diff --git a/cves/2024/12xxx/CVE-2024-12105.json b/cves/2024/12xxx/CVE-2024-12105.json new file mode 100644 index 000000000000..a3e676e95cb5 --- /dev/null +++ b/cves/2024/12xxx/CVE-2024-12105.json @@ -0,0 +1,120 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-12105", + "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", + "state": "PUBLISHED", + "assignerShortName": "ProgressSoftware", + "dateReserved": "2024-12-03T16:20:11.850Z", + "datePublished": "2024-12-31T10:32:08.238Z", + "dateUpdated": "2024-12-31T10:32:08.238Z" + }, + "containers": { + "cna": { + "affected": [ + { + "defaultStatus": "affected", + "platforms": [ + "Windows" + ], + "product": "WhatsUp Gold", + "vendor": "Progress Software Corporation", + "versions": [ + { + "lessThan": "2024.0.2", + "status": "affected", + "version": "2023.1.0", + "versionType": "semver" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "value": "Marcin 'Icewall' Noga of Cisco Talos" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure." + } + ], + "value": "In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure." + } + ], + "impacts": [ + { + "capecId": "CAPEC-126", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-126 Path Traversal" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-22", + "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", + "shortName": "ProgressSoftware", + "dateUpdated": "2024-12-31T10:32:08.238Z" + }, + "references": [ + { + "url": "https://www.progress.com/network-monitoring" + } + ], + "source": { + "discovery": "UNKNOWN" + }, + "title": "WhatsUp Gold - SnmpExtendedActiveMonitor path traversal", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/12xxx/CVE-2024-12106.json b/cves/2024/12xxx/CVE-2024-12106.json new file mode 100644 index 000000000000..0e8171cc10c8 --- /dev/null +++ b/cves/2024/12xxx/CVE-2024-12106.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-12106", + "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", + "state": "PUBLISHED", + "assignerShortName": "ProgressSoftware", + "dateReserved": "2024-12-03T16:20:30.450Z", + "datePublished": "2024-12-31T10:32:02.035Z", + "dateUpdated": "2024-12-31T10:32:02.035Z" + }, + "containers": { + "cna": { + "affected": [ + { + "defaultStatus": "affected", + "modules": [ + "APIEndpoint" + ], + "platforms": [ + "Windows" + ], + "product": "WhatsUp Gold", + "vendor": "Progress Software Corporation", + "versions": [ + { + "lessThan": "2024.0.2", + "status": "affected", + "version": "2023.1.0", + "versionType": "semver" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "value": "Batuhan Er (@int20z) of Exploit7.tr" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings." + } + ], + "value": "In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings." + } + ], + "impacts": [ + { + "capecId": "CAPEC-115", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-115 Authentication Bypass" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 9.4, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-306", + "description": "CWE-306 Missing Authentication for Critical Function", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", + "shortName": "ProgressSoftware", + "dateUpdated": "2024-12-31T10:32:02.035Z" + }, + "references": [ + { + "url": "https://www.progress.com/network-monitoring" + } + ], + "source": { + "discovery": "UNKNOWN" + }, + "title": "WhatsUp Gold - LDAP configuration interface leading to allowing attacker to configure LDAP settings without authentication", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/12xxx/CVE-2024-12108.json b/cves/2024/12xxx/CVE-2024-12108.json new file mode 100644 index 000000000000..2734ff309ca6 --- /dev/null +++ b/cves/2024/12xxx/CVE-2024-12108.json @@ -0,0 +1,120 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-12108", + "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", + "state": "PUBLISHED", + "assignerShortName": "ProgressSoftware", + "dateReserved": "2024-12-03T19:30:25.687Z", + "datePublished": "2024-12-31T10:31:56.107Z", + "dateUpdated": "2024-12-31T10:31:56.107Z" + }, + "containers": { + "cna": { + "affected": [ + { + "defaultStatus": "affected", + "platforms": [ + "Windows" + ], + "product": "WhatsUp Gold", + "vendor": "Progress Software Corporation", + "versions": [ + { + "lessThan": "2024.0.2", + "status": "affected", + "version": "2023.1.0", + "versionType": "semver" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "value": "Mike Barber, Software Architect at Progress Software" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API." + } + ], + "value": "In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API." + } + ], + "impacts": [ + { + "capecId": "CAPEC-115", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-115 Authentication Bypass" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.6, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-290", + "description": "CWE-290 Authentication Bypass by Spoofing", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", + "shortName": "ProgressSoftware", + "dateUpdated": "2024-12-31T10:31:56.107Z" + }, + "references": [ + { + "url": "https://www.progress.com/network-monitoring" + } + ], + "source": { + "discovery": "INTERNAL" + }, + "title": "WhatsUp Gold - Public API signing key rotation issue", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56209.json b/cves/2024/56xxx/CVE-2024-56209.json new file mode 100644 index 000000000000..dfda027c8f16 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56209.json @@ -0,0 +1,140 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56209", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:03:36.423Z", + "datePublished": "2024-12-31T10:33:43.176Z", + "dateUpdated": "2024-12-31T10:33:43.176Z" + }, + "containers": { + "cna": { + "affected": [ + { + "defaultStatus": "unaffected", + "product": "Kleo", + "vendor": "SeventhQueen", + "versions": [ + { + "changes": [ + { + "at": "5.4.4", + "status": "unaffected" + } + ], + "lessThan": "5.4.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen Kleo allows Reflected XSS.

