admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-15T16:00:29.420769+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-15 16:03:31 +00:00
parent 5ab0c2e030
commit e97345807d
83 changed files with 3549 additions and 758 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
CVE-2007/CVE-2007-37xx/CVE-2007-3798.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2007-3798",
"sourceIdentifier": "cve@mitre.org",
"published": "2007-07-16T22:30:00.000",
"lastModified": "2024-01-12T22:06:03.783",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-15T15:35:02.490",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -43,6 +43,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -81,6 +101,16 @@
"value": "CWE-252"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-252"
}
]
}
],
"configurations": [

34
CVE-2008/CVE-2008-10xx/CVE-2008-1083.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2008-1083",
"sourceIdentifier": "secure@microsoft.com",
"published": "2008-04-08T23:05:00.000",
"lastModified": "2023-12-07T18:38:56.693",
"lastModified": "2024-10-15T15:35:03.827",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -52,6 +74,16 @@
"value": "CWE-119"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [

34
CVE-2008/CVE-2008-40xx/CVE-2008-4036.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2008-4036",
"sourceIdentifier": "secure@microsoft.com",
"published": "2008-10-15T00:12:16.007",
"lastModified": "2023-12-07T18:38:56.693",
"lastModified": "2024-10-15T15:35:05.370",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -52,6 +74,16 @@
"value": "CWE-189"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [

34
CVE-2008/CVE-2008-48xx/CVE-2008-4835.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2008-4835",
"sourceIdentifier": "secure@microsoft.com",
"published": "2009-01-14T22:30:00.780",
"lastModified": "2023-12-07T18:38:56.693",
"lastModified": "2024-10-15T15:35:06.767",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -52,6 +74,16 @@
"value": "CWE-94"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

36
CVE-2008/CVE-2008-51xx/CVE-2008-5180.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2008-5180",
"sourceIdentifier": "cve@mitre.org",
"published": "2008-11-20T15:30:00.390",
"lastModified": "2024-02-02T03:07:25.887",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-15T15:35:07.977",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -52,6 +74,16 @@
"value": "CWE-770"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"configurations": [

32
CVE-2020/CVE-2020-188xx/CVE-2020-18899.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-18899",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-08-19T22:15:07.333",
"lastModified": "2023-12-22T10:15:08.330",
"lastModified": "2024-10-15T15:35:09.107",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
@ -74,6 +94,16 @@
"value": "CWE-770"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"configurations": [

34
CVE-2023/CVE-2023-09xx/CVE-2023-0930.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0930",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-22T20:15:12.177",
"lastModified": "2023-10-20T20:31:01.733",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-15T15:35:10.230",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

34
CVE-2023/CVE-2023-09xx/CVE-2023-0931.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0931",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-22T20:15:12.230",
"lastModified": "2023-10-20T20:31:06.507",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-15T15:35:11.250",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

34
CVE-2023/CVE-2023-12xx/CVE-2023-1216.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1216",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-03-07T22:15:09.453",
"lastModified": "2023-03-11T02:40:02.227",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-15T15:35:12.380",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

42
CVE-2023/CVE-2023-226xx/CVE-2023-22644.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-22644",
"sourceIdentifier": "meissner@suse.de",
"published": "2023-09-20T09:15:12.837",
"lastModified": "2024-10-15T12:15:02.520",
"lastModified": "2024-10-15T14:15:04.580",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user\u2019s tokens still usable."
"value": "A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE."
},
{
"lang": "es",
@ -22,7 +22,7 @@
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
@ -31,9 +31,9 @@
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "HIGH",
"subsequentSystemIntegrity": "HIGH",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
@ -55,8 +55,8 @@
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
}
}
],
@ -80,26 +80,6 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "meissner@suse.de",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -110,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-287"
"value": "CWE-1270"
}
]
}
@ -143,11 +123,11 @@
],
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22650",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32188",
"source": "meissner@suse.de"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-9ghh-mmcq-8phc",
"url": "https://github.com/neuvector/neuvector/security/advisories/GHSA-622h-h2p8-743x",
"source": "meissner@suse.de"
}
]

25
CVE-2023/CVE-2023-314xx/CVE-2023-31493.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2023-31493",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-15T15:15:12.393",
"lastModified": "2024-10-15T15:15:12.393",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system."
}
],
"metrics": {},
"references": [
{
"url": "http://zoneminder.com",
"source": "cve@mitre.org"
},
{
"url": "https://medium.com/%40dk50u1/rce-remote-code-execution-in-zoneminder-up-to-1-36-33-0686f5bcd370",
"source": "cve@mitre.org"
}
]
}

27
CVE-2023/CVE-2023-480xx/CVE-2023-48082.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-48082",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-14T19:15:10.780",
"lastModified": "2024-10-15T12:57:46.880",
"lastModified": "2024-10-15T15:35:14.013",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Se descubri\u00f3 que Nagios XI anterior a 5.11.3 2024R1 manejaba incorrectamente la generaci\u00f3n de claves API (generadas aleatoriamente), lo que permit\u00eda a los atacantes generar posiblemente el mismo conjunto de claves API para todos los usuarios y utilizarlas para autenticarse."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://www.nagios.com/change-log/",

56
CVE-2024/CVE-2024-256xx/CVE-2024-25691.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25691",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-10-04T18:15:05.840",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:35:02.133",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "psirt@esri.com",
"type": "Secondary",
@ -51,10 +71,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:portal_for_arcgis:10.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE382B5-E228-4803-A3FC-B803C7838777"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:portal_for_arcgis:10.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCD5CA4-4423-4AC2-A9B8-3FCACC4E43ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:portal_for_arcgis:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DAF61C-E776-4E31-8E39-92636B459A3E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released/",
"source": "psirt@esri.com"
"source": "psirt@esri.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-257xx/CVE-2024-25707.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25707",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-10-04T18:15:06.790",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:34:43.597",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "psirt@esri.com",
"type": "Secondary",
@ -51,10 +71,48 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.1",
"matchCriteriaId": "078945E5-0E7F-4FC3-BA84-F2D9E215AE8F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "71BFBE5F-56EB-45C9-B558-FC4D7CEA345A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released/",
"source": "psirt@esri.com"
"source": "psirt@esri.com",
"tags": [
"Vendor Advisory"
]
}
]
}

