 conten\u00eda un desbordamiento de b\u00fafer a trav\u00e9s del par\u00e1metro Host en el m\u00f3dulo Personalizar proxy."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://exploitart.ist/exploit/2023/09/10/driver-booster-buffer-overflow.html",

39
CVE-2024/CVE-2024-252xx/CVE-2024-25255.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25255",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-11T23:15:05.523",
"lastModified": "2024-11-12T13:55:21.227",
"lastModified": "2024-11-19T17:35:13.503",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que Sublime Text 4 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del m\u00f3dulo New Build System."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://exploitart.ist/exploit/2023/09/17/sublime-text-os-command-injection.html",

20
CVE-2024/CVE-2024-369xx/CVE-2024-36905.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36905",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-30T16:15:14.030",
"lastModified": "2024-11-05T10:17:11.673",
"lastModified": "2024-11-19T18:35:04.747",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -22,20 +22,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},

4
CVE-2024/CVE-2024-370xx/CVE-2024-37094.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-37094",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T14:15:05.980",
"lastModified": "2024-11-01T20:25:15.673",
"lastModified": "2024-11-19T18:15:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Access Control vulnerability in StylemixThemes MasterStudy LMS allows .\n\nThis issue affects MasterStudy LMS: from n/a through 3.2.12."
"value": "Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through 3.2.12."
},
{
"lang": "es",

4
CVE-2024/CVE-2024-372xx/CVE-2024-37204.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-37204",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:20.223",
"lastModified": "2024-11-01T20:24:53.730",
"lastModified": "2024-11-19T18:15:20.457",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9."
"value": "Missing Authorization vulnerability in PropertyHive PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9."
},
{
"lang": "es",

59
CVE-2024/CVE-2024-423xx/CVE-2024-42383.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42383",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-11-18T10:15:06.667",
"lastModified": "2024-11-18T17:11:17.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:55:22.020",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.14",
"matchCriteriaId": "F73D607F-2879-4E92-BD95-E3ADBA7EFB25"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42383",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-423xx/CVE-2024-42384.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42384",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-11-18T10:15:06.943",
"lastModified": "2024-11-18T17:11:17.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:54:50.167",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.14",
"matchCriteriaId": "F73D607F-2879-4E92-BD95-E3ADBA7EFB25"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42384",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-423xx/CVE-2024-42385.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42385",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-11-18T10:15:07.187",
"lastModified": "2024-11-18T17:11:17.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:54:31.197",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.14",
"matchCriteriaId": "F73D607F-2879-4E92-BD95-E3ADBA7EFB25"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42385",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-423xx/CVE-2024-42386.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42386",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-11-18T10:15:07.427",
"lastModified": "2024-11-18T17:11:17.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:52:44.657",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.14",
"matchCriteriaId": "F73D607F-2879-4E92-BD95-E3ADBA7EFB25"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42386",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-423xx/CVE-2024-42387.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42387",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-11-18T10:15:07.647",
"lastModified": "2024-11-18T17:11:17.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:51:41.980",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.14",
"matchCriteriaId": "F73D607F-2879-4E92-BD95-E3ADBA7EFB25"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42387",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-423xx/CVE-2024-42388.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42388",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-11-18T10:15:07.873",
"lastModified": "2024-11-18T17:11:17.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:51:24.567",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.14",
"matchCriteriaId": "F73D607F-2879-4E92-BD95-E3ADBA7EFB25"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42388",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-423xx/CVE-2024-42389.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42389",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-11-18T10:15:08.090",
"lastModified": "2024-11-18T17:11:17.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:51:10.533",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.14",
"matchCriteriaId": "F73D607F-2879-4E92-BD95-E3ADBA7EFB25"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42389",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-423xx/CVE-2024-42390.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42390",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-11-18T10:15:08.307",
"lastModified": "2024-11-18T17:11:17.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:50:51.907",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.14",
"matchCriteriaId": "F73D607F-2879-4E92-BD95-E3ADBA7EFB25"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42390",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-423xx/CVE-2024-42391.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42391",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-11-18T10:15:08.540",
"lastModified": "2024-11-18T17:11:17.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:50:36.100",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.14",
"matchCriteriaId": "F73D607F-2879-4E92-BD95-E3ADBA7EFB25"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42391",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-423xx/CVE-2024-42392.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42392",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-11-18T10:15:08.753",
"lastModified": "2024-11-18T17:11:17.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-19T17:55:51.430",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.14",
"matchCriteriaId": "F73D607F-2879-4E92-BD95-E3ADBA7EFB25"
}
]
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42392",
"source": "prodsec@nozominetworks.com"
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
]
}
]
}