This issue affects Kleo: from n/a before 5.4.4.

" + } + ], + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen Kleo allows Reflected XSS.This issue affects Kleo: from n/a before 5.4.4." + } + ], + "impacts": [ + { + "capecId": "CAPEC-591", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-591 Reflected XSS" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2024-12-31T10:33:43.176Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/kleo/vulnerability/wordpress-kleo-theme-5-4-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Kleo theme to the latest available version (at least 5.4.4)." + } + ], + "value": "Update the WordPress Kleo theme to the latest available version (at least 5.4.4)." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress Kleo theme < 5.4.4 - Reflected Cross Site Scripting (XSS) vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56210.json b/cves/2024/56xxx/CVE-2024-56210.json new file mode 100644 index 000000000000..4e3b7de4cad1 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56210.json @@ -0,0 +1,121 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56210", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:03:36.423Z", + "datePublished": "2024-12-31T10:32:48.853Z", + "dateUpdated": "2024-12-31T10:32:48.853Z" + }, + "containers": { + "cna": { + "affected": [ + { + "defaultStatus": "unaffected", + "product": "Userpro", + "vendor": "DeluxeThemes", + "versions": [ + { + "lessThanOrEqual": "5.1.9", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeluxeThemes Userpro allows Reflected XSS.

This issue affects Userpro: from n/a through 5.1.9.

" + } + ], + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeluxeThemes Userpro allows Reflected XSS.This issue affects Userpro: from n/a through 5.1.9." + } + ], + "impacts": [ + { + "capecId": "CAPEC-591", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-591 Reflected XSS" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2024-12-31T10:32:48.853Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/userpro/vulnerability/wordpress-userpro-plugin-5-1-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress UserPro plugin <= 5.1.9 - Reflected Cross Site Scripting (XSS) vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56221.json b/cves/2024/56xxx/CVE-2024-56221.json new file mode 100644 index 000000000000..2e08d0ee4928 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56221.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56221", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:03:54.298Z", + "datePublished": "2024-12-31T10:31:42.399Z", + "dateUpdated": "2024-12-31T10:31:42.399Z" + }, + "containers": { + "cna": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wpmozo-addons-lite-for-elementor", + "product": "WPMozo Addons Lite for Elementor", + "vendor": "Elicus", + "versions": [ + { + "changes": [ + { + "at": "1.3.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.2.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Gab (Patchstack Alliance)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elicus WPMozo Addons Lite for Elementor allows Stored XSS.

This issue affects WPMozo Addons Lite for Elementor: from n/a through 1.2.0.

" + } + ], + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elicus WPMozo Addons Lite for Elementor allows Stored XSS.This issue affects WPMozo Addons Lite for Elementor: from n/a through 1.2.0." + } + ], + "impacts": [ + { + "capecId": "CAPEC-592", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-592 Stored XSS" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2024-12-31T10:31:42.399Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wpmozo-addons-lite-for-elementor/vulnerability/wordpress-wpmozo-addons-lite-for-elementor-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WPMozo Addons Lite for Elementor wordpress plugin to the latest available version (at least 1.3.0)." + } + ], + "value": "Update the WordPress WPMozo Addons Lite for Elementor wordpress plugin to the latest available version (at least 1.3.0)." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress WPMozo Addons Lite for Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56223.json b/cves/2024/56xxx/CVE-2024-56223.json new file mode 100644 index 000000000000..fd5a2532fb59 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56223.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56223", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:02.338Z", + "datePublished": "2024-12-31T10:30:46.565Z", + "dateUpdated": "2024-12-31T10:30:46.565Z" + }, + "containers": { + "cna": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "gulri-slider", + "product": "Gulri Slider", + "vendor": "Fahad Mahmood", + "versions": [ + { + "changes": [ + { + "at": "3.5.9", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.5.8", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "thiennv (Patchstack Alliance)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood Gulri Slider allows Reflected XSS.