14
CVE-2024/CVE-2024-355xx/CVE-2024-35520.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35520",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-14T22:15:03.727",
"lastModified": "2024-10-15T12:57:46.880",
"lastModified": "2024-10-15T15:35:14.693",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://kb.netgear.com/000066027/Security-Advisory-for-Post-Authentication-Command-Injection-on-the-R7000-PSV-2023-0154",

56
CVE-2024/CVE-2024-380xx/CVE-2024-38036.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38036",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-10-04T18:15:06.973",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:34:51.537",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "psirt@esri.com",
"type": "Secondary",
@ -51,10 +71,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:portal_for_arcgis:10.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81C43246-F8AC-4A3D-8F43-8280E1AD3007"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:portal_for_arcgis:10.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE382B5-E228-4803-A3FC-B803C7838777"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:portal_for_arcgis:10.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCD5CA4-4423-4AC2-A9B8-3FCACC4E43ED"
}
]
}
]
}
],
"references": [
{
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released/",
"source": "psirt@esri.com"
"source": "psirt@esri.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-380xx/CVE-2024-38037.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38037",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-10-04T18:15:07.207",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:34:22.820",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "psirt@esri.com",
"type": "Secondary",
@ -51,10 +71,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:portal_for_arcgis:10.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCD5CA4-4423-4AC2-A9B8-3FCACC4E43ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:portal_for_arcgis:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A62FCB5-12A6-487C-BCA9-0AD3F11354CD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released/",
"source": "psirt@esri.com"
"source": "psirt@esri.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-380xx/CVE-2024-38038.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38038",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-10-04T18:15:07.413",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:33:46.730",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "psirt@esri.com",
"type": "Secondary",
@ -51,10 +71,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:portal_for_arcgis:10.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81C43246-F8AC-4A3D-8F43-8280E1AD3007"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:portal_for_arcgis:10.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE382B5-E228-4803-A3FC-B803C7838777"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:portal_for_arcgis:10.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCD5CA4-4423-4AC2-A9B8-3FCACC4E43ED"
}
]
}
]
}
],
"references": [
{
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released/",
"source": "psirt@esri.com"
"source": "psirt@esri.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-380xx/CVE-2024-38039.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38039",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-10-04T18:15:07.633",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:34:00.893",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "psirt@esri.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "psirt@esri.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "psirt@esri.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.0",
"matchCriteriaId": "6BE67D5A-F389-4819-BEF6-F17CE6114D54"
}
]
}
]
}
],
"references": [
{
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released/",
"source": "psirt@esri.com"
"source": "psirt@esri.com",
"tags": [
"Vendor Advisory"
]
}
]
}

90
CVE-2024/CVE-2024-393xx/CVE-2024-39324.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39324",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-02T21:15:11.213",
"lastModified": "2024-07-03T12:53:24.977",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T15:09:13.847",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -55,26 +85,72 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aimeos:ai-admin-graphql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2022.04.1",
"versionEndExcluding": "2022.10.10",
"matchCriteriaId": "CCCBEC57-5E51-404A-A93E-F04C20753EE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aimeos:ai-admin-graphql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.04.1",
"versionEndExcluding": "2023.10.6",
"matchCriteriaId": "342DA783-3693-4F4A-9338-A419FB2BD435"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aimeos:ai-admin-graphql:2024.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1942C6DA-0B87-45DD-BDEE-1C68C33BCC1A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/aimeos/ai-admin-graphql/commit/4eabc2b973509ffa5924e7f88c8f87ee96e93b38",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aimeos/ai-admin-graphql/commit/687059d7eb2e1d55a09ed72dad3814f35edad038",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aimeos/ai-admin-graphql/commit/a839a5adf16fee4221d444b7d2f5140d8cabf0ac",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aimeos/ai-admin-graphql/commit/acbb044620f4ff8e8d78a775cd205ec47cf119b3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aimeos/ai-admin-graphql/security/advisories/GHSA-jj68-cp4v-98qf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

108
CVE-2024/CVE-2024-393xx/CVE-2024-39325.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39325",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-02T21:15:11.433",
"lastModified": "2024-07-03T12:53:24.977",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T15:14:13.083",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,30 +81,92 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aimeos:aimeos_frontend_controller:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020.10.15",
"matchCriteriaId": "05061318-1635-43D5-A3AC-D50C5DBF09B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aimeos:aimeos_frontend_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2021.04.1",
"versionEndExcluding": "2021.10.8",
"matchCriteriaId": "E56BF038-B298-4A8C-9A06-188F422058A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aimeos:aimeos_frontend_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2022.04.1",
"versionEndExcluding": "2022.10.8",
"matchCriteriaId": "85A13E16-25D0-4845-88B6-4C19AF1AC33D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aimeos:aimeos_frontend_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.04.1",
"versionEndExcluding": "2023.10.9",
"matchCriteriaId": "F2D983DE-A57B-46AD-911E-44253A9A0373"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aimeos:aimeos_frontend_controller:2024.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9707F760-DC26-4879-8BB0-EA49A1E415B1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/aimeos/ai-controller-frontend/commit/16b8837d2466e3665b3c826ce87934b01a847268",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aimeos/ai-controller-frontend/commit/24a57001e56759d1582d2a0080fc1ca3ba328630",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aimeos/ai-controller-frontend/commit/28549808e0f6432a34cd3fb95556deeb86ca276d",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aimeos/ai-controller-frontend/commit/b1960c0b6e5ee93111a5360c9ce949b3e7528cf7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aimeos/ai-controller-frontend/commit/dafa072783bb692f111ed092d9d2932c113eb855",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-m9gv-6p22-qgmj",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2024/CVE-2024-437xx/CVE-2024-43700.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43700",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-08-29T11:15:26.757",
"lastModified": "2024-09-06T22:52:41.727",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-15T14:35:01.987",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -76,7 +76,7 @@
"description": [
{
"lang": "en",
"value": "CWE-121"
"value": "CWE-120"
}
]
}