44
CVE-2024/CVE-2024-424xx/CVE-2024-42450.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-42450",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-11-19T18:15:20.560",
"lastModified": "2024-11-19T18:15:20.560",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres to listen on all network interfaces. This combination allows an unauthenticated attacker to access and administer the database or read local filesystem contents to escalate privileges on the system. \n\nExploitation Status:\nVersa Networks is not aware of this exploitation in any production systems. A proof of concept exists in the lab environment.\n\nWorkarounds or Mitigation:\nStarting with the latest 22.1.4 version of Versa Director, the software will automatically restrict access to the Postgres and HA ports to only the local and peer Versa Directors. For older releases, Versa recommends performing manual hardening of HA ports. Please refer to the following link for the steps https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Secure_HA_Ports \n\nThis vulnerability is not exploitable on Versa Directors if published Firewall guidelines are implemented. We have validated that no Versa-hosted head ends have been affected by this vulnerability. All Versa-hosted head ends are patched and hardened. \n\nPlease contact Versa Technical Support or Versa account team for any further assistance.\n\nSoftware Download Links:\n22.1.4: https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4"
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://security-portal.versa-networks.com/emailbulletins/6735a300415abb89e9a8a9d3",
"source": "support@hackerone.com"
}
]
}

16
CVE-2024/CVE-2024-432xx/CVE-2024-43211.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-43211",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:41.470",
"lastModified": "2024-11-01T20:24:53.730",
"lastModified": "2024-11-19T18:15:20.787",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS.This issue affects MailChimp Subscribe Forms: from n/a through 4.0.9.8."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through 4.0.9.9."
},
{
"lang": "es",
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mailchimp-subscribe-sm/wordpress-mailchimp-subscribe-form-plugin-4-0-9-8-multiple-vulnerabilities-vulnerability?_s_id=cve",

6
CVE-2024/CVE-2024-433xx/CVE-2024-43323.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-43323",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:47.367",
"lastModified": "2024-11-13T01:25:20.223",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-19T18:15:20.917",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in ReviewX allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReviewX: from n/a through 1.6.28."
"value": "Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28."
},
{
"lang": "es",

56
CVE-2024/CVE-2024-433xx/CVE-2024-43338.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43338",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:09.013",
"lastModified": "2024-11-19T17:15:09.013",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard \u2013 Polls, Surveys & more allows Cross Site Request Forgery.This issue affects Crowdsignal Dashboard \u2013 Polls, Surveys & more: from n/a through 3.1.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/polldaddy/wordpress-crowdsignal-polls-ratings-plugin-3-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

25
CVE-2024/CVE-2024-480xx/CVE-2024-48069.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-48069",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-19T18:15:21.257",
"lastModified": "2024-11-19T18:15:21.257",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution (RCE) vulnerability in the component /inventory/doCptimpoptInventory of Weaver Ecology v9.* allows attackers to execute arbitrary code via injecting a crafted payload into the name of an uploaded file."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/CoinIsMoney/5dd555805e8f974630ced8a1df8182f1",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/stuven1989/TemporaryGuild/blob/main/guild2.md",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-480xx/CVE-2024-48070.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-48070",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-19T18:15:21.353",
"lastModified": "2024-11-19T18:15:21.353",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Weaver Ecology v9* was discovered to contain a SQL injection vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/CoinIsMoney/ec863c35dfd05c7deea2afea11bf2446",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/stuven1989/TemporaryGuild/blob/main/files/exp2-eng.pdf",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-480xx/CVE-2024-48071.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-48071",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-19T17:15:09.267",
"lastModified": "2024-11-19T17:15:09.267",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in the component /importmould/deletefolder of Weaver Ecology v9.* allows authenticated attackers to execute a directory traversal and arbitrarily delete files."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/CoinIsMoney/d437f267f2d65cb80dd7da97cb2068e8",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/stuven1989/TemporaryGuild/blob/main/files/exp-eng-3.pdf",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-480xx/CVE-2024-48072.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-48072",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-19T18:15:21.437",
"lastModified": "2024-11-19T18:15:21.437",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component /mobilemode/Action.jsp?invoker=com.weaver.formmodel.mobile.mec.servlet.MECAction&action=getFieldTriggerValue&searchField=*&fromTable=HrmResourceManager&whereClause=1%3d1&triggerCondition=1&expression=%3d&fieldValue=1."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/CoinIsMoney/8ca1f2bf2e0399724c698327f2da8579",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/stuven1989/TemporaryGuild/blob/main/files/exp-eng4.pdf",
"source": "cve@mitre.org"
}
]
}