This issue affects Gulri Slider: from n/a through 3.5.8.

" + } + ], + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood Gulri Slider allows Reflected XSS.This issue affects Gulri Slider: from n/a through 3.5.8." + } + ], + "impacts": [ + { + "capecId": "CAPEC-591", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-591 Reflected XSS" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2024-12-31T10:30:46.565Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/gulri-slider/vulnerability/wordpress-gulri-slider-plugin-3-5-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Gulri Slider plugin to the latest available version (at least 3.5.9)." + } + ], + "value": "Update the WordPress Gulri Slider plugin to the latest available version (at least 3.5.9)." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress Gulri Slider plugin <= 3.5.8 - Reflected Cross Site Scripting (XSS) vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56224.json b/cves/2024/56xxx/CVE-2024-56224.json new file mode 100644 index 000000000000..c14524160450 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56224.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56224", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:02.338Z", + "datePublished": "2024-12-31T10:29:57.649Z", + "dateUpdated": "2024-12-31T10:29:57.649Z" + }, + "containers": { + "cna": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "ledenbeheer-external-connection", + "product": "Ledenbeheer", + "vendor": "Ledenbeheer", + "versions": [ + { + "changes": [ + { + "at": "2.1.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.1.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ledenbeheer allows Stored XSS.

This issue affects Ledenbeheer: from n/a through 2.1.0.

" + } + ], + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ledenbeheer allows Stored XSS.This issue affects Ledenbeheer: from n/a through 2.1.0." + } + ], + "impacts": [ + { + "capecId": "CAPEC-592", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-592 Stored XSS" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2024-12-31T10:29:57.649Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/ledenbeheer-external-connection/vulnerability/wordpress-ledenbeheer-plugin-2-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Ledenbeheer plugin to the latest available version (at least 2.1.1)." + } + ], + "value": "Update the WordPress Ledenbeheer plugin to the latest available version (at least 2.1.1)." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress Ledenbeheer plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56226.json b/cves/2024/56xxx/CVE-2024-56226.json new file mode 100644 index 000000000000..214e6e3d7e0d --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56226.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56226", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:02.339Z", + "datePublished": "2024-12-31T10:29:08.495Z", + "dateUpdated": "2024-12-31T10:29:08.495Z" + }, + "containers": { + "cna": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "royal-elementor-addons", + "product": "Royal Elementor Addons", + "vendor": "WP Royal", + "versions": [ + { + "changes": [ + { + "at": "1.7.1002", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.7.1001", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Reflected XSS.

This issue affects Royal Elementor Addons: from n/a through 1.7.1001.

" + } + ], + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Reflected XSS.This issue affects Royal Elementor Addons: from n/a through 1.7.1001." + } + ], + "impacts": [ + { + "capecId": "CAPEC-591", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-591 Reflected XSS" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2024-12-31T10:29:08.495Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/royal-elementor-addons/vulnerability/wordpress-royal-elementor-addons-plugin-1-7-1001-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Royal Elementor Addons plugin to the latest available version (at least 1.7.1002)." + } + ], + "value": "Update the WordPress Royal Elementor Addons plugin to the latest available version (at least 1.7.1002)." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress Royal Elementor Addons plugin <= 1.7.1001 - Reflected Cross Site Scripting (XSS) vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56228.json b/cves/2024/56xxx/CVE-2024-56228.json new file mode 100644 index 000000000000..1e1e526fb5b0 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56228.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56228", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:02.339Z", + "datePublished": "2024-12-31T10:28:22.918Z", + "dateUpdated": "2024-12-31T10:28:22.918Z" + }, + "containers": { + "cna": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wish-list-for-woocommerce", + "product": "Wishlist for WooCommerce: Multi Wishlists Per Customer", + "vendor": "WPFactory", + "versions": [ + { + "changes": [ + { + "at": "3.1.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.1.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Le Ngoc Anh (Patchstack Alliance)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce: Multi Wishlists Per Customer allows Reflected XSS.