27
CVE-2024/CVE-2024-437xx/CVE-2024-43701.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-43701",
"sourceIdentifier": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"published": "2024-10-14T09:15:04.157",
"lastModified": "2024-10-15T12:57:46.880",
"lastModified": "2024-10-15T15:35:16.050",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El software instalado y ejecutado como un usuario sin privilegios puede realizar llamadas al sistema de GPU para leer y escribir la memoria f\u00edsica liberada de la GPU."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "367425dc-4d06-4041-9650-c2dc6aaa27ce",

14
CVE-2024/CVE-2024-440xx/CVE-2024-44095.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44095",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-09-13T21:15:10.720",
"lastModified": "2024-09-18T13:34:31.617",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-15T14:35:04.083",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -69,16 +69,6 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-783"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-440xx/CVE-2024-44096.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44096",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-09-13T21:15:10.777",
"lastModified": "2024-09-18T13:33:37.863",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-15T14:35:04.383",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -69,16 +69,6 @@
"value": "CWE-1188"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-453"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-452xx/CVE-2024-45271.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45271",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-10-15T11:15:11.420",
"lastModified": "2024-10-15T12:57:46.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-15T14:35:04.643",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "CWE-20"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
}
],
"references": [

12
CVE-2024/CVE-2024-455xx/CVE-2024-45519.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45519",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-02T22:15:02.770",
"lastModified": "2024-10-11T21:36:33.567",
"vulnStatus": "Modified",
"lastModified": "2024-10-15T14:32:13.520",
"vulnStatus": "Analyzed",
"cveTags": [],
"cisaExploitAdd": "2024-10-03",
"cisaActionDue": "2024-10-24",
@ -499,6 +499,11 @@
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "E09D95A4-764D-4E0B-8605-1D94FD548AB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6198F75A-353D-4079-91DE-A7CC22DFE8B0"
}
]
}
@ -510,8 +515,7 @@
"url": "https://wiki.zimbra.com/wiki/Security_Center",
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
"Release Notes"
]
},
{

6
CVE-2024/CVE-2024-460xx/CVE-2024-46045.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46045",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-13T14:15:14.103",
"lastModified": "2024-09-20T00:34:27.807",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-15T14:35:06.040",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -76,7 +76,7 @@
"description": [
{
"lang": "en",
"value": "CWE-121"
"value": "CWE-120"
}
]
}

68
CVE-2024/CVE-2024-463xx/CVE-2024-46307.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46307",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-09T17:15:19.813",
"lastModified": "2024-10-11T21:36:36.520",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:57:38.387",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,18 +81,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sparkshop:sparkshop:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.1.6",
"matchCriteriaId": "4BCA6086-EF6E-405E-9896-35DBCD3491C0"
}
]
}
]
}
],
"references": [
{
"url": "http://sparkshop.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://gitee.com/sparkshop/sparkshop",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-46307",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

27
CVE-2024/CVE-2024-465xx/CVE-2024-46528.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-46528",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-14T18:15:03.847",
"lastModified": "2024-10-15T12:57:46.880",
"lastModified": "2024-10-15T15:35:16.373",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Una vulnerabilidad de referencia directa de objetos insegura (IDOR) en KubeSphere v3.4.1 y v4.1.1 permite a atacantes autenticados con pocos privilegios acceder a recursos confidenciales sin las verificaciones de autorizaci\u00f3n adecuadas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "http://kubesphere.com",

90
CVE-2024/CVE-2024-470xx/CVE-2024-47080.json Normal file
View File

@ -0,0 +1,90 @@
{
"id": "CVE-2024-47080",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-15T15:15:12.653",
"lastModified": "2024-10-15T15:15:12.653",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061) and is commonly used to share historical message keys with newly invited users, granting them access to past messages in the room. However, it unconditionally sends these \"shared\" keys to all of the invited user's devices, regardless of whether the user's cryptographic identity is verified or whether the user's devices are signed by that identity. This allows the attacker to potentially inject its own devices to receive sensitive historical keys without proper security checks. Note that this only affects clients running the SDK with the legacy crypto stack. Clients using the new Rust cryptography stack (i.e. those that call `MatrixClient.initRustCrypto()` instead of `MatrixClient.initCrypto()`) are unaffected by this vulnerability, because `MatrixClient.sendSharedHistoryKeys()` raises an exception in such environments. The vulnerability was fixed in matrix-js-sdk 34.8.0 by removing the vulnerable functionality. As a workaround, remove use of affected functionality from clients."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/matrix-org/matrix-js-sdk/commit/2fb1e659c81f75253c047832dc9dcc2beddfac5f",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-4jf8-g8wp-cx7c",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/matrix-org/matrix-spec-proposals/pull/3061",
"source": "security-advisories@github.com"
}
]
}

82
CVE-2024/CVE-2024-477xx/CVE-2024-47771.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2024-47771",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-15T15:15:12.800",
"lastModified": "2024-10-15T15:15:12.800",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.0,
"baseSeverity": "HIGH"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/element-hq/element-desktop/commit/6c78684e84ba7f460aedba6f017760e2323fdf4b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/element-hq/element-desktop/security/advisories/GHSA-963w-49j9-gxj6",
"source": "security-advisories@github.com"
}
]
}