52
CVE-2024/CVE-2024-489xx/CVE-2024-48990.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2024-48990",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-11-19T18:15:21.530",
"lastModified": "2024-11-19T18:15:21.530",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://github.com/liske/needrestart/commit/fcc9a4401392231bef4ef5ed026a0d7a275149ab",
"source": "security@ubuntu.com"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48990",
"source": "security@ubuntu.com"
},
{
"url": "https://www.qualys.com/2024/11/19/needrestart/needrestart.txt",
"source": "security@ubuntu.com"
}
]
}

52
CVE-2024/CVE-2024-489xx/CVE-2024-48991.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2024-48991",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-11-19T18:15:21.710",
"lastModified": "2024-11-19T18:15:21.710",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59",
"source": "security@ubuntu.com"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48991",
"source": "security@ubuntu.com"
},
{
"url": "https://www.qualys.com/2024/11/19/needrestart/needrestart.txt",
"source": "security@ubuntu.com"
}
]
}

52
CVE-2024/CVE-2024-489xx/CVE-2024-48992.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2024-48992",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-11-19T18:15:21.897",
"lastModified": "2024-11-19T18:15:21.897",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://github.com/liske/needrestart/commit/b5f25f6ec6e7dd0c5be249e4e45de4ee9ffe594f",
"source": "security@ubuntu.com"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48992",
"source": "security@ubuntu.com"
},
{
"url": "https://www.qualys.com/2024/11/19/needrestart/needrestart.txt",
"source": "security@ubuntu.com"
}
]
}

6
CVE-2024/CVE-2024-492xx/CVE-2024-49256.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-49256",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:56.650",
"lastModified": "2024-11-05T21:38:12.627",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-19T18:15:22.090",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in WPChill Htaccess File Editor allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Htaccess File Editor: from n/a through 1.0.18."
"value": "Incorrect Authorization vulnerability in WPChill Htaccess File Editor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Htaccess File Editor: from n/a through 1.0.18."
},
{
"lang": "es",

56
CVE-2024/CVE-2024-496xx/CVE-2024-49680.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49680",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:09.380",
"lastModified": "2024-11-19T17:15:09.380",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpvr/wordpress-wpvr-plugin-8-5-5-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-496xx/CVE-2024-49689.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49689",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:09.633",
"lastModified": "2024-11-19T17:15:09.633",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Harmonic Design HD Quiz \u2013 Save Results Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz \u2013 Save Results Light: from n/a through 0.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/hd-quiz-save-results-light/wordpress-hd-quiz-save-results-light-plugin-0-5-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-496xx/CVE-2024-49697.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49697",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:09.870",
"lastModified": "2024-11-19T17:15:09.870",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-2-9-broken-access-control-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