This issue affects Wishlist for WooCommerce: Multi Wishlists Per Customer: from n/a through 3.1.2.

" + } + ], + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce: Multi Wishlists Per Customer allows Reflected XSS.This issue affects Wishlist for WooCommerce: Multi Wishlists Per Customer: from n/a through 3.1.2." + } + ], + "impacts": [ + { + "capecId": "CAPEC-591", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-591 Reflected XSS" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2024-12-31T10:28:22.918Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wish-list-for-woocommerce/vulnerability/wordpress-wishlist-for-woocommerce-multi-wishlists-per-customer-plugin-3-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Wishlist for WooCommerce: Multi Wishlists Per Customer plugin to the latest available version (at least 3.1.3)." + } + ], + "value": "Update the WordPress Wishlist for WooCommerce: Multi Wishlists Per Customer plugin to the latest available version (at least 3.1.3)." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress Wishlist for WooCommerce: Multi Wishlists Per Customer plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56231.json b/cves/2024/56xxx/CVE-2024-56231.json new file mode 100644 index 000000000000..f6d900e566a1 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56231.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56231", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:02.340Z", + "datePublished": "2024-12-31T10:27:14.085Z", + "dateUpdated": "2024-12-31T10:27:14.085Z" + }, + "containers": { + "cna": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "saaspricing", + "product": "SaasPricing", + "vendor": "Debuggers Studio", + "versions": [ + { + "lessThanOrEqual": "1.1.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Gab (Patchstack Alliance)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debuggers Studio SaasPricing allows DOM-Based XSS.

This issue affects SaasPricing: from n/a through 1.1.4.

" + } + ], + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debuggers Studio SaasPricing allows DOM-Based XSS.This issue affects SaasPricing: from n/a through 1.1.4." + } + ], + "impacts": [ + { + "capecId": "CAPEC-588", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-588 DOM-Based XSS" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2024-12-31T10:27:14.085Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/saaspricing/vulnerability/wordpress-saaspricing-plugin-1-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress SaasPricing plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56233.json b/cves/2024/56xxx/CVE-2024-56233.json new file mode 100644 index 000000000000..5186c5d06aba --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56233.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56233", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:10.959Z", + "datePublished": "2024-12-31T10:26:25.270Z", + "dateUpdated": "2024-12-31T10:26:25.270Z" + }, + "containers": { + "cna": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "kintpv-connect", + "product": "Kintpv Wooconnect", + "vendor": "Kinhelios", + "versions": [ + { + "lessThanOrEqual": "8.129", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "theviper17 (Patchstack Alliance)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kinhelios Kintpv Wooconnect allows Stored XSS.

This issue affects Kintpv Wooconnect: from n/a through 8.129.

" + } + ], + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kinhelios Kintpv Wooconnect allows Stored XSS.This issue affects Kintpv Wooconnect: from n/a through 8.129." + } + ], + "impacts": [ + { + "capecId": "CAPEC-592", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-592 Stored XSS" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2024-12-31T10:26:25.270Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/kintpv-connect/vulnerability/wordpress-kintpv-wooconnect-plugin-8-129-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress Kintpv Wooconnect plugin <= 8.129 - Cross Site Scripting (XSS) vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56234.json b/cves/2024/56xxx/CVE-2024-56234.json new file mode 100644 index 000000000000..84a8ae85ae6d --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56234.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56234", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:10.960Z", + "datePublished": "2024-12-31T10:25:39.128Z", + "dateUpdated": "2024-12-31T10:25:39.128Z" + }, + "containers": { + "cna": { + "affected": [ + { + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "vw-automobile-lite", + "product": "VW Automobile Lite", + "vendor": "VW THEMES", + "versions": [ + { + "lessThanOrEqual": "2.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Fariq Fadillah Gusti Insani (Patchstack Alliance)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Missing Authorization vulnerability in VW THEMES VW Automobile Lite allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects VW Automobile Lite: from n/a through 2.1.