27
CVE-2024/CVE-2024-479xx/CVE-2024-47944.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-47944",
"sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"published": "2024-10-15T09:15:03.580",
"lastModified": "2024-10-15T12:57:46.880",
"lastModified": "2024-10-15T14:35:07.440",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El dispositivo ejecuta directamente los archivos de actualizaci\u00f3n de firmware .patch en una memoria USB sin ninguna autenticaci\u00f3n previa en la interfaz de administraci\u00f3n. Esto da lugar a una ejecuci\u00f3n de c\u00f3digo no autenticado a trav\u00e9s de la funci\u00f3n de actualizaci\u00f3n de firmware."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf",

39
CVE-2024/CVE-2024-482xx/CVE-2024-48278.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48278",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-15T13:15:11.000",
"lastModified": "2024-10-15T13:15:11.000",
"lastModified": "2024-10-15T15:35:17.077",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/m14r41/Writeups/blob/main/CVE/phpGurukul/User%20Registration%20%26%20Login%20and%20User%20Management%20System%20With%20admin%20panel/CSRF%20-%20Profile.md",

39
CVE-2024/CVE-2024-482xx/CVE-2024-48282.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48282",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-15T13:15:11.227",
"lastModified": "2024-10-15T13:15:11.227",
"lastModified": "2024-10-15T15:35:18.263",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the femail parameter in a POST HTTP request."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/m14r41/Writeups/blob/main/CVE/phpGurukul/User%20Registration%20%26%20Login%20and%20User%20Management%20System%20With%20admin%20panel/SQL%20Injection%20-%20Forget%20Password.md",

27
CVE-2024/CVE-2024-487xx/CVE-2024-48789.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48789",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-14T18:15:05.230",
"lastModified": "2024-10-15T12:57:46.880",
"lastModified": "2024-10-15T15:35:19.560",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Un problema en INATRONIC com.inatronic.drivedeck.home 2.6.23 permite que un atacante remoto obtenga informaci\u00f3n confidencial a trav\u00e9s del proceso de actualizaci\u00f3n del firmware."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://drivedeck.de/",

27
CVE-2024/CVE-2024-487xx/CVE-2024-48791.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48791",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-14T18:15:05.420",
"lastModified": "2024-10-15T12:57:46.880",
"lastModified": "2024-10-15T15:35:19.917",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Un problema en Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 permite que un atacante remoto obtenga informaci\u00f3n confidencial a trav\u00e9s del proceso de actualizaci\u00f3n del firmware"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "http://www.starvedia.com/",

39
CVE-2024/CVE-2024-487xx/CVE-2024-48792.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48792",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-14T18:15:05.520",
"lastModified": "2024-10-15T12:57:46.880",
"lastModified": "2024-10-15T15:35:20.183",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en Hideez com.hideez 2.7.8.3 permite que un atacante remoto obtenga informaci\u00f3n confidencial a trav\u00e9s del proceso de actualizaci\u00f3n del firmware."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.hideez/com.hideez.md",

27
CVE-2024/CVE-2024-487xx/CVE-2024-48797.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48797",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-14T17:15:13.690",
"lastModified": "2024-10-15T12:57:46.880",
"lastModified": "2024-10-15T15:35:21.060",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Un problema en PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2.0 permite que un atacante remoto obtenga informaci\u00f3n confidencial a trav\u00e9s del proceso de actualizaci\u00f3n de firmware."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "http://www.pcsengineering.net/",

27
CVE-2024/CVE-2024-487xx/CVE-2024-48799.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48799",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-14T17:15:13.857",
"lastModified": "2024-10-15T12:57:46.880",
"lastModified": "2024-10-15T15:35:21.350",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Un problema en LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 permite que un atacante remoto obtenga informaci\u00f3n confidencial a trav\u00e9s del proceso de actualizaci\u00f3n del firmware."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.lorexcorp.lorexping/com.lorexcorp.lorexping.md",

27
CVE-2024/CVE-2024-488xx/CVE-2024-48821.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48821",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-14T21:15:11.710",
"lastModified": "2024-10-15T12:57:46.880",
"lastModified": "2024-10-15T15:35:21.620",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "La vulnerabilidad de Cross Site Scripting en Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 permite a un atacante remoto escalar privilegios a trav\u00e9s del componente FtpConfig.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software/",

27
CVE-2024/CVE-2024-488xx/CVE-2024-48822.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48822",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-14T21:15:11.813",
"lastModified": "2024-10-15T12:57:46.880",
"lastModified": "2024-10-15T15:35:21.887",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "La escalada de privilegios en Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 permite a un atacante remoto escalar privilegios a trav\u00e9s de la p\u00e1gina FtpConfig.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software/",

27
CVE-2024/CVE-2024-488xx/CVE-2024-48823.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48823",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-14T21:15:11.903",
"lastModified": "2024-10-15T12:57:46.880",
"lastModified": "2024-10-15T15:35:22.140",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "La inclusi\u00f3n de archivos locales en Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 permite a un atacante remoto escalar privilegios a trav\u00e9s de la p\u00e1gina PassageAutoServer.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software/",

27
CVE-2024/CVE-2024-488xx/CVE-2024-48824.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48824",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-14T21:15:11.997",
"lastModified": "2024-10-15T12:57:46.880",
"lastModified": "2024-10-15T15:35:22.403",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Un problema en Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de los par\u00e1metros Racine y FileName en el componente download-file.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software/",

25
CVE-2024/CVE-2024-489xx/CVE-2024-48948.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-48948",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-15T14:15:05.280",
"lastModified": "2024-10-15T14:15:05.280",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/indutny/elliptic/issues/321",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/indutny/elliptic/pull/322",
"source": "cve@mitre.org"
}
]
}

69
CVE-2024/CVE-2024-489xx/CVE-2024-48949.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48949",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-10T01:15:11.127",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:07:04.057",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,74 @@
"value": "La funci\u00f3n de verificaci\u00f3n en lib/elliptic/eddsa/index.js en el paquete Elliptic anterior a 6.5.6 para Node.js omite la validaci\u00f3n \"sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:indutny:elliptic:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "6.5.6",
"matchCriteriaId": "C0C41343-E02F-4FD7-A270-FDB27E36AC85"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