25
CVE-2024/CVE-2024-503xx/CVE-2024-50303.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-50303",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-19T18:15:22.263",
"lastModified": "2024-11-19T18:15:22.263",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nresource,kexec: walk_system_ram_res_rev must retain resource flags\n\nwalk_system_ram_res_rev() erroneously discards resource flags when passing\nthe information to the callback.\n\nThis causes systems with IORESOURCE_SYSRAM_DRIVER_MANAGED memory to have\nthese resources selected during kexec to store kexec buffers if that\nmemory happens to be at placed above normal system ram.\n\nThis leads to undefined behavior after reboot. If the kexec buffer is\nnever touched, nothing happens. If the kexec buffer is touched, it could\nlead to a crash (like below) or undefined behavior.\n\nTested on a system with CXL memory expanders with driver managed memory,\nTPM enabled, and CONFIG_IMA_KEXEC=y. Adding printk's showed the flags\nwere being discarded and as a result the check for\nIORESOURCE_SYSRAM_DRIVER_MANAGED passes.\n\nfind_next_iomem_res: name(System RAM (kmem))\n\t\t start(10000000000)\n\t\t end(1034fffffff)\n\t\t flags(83000200)\n\nlocate_mem_hole_top_down: start(10000000000) end(1034fffffff) flags(0)\n\n[.] BUG: unable to handle page fault for address: ffff89834ffff000\n[.] #PF: supervisor read access in kernel mode\n[.] #PF: error_code(0x0000) - not-present page\n[.] PGD c04c8bf067 P4D c04c8bf067 PUD c04c8be067 PMD 0\n[.] Oops: 0000 [#1] SMP\n[.] RIP: 0010:ima_restore_measurement_list+0x95/0x4b0\n[.] RSP: 0018:ffffc900000d3a80 EFLAGS: 00010286\n[.] RAX: 0000000000001000 RBX: 0000000000000000 RCX: ffff89834ffff000\n[.] RDX: 0000000000000018 RSI: ffff89834ffff000 RDI: ffff89834ffff018\n[.] RBP: ffffc900000d3ba0 R08: 0000000000000020 R09: ffff888132b8a900\n[.] R10: 4000000000000000 R11: 000000003a616d69 R12: 0000000000000000\n[.] R13: ffffffff8404ac28 R14: 0000000000000000 R15: ffff89834ffff000\n[.] FS: 0000000000000000(0000) GS:ffff893d44640000(0000) knlGS:0000000000000000\n[.] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[.] ata5: SATA link down (SStatus 0 SControl 300)\n[.] CR2: ffff89834ffff000 CR3: 000001034d00f001 CR4: 0000000000770ef0\n[.] PKRU: 55555554\n[.] Call Trace:\n[.] <TASK>\n[.] ? __die+0x78/0xc0\n[.] ? page_fault_oops+0x2a8/0x3a0\n[.] ? exc_page_fault+0x84/0x130\n[.] ? asm_exc_page_fault+0x22/0x30\n[.] ? ima_restore_measurement_list+0x95/0x4b0\n[.] ? template_desc_init_fields+0x317/0x410\n[.] ? crypto_alloc_tfm_node+0x9c/0xc0\n[.] ? init_ima_lsm+0x30/0x30\n[.] ima_load_kexec_buffer+0x72/0xa0\n[.] ima_init+0x44/0xa0\n[.] __initstub__kmod_ima__373_1201_init_ima7+0x1e/0xb0\n[.] ? init_ima_lsm+0x30/0x30\n[.] do_one_initcall+0xad/0x200\n[.] ? idr_alloc_cyclic+0xaa/0x110\n[.] ? new_slab+0x12c/0x420\n[.] ? new_slab+0x12c/0x420\n[.] ? number+0x12a/0x430\n[.] ? sysvec_apic_timer_interrupt+0xa/0x80\n[.] ? asm_sysvec_apic_timer_interrupt+0x16/0x20\n[.] ? parse_args+0xd4/0x380\n[.] ? parse_args+0x14b/0x380\n[.] kernel_init_freeable+0x1c1/0x2b0\n[.] ? rest_init+0xb0/0xb0\n[.] kernel_init+0x16/0x1a0\n[.] ret_from_fork+0x2f/0x40\n[.] ? rest_init+0xb0/0xb0\n[.] ret_from_fork_asm+0x11/0x20\n[.] </TASK>"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/b125a0def25a082ae944c9615208bf359abdb61c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dc9031b7919bd346514ea9a720f433b8daf3970d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-503xx/CVE-2024-50304.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-50304",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-19T18:15:22.343",
"lastModified": "2024-11-19T18:15:22.343",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()\n\nThe per-netns IP tunnel hash table is protected by the RTNL mutex and\nip_tunnel_find() is only called from the control path where the mutex is\ntaken.\n\nAdd a lockdep expression to hlist_for_each_entry_rcu() in\nip_tunnel_find() in order to validate that the mutex is held and to\nsilence the suspicious RCU usage warning [1].\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted\n-----------------------------\nnet/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/362:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 12 UID: 0 PID: 362 Comm: ip Not tainted 6.12.0-rc3-custom-gd95d9a31aceb #139\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n <TASK>\n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n ip_tunnel_find+0x435/0x4d0\n ip_tunnel_newlink+0x517/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/90e0569dd3d32f4f4d2ca691d3fa5a8a14a13c12",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f20fe2cfe06ca1b008b09da4f2b4e0c5547ccef6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