14
CVE-2024/CVE-2024-67xx/CVE-2024-6773.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6773",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T22:15:06.893",
"lastModified": "2024-08-06T19:35:11.320",
"lastModified": "2024-10-15T14:35:07.843",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,18 +39,6 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-358"
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html",

47
CVE-2024/CVE-2024-72xx/CVE-2024-7292.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7292",
"sourceIdentifier": "security@progress.com",
"published": "2024-10-09T15:15:15.970",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:50:16.800",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:telerik_report_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.24.806",
"matchCriteriaId": "5A2615F0-A10B-4591-917D-9BC1DD36B324"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.telerik.com/report-server/knowledge-base/improper-restriction-of-excessive-login-attempts-cve-2024-7292",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-72xx/CVE-2024-7293.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7293",
"sourceIdentifier": "security@progress.com",
"published": "2024-10-09T15:15:16.200",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:51:15.487",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.24.806",
"matchCriteriaId": "E1C84A6C-E72B-4C93-A3C8-E071ADF388AE"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.telerik.com/report-server/knowledge-base/weak-password-requirement-cve-2024-7293",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-72xx/CVE-2024-7294.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7294",
"sourceIdentifier": "security@progress.com",
"published": "2024-10-09T15:15:16.463",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:51:43.663",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "security@progress.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.24.806",
"matchCriteriaId": "E1C84A6C-E72B-4C93-A3C8-E071ADF388AE"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.telerik.com/report-server/knowledge-base/uncontrolled-resource-consumption-cve-2024-7294",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2024/CVE-2024-75xx/CVE-2024-7534.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7534",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-08-06T21:16:04.050",
"lastModified": "2024-08-12T18:31:50.127",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-15T14:35:08.213",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -86,7 +86,7 @@
"description": [
{
"lang": "en",
"value": "CWE-122"
"value": "CWE-120"
}
]
}

47
CVE-2024/CVE-2024-78xx/CVE-2024-7840.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7840",
"sourceIdentifier": "security@progress.com",
"published": "2024-10-09T15:15:16.687",
"lastModified": "2024-10-10T15:15:15.237",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:52:57.110",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:*",
"versionEndIncluding": "18.2.24.924",
"matchCriteriaId": "2F0FC9C7-0E22-48D2-B2C7-9F9B12E292AD"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.telerik.com/reporting/knowledge-base/command-injection-cve-2024-7840",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-80xx/CVE-2024-8014.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8014",
"sourceIdentifier": "security@progress.com",
"published": "2024-10-09T15:15:16.883",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:54:09.580",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-470"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.2.24.924",
"matchCriteriaId": "474426F7-97C9-4A6C-9C51-6660D20DEB01"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.telerik.com/reporting/knowledge-base/insecure-type-resolution-cve-2024-8014",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-80xx/CVE-2024-8015.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8015",
"sourceIdentifier": "security@progress.com",
"published": "2024-10-09T15:15:17.097",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:55:12.340",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:telerik_report_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.24.924",
"matchCriteriaId": "6F140E0F-FA02-42EA-9F33-928B6BE6D7B6"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.telerik.com/report-server/knowledge-base/insecure-type-resolution-cve-2024-8015",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-80xx/CVE-2024-8048.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8048",
"sourceIdentifier": "security@progress.com",
"published": "2024-10-09T15:15:17.317",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:56:24.687",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.2.24.924",
"matchCriteriaId": "474426F7-97C9-4A6C-9C51-6660D20DEB01"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.telerik.com/reporting/knowledge-base/insecure-expression-evaluation-cve-2024-8048",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2024/CVE-2024-81xx/CVE-2024-8198.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8198",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-08-28T23:15:06.243",
"lastModified": "2024-08-30T15:52:02.687",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-15T14:35:09.247",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -86,7 +86,7 @@
"description": [
{
"lang": "en",
"value": "CWE-122"
"value": "CWE-120"
}
]
}

51
CVE-2024/CVE-2024-90xx/CVE-2024-9022.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9022",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-10T03:15:02.523",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:34:12.063",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,26 +51,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:total-soft:ts_poll:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.4.1",
"matchCriteriaId": "95E21F11-ABAF-4AB6-89E6-D7058065AF93"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/capture0x/Poll-Plugin-SQL-Injection-",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://packetstormsecurity.com/files/179414/WordPress-Poll-2.3.6-SQL-Injection.html",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://total-soft.com/wp-poll/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://wordpress.org/plugins/poll-wp/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product",
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d16363d6-ca4b-4de0-abae-a7b07803e2e3?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-90xx/CVE-2024-9064.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9064",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-10T02:15:04.163",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:11:11.790",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -51,14 +71,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:namogo:elementor_inline_svg:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.0",
"matchCriteriaId": "B987338F-3149-460D-82CB-52CE68D1C85F"
}
]
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/inline-svg-elementor/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product",
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5aab3dea-5d14-4316-9a4c-97b0d30762bf?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

32
CVE-2024/CVE-2024-90xx/CVE-2024-9065.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9065",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-10T02:15:04.363",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:14:18.590",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:matbao:wp_helper_premium:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.6.1",
"matchCriteriaId": "98AB41EA-79AD-4C99-86F2-B9E2F3188028"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-helper-lite/trunk/functions/class.wps-frontend-setup-function.php#L55",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f3c6d98-6f30-4a98-91c9-e77c1f960527?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-90xx/CVE-2024-9066.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9066",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-10T02:15:04.567",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:14:49.717",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -51,14 +71,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:secretlab:marketing_and_seo_booster:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.9.10",
"matchCriteriaId": "E24E4AD1-AC68-4EEA-9952-470FC1D85A35"
}
]
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/marketing-and-seo-booster/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product",
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52144ff6-0617-496c-8159-ec5d7bc86f60?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