56
CVE-2024/CVE-2024-504xx/CVE-2024-50417.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50417",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:10.087",
"lastModified": "2024-11-19T17:15:10.087",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in BoldThemes Bold Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Page Builder: from n/a through 5.1.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bold-page-builder/wordpress-bold-page-builder-plugin-5-1-3-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50513.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50513",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:10.313",
"lastModified": "2024-11-19T17:15:10.313",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX allows Stored XSS.This issue affects PostX: from n/a through 4.1.15."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ultimate-post/wordpress-post-grid-gutenberg-blocks-and-wordpress-blog-plugin-postx-plugin-4-1-15-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50514.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50514",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:10.553",
"lastModified": "2024-11-19T17:15:10.553",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.16."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-the-contact-form-builder-that-grows-with-you-plugin-3-8-16-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50515.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50515",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:10.777",
"lastModified": "2024-11-19T17:15:10.777",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.16."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-the-contact-form-builder-that-grows-with-you-plugin-3-8-16-cross-site-scripting-xss-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50516.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50516",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:11.000",
"lastModified": "2024-11-19T17:15:11.000",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock allows Stored XSS.This issue affects Countdown & Clock: from n/a through 2.8.0.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-8-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50517.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50517",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:11.223",
"lastModified": "2024-11-19T17:15:11.223",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SlovenskoIT a.s. ID-SK Toolkit allows Stored XSS.This issue affects ID-SK Toolkit: from n/a through 1.7.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/idsk-toolkit/wordpress-id-sk-toolkit-plugin-1-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50518.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50518",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:11.450",
"lastModified": "2024-11-19T17:15:11.450",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Common Ninja Pricer Ninja allows Stored XSS.This issue affects Pricer Ninja: from n/a through 2.1.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/pricer-ninja-pricing-tables/wordpress-pricer-ninja-plugin-2-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50519.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50519",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:11.693",
"lastModified": "2024-11-19T17:15:11.693",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visser Labs Jigoshop \u2013 Store Exporter allows Reflected XSS.This issue affects Jigoshop \u2013 Store Exporter: from n/a through 1.5.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/jigoshop-exporter/wordpress-jigoshop-store-exporter-plugin-1-5-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50520.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50520",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:11.913",
"lastModified": "2024-11-19T17:15:11.913",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter J. Herrel Ancient World Linked Data allows DOM-Based XSS.This issue affects Ancient World Linked Data: from n/a through 0.2.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ancient-world-linked-data-for-wordpress/wordpress-ancient-world-linked-data-plugin-0-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50521.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50521",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:12.130",
"lastModified": "2024-11-19T17:15:12.130",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alleythemes Alley Elementor Widget allows DOM-Based XSS.This issue affects Alley Elementor Widget: from n/a through 1.0.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/alley-elementor-widget/wordpress-alley-elementor-widget-plugin-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50522.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50522",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:12.347",
"lastModified": "2024-11-19T17:15:12.347",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Redy Ru WeChat Subscribers Lite allows Reflected XSS.This issue affects WeChat Subscribers Lite : from n/a through 1.6.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wechat-subscribers-lite/wordpress-wechat-subscribers-lite-plugin-1-6-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50532.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50532",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:12.587",
"lastModified": "2024-11-19T17:15:12.587",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jerin K Alexander Events Manager Pro \u2013 extended allows Reflected XSS.This issue affects Events Manager Pro \u2013 extended: from n/a through 0.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/events-manager-pro-extended/wordpress-events-manager-pro-extended-plugin-0-1-csrf-to-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50533.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50533",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:12.820",
"lastModified": "2024-11-19T17:15:12.820",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in David Garcia Domain Sharding allows Stored XSS.This issue affects Domain Sharding: from n/a through 1.2.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/domain-sharding/wordpress-domain-sharding-plugin-1-2-1-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50534.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50534",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:13.033",
"lastModified": "2024-11-19T17:15:13.033",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Syed Umair Hussain Shah World Prayer Time allows Stored XSS.This issue affects World Prayer Time: from n/a through 2.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/world-prayer-time/wordpress-world-prayer-time-plugin-2-0-csrf-to-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50535.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50535",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:13.253",
"lastModified": "2024-11-19T17:15:13.253",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle M. Brown Step by Step allows Stored XSS.This issue affects Step by Step: from n/a through 0.4.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/step-by-step/wordpress-step-by-step-plugin-0-4-5-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50536.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50536",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:13.473",
"lastModified": "2024-11-19T17:15:13.473",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Intuitive Design GDReseller allows DOM-Based XSS.This issue affects GDReseller: from n/a through 1.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/gdreseller/wordpress-gdreseller-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50537.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50537",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:13.687",