32
CVE-2024/CVE-2024-90xx/CVE-2024-9067.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9067",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-10T03:15:02.740",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:31:21.427",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kainelabs:youzify:*:*:*:*:free:wordpress:*:*",
"versionEndIncluding": "1.3.0",
"matchCriteriaId": "E56088F5-60E1-4D5D-B334-6F5141FE9744"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/youzify/trunk/includes/public/core/class-youzify-attachments.php#L1183",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e099d8e2-6305-43fc-8807-a37791deb2ff?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

54
CVE-2024/CVE-2024-90xx/CVE-2024-9072.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9072",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-10T02:15:04.773",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:15:54.830",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gdpr-extensions:consent_manager:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.0",
"matchCriteriaId": "1A969260-D145-49F5-A2A7-B8A992A203A1"
}
]
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/gdpr-consent-manager/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0ce2a9fe-3364-46b5-a6ae-b4feb3e20647?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

54
CVE-2024/CVE-2024-90xx/CVE-2024-9074.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9074",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-10T03:15:02.963",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:37:08.363",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:essamamdani:advanced_blocks_pro:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.0",
"matchCriteriaId": "DAB2E3C5-3A7B-484D-81B3-BA1C3F826BA5"
}
]
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/advanced-blocks-pro/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f419d14a-90d1-445a-b629-c2e978c3ab81?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-91xx/CVE-2024-9156.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9156",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-10-10T06:15:11.290",
"lastModified": "2024-10-10T15:35:15.513",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:40:45.093",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -39,10 +59,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:free:wordpress:*:*",
"versionEndIncluding": "2.8.2",
"matchCriteriaId": "3175DE1F-23E6-4CB9-B2AD-DCDF89246856"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/e95974f9-1f68-4181-89b0-3559d61cfa93/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

37
CVE-2024/CVE-2024-92xx/CVE-2024-9205.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9205",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-10T02:15:04.980",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:16:53.337",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,18 +51,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpfactory:maximum_products_per_user_for_woocommerce:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "4.2.9",
"matchCriteriaId": "71A1E24D-822F-4167-8A6D-C48DA11B23E8"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/maximum-products-per-user-for-woocommerce/tags/4.2.8/includes/class-alg-wc-mppu-users.php#L836",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3164534/maximum-products-per-user-for-woocommerce/tags/4.2.9/includes/class-alg-wc-mppu-users.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/140c0d22-dc26-4100-a5c0-a2f8a6f98d97?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

42
CVE-2024/CVE-2024-93xx/CVE-2024-9377.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9377",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-10T02:15:05.183",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:18:12.483",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,22 +51,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpfactory:products\\,_order_\\&_customers_export_for_woocommerce:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.1.0",
"matchCriteriaId": "AA819A90-AC5C-4F81-B291-26A9027C7B96"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/export-woocommerce/tags/2.0.15/includes/class-alg-wc-export-core.php#L216",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/export-woocommerce/tags/2.0.15/includes/class-alg-wc-export-core.php#L220",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3164996/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67d2e1c7-dbd3-4195-8bdb-3b85b25bfa52?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

54
CVE-2024/CVE-2024-94xx/CVE-2024-9457.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9457",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-10T02:15:05.390",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:23:57.307",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cssjockey:wp_builder:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.0.7",
"matchCriteriaId": "8BC1CEB1-33A0-4FAE-BF2E-404F622B0383"
}
]
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/cssjockey-add-ons/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/041c21fb-f2f0-45cb-b3ae-20f3ae22c947?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-94xx/CVE-2024-9463.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9463",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-10-09T17:15:19.973",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T15:05:25.997",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,9 +59,41 @@
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -73,10 +105,33 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.2.0",
"versionEndExcluding": "1.2.96",
"matchCriteriaId": "13E7A504-08F4-40E4-9FF5-A707DAF6708A"
}
]
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-94xx/CVE-2024-9464.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9464",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-10-09T17:15:20.170",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T15:06:42.007",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,9 +59,41 @@
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -73,10 +105,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.2.0",
"versionEndExcluding": "1.2.96",
"matchCriteriaId": "13E7A504-08F4-40E4-9FF5-A707DAF6708A"
}
]
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-94xx/CVE-2024-9465.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9465",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-10-09T17:15:20.287",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T15:08:08.037",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,9 +59,41 @@
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -73,10 +105,33 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.2.0",
"versionEndExcluding": "1.2.96",
"matchCriteriaId": "13E7A504-08F4-40E4-9FF5-A707DAF6708A"
}
]
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-94xx/CVE-2024-9466.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9466",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-10-09T17:15:20.400",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T15:08:55.420",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,9 +59,41 @@
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -73,10 +105,33 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.2.0",
"versionEndExcluding": "1.2.96",
"matchCriteriaId": "13E7A504-08F4-40E4-9FF5-A707DAF6708A"
}
]
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-94xx/CVE-2024-9467.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9467",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-10-09T17:15:20.517",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T15:09:13.297",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,9 +59,41 @@
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
@ -73,10 +105,33 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.2.0",
"versionEndExcluding": "1.2.96",
"matchCriteriaId": "13E7A504-08F4-40E4-9FF5-A707DAF6708A"
}
]
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

44
CVE-2024/CVE-2024-95xx/CVE-2024-9518.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9518",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-10T02:15:05.590",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:25:58.540",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,14 +61,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpuserplus:userplus:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "10FC21CA-67E9-48F5-A3FE-631CC022A9BB"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/userplus/trunk/functions/user-functions.php?rev=1604604#L47",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2489e649-27f7-4ca0-8655-0957016fa89a?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