"lastModified": "2024-11-19T17:15:13.687",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefano Marra Smart Mockups allows Stored XSS.This issue affects Smart Mockups: from n/a through 1.2.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/smart-mockups/wordpress-smart-mockups-plugin-1-2-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50538.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50538",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:13.893",
"lastModified": "2024-11-19T17:15:13.893",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Irfan Ardiansah Show Visitor IP Address allows Stored XSS.This issue affects Show Visitor IP Address: from n/a through 0.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/show-visitor-ip-address/wordpress-show-visitor-ip-address-plugin-0-2-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50540.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50540",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:14.140",
"lastModified": "2024-11-19T17:15:14.140",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DemixPress (dp) AddThis allows Stored XSS.This issue affects (dp) AddThis: from n/a through 1.0.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/dp-addthis/wordpress-dp-addthis-plugin-1-0-2-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50541.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50541",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:14.367",
"lastModified": "2024-11-19T17:15:14.367",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enea Overclokk Advanced Control Manager for WordPress by ItalyStrap allows Stored XSS.This issue affects Advanced Control Manager for WordPress by ItalyStrap: from n/a through 2.16.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/advanced-control-manager/wordpress-advanced-control-manager-plugin-2-16-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50542.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50542",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:14.623",
"lastModified": "2024-11-19T17:15:14.623",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zach Silberstein RLM Elementor Widgets Pack allows DOM-Based XSS.This issue affects RLM Elementor Widgets Pack: from n/a through 1.3.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rlm-elementor-widgets-pack/wordpress-rlm-elementor-widgets-pack-plugin-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50543.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50543",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:14.850",
"lastModified": "2024-11-19T17:15:14.850",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amazing Team amazing neo icon font for elementor allows DOM-Based XSS.This issue affects amazing neo icon font for elementor: from n/a through 2.0.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/amazing-neo-icon-font-for-elementor/wordpress-amazing-neo-icon-font-for-elementor-plugin-2-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50545.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50545",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:15.077",
"lastModified": "2024-11-19T17:15:15.077",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Auburnforest DataMentor allows DOM-Based XSS.This issue affects DataMentor: from n/a through 1.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/datamentor/wordpress-datamentor-plugin-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50546.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50546",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:15.293",
"lastModified": "2024-11-19T17:15:15.293",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Print Reach, Inc. MyOrderDesk allows DOM-Based XSS.This issue affects MyOrderDesk: from n/a through 3.2.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/myorderdesk/wordpress-myorderdesk-plugin-3-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50547.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50547",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:15.530",
"lastModified": "2024-11-19T17:15:15.530",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themedy Themedy Toolbox allows DOM-Based XSS.This issue affects Themedy Toolbox: from n/a through 1.0.16."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/themedy-toolbox/wordpress-themedy-toolbox-plugin-1-0-16-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50548.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50548",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:15.757",
"lastModified": "2024-11-19T17:15:15.757",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abdullah Nahian Awesome Progress Bar allows DOM-Based XSS.This issue affects Awesome Progress Bar: from n/a through 1.0.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/awesome-progess-bar/wordpress-awesome-progress-bar-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50549.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50549",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:16.007",
"lastModified": "2024-11-19T17:15:16.007",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bonway Services Bonway Static Block Editor allows DOM-Based XSS.This issue affects Bonway Static Block Editor: from n/a through 1.1.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bonway-static-block-editor/wordpress-bonway-static-block-editor-plugin-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50551.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50551",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:16.270",
"lastModified": "2024-11-19T17:15:16.270",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alessandro Staniscia EndomondoWP allows Stored XSS.This issue affects EndomondoWP: from n/a through 0.1.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/endomondowp/wordpress-endomondowp-plugin-0-1-1-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50552.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50552",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:16.530",
"lastModified": "2024-11-19T17:15:16.530",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Pancake Hover Video Preview allows Stored XSS.This issue affects Hover Video Preview: from n/a through 1.0.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/hover-video-preview/wordpress-hover-video-preview-plugin-1-0-2-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50553.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50553",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:16.760",
"lastModified": "2024-11-19T17:15:16.760",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Classy Addons Classy Addons for Elementor allows DOM-Based XSS.This issue affects Classy Addons for Elementor: from n/a through 1.2.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/classy-addons-for-elementor/wordpress-classy-addons-for-elementor-plugin-1-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50554.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50554",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:16.990",
"lastModified": "2024-11-19T17:15:16.990",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sided Sided allows DOM-Based XSS.This issue affects Sided: from n/a through 1.4.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sided/wordpress-sided-plugin-1-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-505xx/CVE-2024-50556.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50556",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:17.197",
"lastModified": "2024-11-19T17:15:17.197",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MD. Mamunur Roshid WM Zoom allows DOM-Based XSS.This issue affects WM Zoom: from n/a through 1.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wm-zoom/wordpress-wm-zoom-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

39
CVE-2024/CVE-2024-510xx/CVE-2024-51094.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-51094",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-12T21:15:14.113",
"lastModified": "2024-11-13T23:15:04.207",
"lastModified": "2024-11-19T17:35:14.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en Snipe-IT v.7.0.13 build 15514 permite a un atacante remoto escalar privilegios a trav\u00e9s del archivo /cuenta/perfil del valor del campo \"Nombre\" del componente en \"Editar su perfil\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
]
}
],
"references": [
{
"url": "https://gist.githubusercontent.com/Tommywarren/b3a6c6ae5a93dd67c863313f71f53a76/raw/ddff8cbbab5179f680ba3f5e94fc080575ad8913/CVE-2024-51094",

56
CVE-2024/CVE-2024-516xx/CVE-2024-51617.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-51617",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:17.473",
"lastModified": "2024-11-19T17:15:17.473",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rami Yushuvaev Clyp allows Stored XSS.This issue affects Clyp: from n/a through 1.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/clyp/wordpress-clyp-plugin-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-516xx/CVE-2024-51631.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-51631",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:17.720",
"lastModified": "2024-11-19T17:15:17.720",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Eftakhairul Islam Sticky Social Bar allows Cross Site Request Forgery.This issue affects Sticky Social Bar: from n/a through 2.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sticky-social-bar/wordpress-sticky-social-bar-plugin-2-0-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-516xx/CVE-2024-51632.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-51632",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:17.947",
"lastModified": "2024-11-19T17:15:17.947",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Sam Hoe SH Slideshow allows Stored XSS.This issue affects SH Slideshow: from n/a through 4.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sh-slideshow/wordpress-sh-slideshow-plugin-4-3-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-516xx/CVE-2024-51633.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-51633",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:18.163",
"lastModified": "2024-11-19T17:15:18.163",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in IvyCat Web Services Simple Page Specific Sidebars allows Stored XSS.This issue affects Simple Page Specific Sidebars: from n/a through 2.14.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/page-specific-sidebars/wordpress-simple-page-specific-sidebars-plugin-2-14-1-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-516xx/CVE-2024-51634.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-51634",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-19T17:15:18.397",
"lastModified": "2024-11-19T17:15:18.397",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Webriti WordPress Themes & Plugins Shop Webriti Custom Login allows Reflected XSS.This issue affects Webriti Custom Login: from n/a through 0.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/webriti-custom-login-page/wordpress-webriti-custom-login-plugin-0-3-csrf-to-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

Some files were not shown because too many files have changed in this diff Show More