44
CVE-2024/CVE-2024-95xx/CVE-2024-9519.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9519",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-10T02:15:05.787",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:26:26.417",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,14 +61,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpuserplus:userplus:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "10FC21CA-67E9-48F5-A3FE-631CC022A9BB"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/userplus/trunk/admin/admin-post-metaboxes.php?rev=1627771#L62",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1148b18d-7af1-41c6-bd7f-1b2d53cb44e6?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-95xx/CVE-2024-9520.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9520",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-10T03:15:03.177",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:34:59.660",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
@ -51,22 +71,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpuserplus:userplus:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0",
"matchCriteriaId": "10FC21CA-67E9-48F5-A3FE-631CC022A9BB"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/userplus/trunk/admin/admin-ajax.php?rev=1627771#L186",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/userplus/trunk/admin/admin-ajax.php?rev=1627771#L216",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/userplus/trunk/admin/admin-ajax.php?rev=1627771#L225",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e64e41a1-ea8e-41b4-911c-672caf0d2df1?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

44
CVE-2024/CVE-2024-95xx/CVE-2024-9522.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9522",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-10T02:15:06.013",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:27:41.553",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,14 +61,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lagunaisw:wp_users_masquerade:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.0",
"matchCriteriaId": "D3B9C162-6B8D-484D-B940-CD6485B182D6"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-users-masquerade/trunk/masquerade.php?rev=1703860#L162",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a4f0909-76f6-4d27-87b1-f6cd5f5cbbb7?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-95xx/CVE-2024-9560.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9560",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-06T22:15:02.677",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T15:17:43.570",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,22 +140,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esafenet:cdg:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4F322E-C5B5-4F9F-8B53-F8CB5A3DB4D4"
}
]
}
]
}
],
"references": [
{
"url": "https://flowus.cn/share/38f64855-27ec-4170-ac78-f29ca595901e?code=G8A6P3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.279368",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.279368",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.414475",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

32
CVE-2024/CVE-2024-95xx/CVE-2024-9581.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9581",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-10T02:15:06.227",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:28:35.283",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:happyplugins:shortcodes_anywhere:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.1",
"matchCriteriaId": "4443F76F-A8EA-423C-A889-488549690F75"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/shortcodes-anywhere/trunk/core/shortcodeEverywhere.class.php#L15",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e289b06-66c8-4d50-a8f7-e07c5ae8f7c8?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-96xx/CVE-2024-9685.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9685",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-10T02:15:06.440",
"lastModified": "2024-10-10T12:51:56.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-15T14:30:00.483",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -51,18 +71,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:andreamarinucci:notification_for_telegram:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.3.2",
"matchCriteriaId": "BF2C7B0B-324A-4EF3-AE62-0281C64DD713"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/notification-for-telegram/tags/3.3/index.php#L202",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3165615/notification-for-telegram",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abaebd3b-69ab-4e9b-a528-c9d846e62238?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-99xx/CVE-2024-9953.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-9953",
"sourceIdentifier": "cret@cert.org",
"published": "2024-10-14T22:15:03.957",
"lastModified": "2024-10-15T12:57:46.880",
"lastModified": "2024-10-15T15:15:13.660",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Potential DOS Vulnerability exists in CERT VINCE software prior to version 3.0.8. An authenticated administrative user can inject an arbitrary pickle object as part of a user's profile. This can lead to a potential DoS on the server when the user's profile is accessed. Django server does restrict unpickling from crashing the server."
"value": "A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user\u2019s profile, which may lead to a DoS condition when the profile is accessed. While the Django server restricts unpickling to prevent server crashes, this vulnerability could still disrupt operations."
},
{
"lang": "es",

72
CVE-2024/CVE-2024-99xx/CVE-2024-9979.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2024-9979",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-10-15T14:15:05.817",
"lastModified": "2024-10-15T14:15:05.817",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-9979",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318646",
"source": "secalert@redhat.com"
},
{
"url": "https://crates.io/crates/pyo3",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/PyO3/pyo3/pull/4590",
"source": "secalert@redhat.com"
},
{
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0378.html",
"source": "secalert@redhat.com"
}
]
}

72
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-10-15T14:00:18.621893+00:00
2024-10-15T16:00:29.420769+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-10-15T13:58:19.960000+00:00
2024-10-15T15:35:22.403000+00:00
```
### Last Data Feed Release
@ -33,51 +33,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
265587
265592
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `5`
- [CVE-2024-48278](CVE-2024/CVE-2024-482xx/CVE-2024-48278.json) (`2024-10-15T13:15:11.000`)
- [CVE-2024-48279](CVE-2024/CVE-2024-482xx/CVE-2024-48279.json) (`2024-10-15T13:15:11.083`)
- [CVE-2024-48280](CVE-2024/CVE-2024-482xx/CVE-2024-48280.json) (`2024-10-15T13:15:11.160`)
- [CVE-2024-48282](CVE-2024/CVE-2024-482xx/CVE-2024-48282.json) (`2024-10-15T13:15:11.227`)
- [CVE-2024-48283](CVE-2024/CVE-2024-482xx/CVE-2024-48283.json) (`2024-10-15T13:15:11.283`)
- [CVE-2024-9977](CVE-2024/CVE-2024-99xx/CVE-2024-9977.json) (`2024-10-15T13:15:11.457`)
- [CVE-2024-9986](CVE-2024/CVE-2024-99xx/CVE-2024-9986.json) (`2024-10-15T13:15:11.790`)
- [CVE-2023-31493](CVE-2023/CVE-2023-314xx/CVE-2023-31493.json) (`2024-10-15T15:15:12.393`)
- [CVE-2024-47080](CVE-2024/CVE-2024-470xx/CVE-2024-47080.json) (`2024-10-15T15:15:12.653`)
- [CVE-2024-47771](CVE-2024/CVE-2024-477xx/CVE-2024-47771.json) (`2024-10-15T15:15:12.800`)
- [CVE-2024-48948](CVE-2024/CVE-2024-489xx/CVE-2024-48948.json) (`2024-10-15T14:15:05.280`)
- [CVE-2024-9979](CVE-2024/CVE-2024-99xx/CVE-2024-9979.json) (`2024-10-15T14:15:05.817`)
### CVEs modified in the last Commit
Recently modified CVEs: `352`
Recently modified CVEs: `76`
- [CVE-2024-9918](CVE-2024/CVE-2024-99xx/CVE-2024-9918.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9921](CVE-2024/CVE-2024-99xx/CVE-2024-9921.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9922](CVE-2024/CVE-2024-99xx/CVE-2024-9922.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9923](CVE-2024/CVE-2024-99xx/CVE-2024-9923.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9924](CVE-2024/CVE-2024-99xx/CVE-2024-9924.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9925](CVE-2024/CVE-2024-99xx/CVE-2024-9925.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9936](CVE-2024/CVE-2024-99xx/CVE-2024-9936.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9944](CVE-2024/CVE-2024-99xx/CVE-2024-9944.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9952](CVE-2024/CVE-2024-99xx/CVE-2024-9952.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9953](CVE-2024/CVE-2024-99xx/CVE-2024-9953.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9968](CVE-2024/CVE-2024-99xx/CVE-2024-9968.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9969](CVE-2024/CVE-2024-99xx/CVE-2024-9969.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9970](CVE-2024/CVE-2024-99xx/CVE-2024-9970.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9971](CVE-2024/CVE-2024-99xx/CVE-2024-9971.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9972](CVE-2024/CVE-2024-99xx/CVE-2024-9972.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9973](CVE-2024/CVE-2024-99xx/CVE-2024-9973.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9974](CVE-2024/CVE-2024-99xx/CVE-2024-9974.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9975](CVE-2024/CVE-2024-99xx/CVE-2024-9975.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9976](CVE-2024/CVE-2024-99xx/CVE-2024-9976.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9980](CVE-2024/CVE-2024-99xx/CVE-2024-9980.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9981](CVE-2024/CVE-2024-99xx/CVE-2024-9981.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9982](CVE-2024/CVE-2024-99xx/CVE-2024-9982.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9983](CVE-2024/CVE-2024-99xx/CVE-2024-9983.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9984](CVE-2024/CVE-2024-99xx/CVE-2024-9984.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-9985](CVE-2024/CVE-2024-99xx/CVE-2024-9985.json) (`2024-10-15T12:57:46.880`)
- [CVE-2024-8198](CVE-2024/CVE-2024-81xx/CVE-2024-8198.json) (`2024-10-15T14:35:09.247`)
- [CVE-2024-9022](CVE-2024/CVE-2024-90xx/CVE-2024-9022.json) (`2024-10-15T14:34:12.063`)
- [CVE-2024-9064](CVE-2024/CVE-2024-90xx/CVE-2024-9064.json) (`2024-10-15T14:11:11.790`)
- [CVE-2024-9065](CVE-2024/CVE-2024-90xx/CVE-2024-9065.json) (`2024-10-15T14:14:18.590`)
- [CVE-2024-9066](CVE-2024/CVE-2024-90xx/CVE-2024-9066.json) (`2024-10-15T14:14:49.717`)
- [CVE-2024-9067](CVE-2024/CVE-2024-90xx/CVE-2024-9067.json) (`2024-10-15T14:31:21.427`)
- [CVE-2024-9072](CVE-2024/CVE-2024-90xx/CVE-2024-9072.json) (`2024-10-15T14:15:54.830`)
- [CVE-2024-9074](CVE-2024/CVE-2024-90xx/CVE-2024-9074.json) (`2024-10-15T14:37:08.363`)
- [CVE-2024-9156](CVE-2024/CVE-2024-91xx/CVE-2024-9156.json) (`2024-10-15T14:40:45.093`)
- [CVE-2024-9205](CVE-2024/CVE-2024-92xx/CVE-2024-9205.json) (`2024-10-15T14:16:53.337`)
- [CVE-2024-9377](CVE-2024/CVE-2024-93xx/CVE-2024-9377.json) (`2024-10-15T14:18:12.483`)
- [CVE-2024-9457](CVE-2024/CVE-2024-94xx/CVE-2024-9457.json) (`2024-10-15T14:23:57.307`)
- [CVE-2024-9463](CVE-2024/CVE-2024-94xx/CVE-2024-9463.json) (`2024-10-15T15:05:25.997`)
- [CVE-2024-9464](CVE-2024/CVE-2024-94xx/CVE-2024-9464.json) (`2024-10-15T15:06:42.007`)
- [CVE-2024-9465](CVE-2024/CVE-2024-94xx/CVE-2024-9465.json) (`2024-10-15T15:08:08.037`)
- [CVE-2024-9466](CVE-2024/CVE-2024-94xx/CVE-2024-9466.json) (`2024-10-15T15:08:55.420`)
- [CVE-2024-9467](CVE-2024/CVE-2024-94xx/CVE-2024-9467.json) (`2024-10-15T15:09:13.297`)
- [CVE-2024-9518](CVE-2024/CVE-2024-95xx/CVE-2024-9518.json) (`2024-10-15T14:25:58.540`)
- [CVE-2024-9519](CVE-2024/CVE-2024-95xx/CVE-2024-9519.json) (`2024-10-15T14:26:26.417`)
- [CVE-2024-9520](CVE-2024/CVE-2024-95xx/CVE-2024-9520.json) (`2024-10-15T14:34:59.660`)
- [CVE-2024-9522](CVE-2024/CVE-2024-95xx/CVE-2024-9522.json) (`2024-10-15T14:27:41.553`)
- [CVE-2024-9560](CVE-2024/CVE-2024-95xx/CVE-2024-9560.json) (`2024-10-15T15:17:43.570`)
- [CVE-2024-9581](CVE-2024/CVE-2024-95xx/CVE-2024-9581.json) (`2024-10-15T14:28:35.283`)
- [CVE-2024-9685](CVE-2024/CVE-2024-96xx/CVE-2024-9685.json) (`2024-10-15T14:30:00.483`)
- [CVE-2024-9953](CVE-2024/CVE-2024-99xx/CVE-2024-9953.json) (`2024-10-15T15:15:13.660`)
## Download and Usage

837
_state.csv
View File

File diff suppressed because it is too large Load Diff