" + } + ], + "value": "Missing Authorization vulnerability in VW THEMES VW Automobile Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Automobile Lite: from n/a through 2.1." + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2024-12-31T10:25:39.128Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/vw-automobile-lite/vulnerability/wordpress-vw-automobile-lite-theme-2-1-broken-access-control-vulnerability?_s_id=cve" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress VW Automobile Lite theme <= 2.1 - Broken Access Control vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/9xxx/CVE-2024-9355.json b/cves/2024/9xxx/CVE-2024-9355.json index 278d23e17abe..94063a4ab3d8 100644 --- a/cves/2024/9xxx/CVE-2024-9355.json +++ b/cves/2024/9xxx/CVE-2024-9355.json @@ -8,7 +8,7 @@ "assignerShortName": "redhat", "dateReserved": "2024-09-30T17:07:30.833Z", "datePublished": "2024-10-01T18:17:29.420Z", - "dateUpdated": "2024-12-30T18:20:26.374Z" + "dateUpdated": "2024-12-31T10:28:33.446Z" }, "containers": { "cna": { @@ -713,7 +713,7 @@ "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", - "packageName": "openshift4/ose-aws-efs-csi-driver-container-rhel9", + "packageName": "openshift4/ose-aws-efs-csi-driver-container-rhel8", "defaultStatus": "affected", "cpes": [ "cpe:/a:redhat:openshift:4" @@ -723,7 +723,7 @@ "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", - "packageName": "openshift4/ose-gcp-filestore-csi-driver-rhel9", + "packageName": "openshift4/ose-gcp-filestore-csi-driver-rhel8", "defaultStatus": "affected", "cpes": [ "cpe:/a:redhat:openshift:4" @@ -733,7 +733,7 @@ "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", - "packageName": "openshift4/ose-secrets-store-csi-driver-rhel9", + "packageName": "openshift4/ose-secrets-store-csi-driver-rhel8", "defaultStatus": "affected", "cpes": [ "cpe:/a:redhat:openshift:4" @@ -763,7 +763,7 @@ "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", - "packageName": "openshift4/ose-vertical-pod-autoscaler-rhel9", + "packageName": "openshift4/ose-vertical-pod-autoscaler-rhel8", "defaultStatus": "affected", "cpes": [ "cpe:/a:redhat:openshift:4" @@ -779,16 +779,6 @@ "cpe:/a:redhat:openshift:4" ] }, - { - "vendor": "Red Hat", - "product": "Red Hat OpenShift Container Platform 4", - "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", - "packageName": "openshift4/sriov-network-metrics-exporter-rhel9", - "defaultStatus": "affected", - "cpes": [ - "cpe:/a:redhat:openshift:4" - ] - }, { "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", @@ -1254,7 +1244,7 @@ "providerMetadata": { "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", - "dateUpdated": "2024-12-30T18:20:26.374Z" + "dateUpdated": "2024-12-31T10:28:33.446Z" } }, "adp": [ diff --git a/cves/delta.json b/cves/delta.json index c373e82b0c7f..e5dba5edd29f 100644 --- a/cves/delta.json +++ b/cves/delta.json @@ -1,56 +1,93 @@ { - "fetchTime": "2024-12-31T10:25:09.334Z", - "numberOfChanges": 8, + "fetchTime": "2024-12-31T10:34:35.425Z", + "numberOfChanges": 14, "new": [ { - "cveId": "CVE-2024-56215", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56215", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56215.json", - "dateUpdated": "2024-12-31T10:17:30.410Z" + "cveId": "CVE-2024-12105", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12105", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12105.json", + "dateUpdated": "2024-12-31T10:32:08.238Z" }, { - "cveId": "CVE-2024-56217", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56217", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56217.json", - "dateUpdated": "2024-12-31T10:21:50.815Z" + "cveId": "CVE-2024-12106", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12106", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12106.json", + "dateUpdated": "2024-12-31T10:32:02.035Z" }, { - "cveId": "CVE-2024-56219", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56219", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56219.json", - "dateUpdated": "2024-12-31T10:22:42.089Z" + "cveId": "CVE-2024-12108", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12108", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12108.json", + "dateUpdated": "2024-12-31T10:31:56.107Z" }, { - "cveId": "CVE-2024-56225", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56225", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56225.json", - "dateUpdated": "2024-12-31T10:23:45.323Z" + "cveId": "CVE-2024-56209", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56209", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56209.json", + "dateUpdated": "2024-12-31T10:33:43.176Z" }, { - "cveId": "CVE-2024-56227", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56227", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56227.json", - "dateUpdated": "2024-12-31T10:24:38.211Z" + "cveId": "CVE-2024-56210", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56210", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56210.json", + "dateUpdated": "2024-12-31T10:32:48.853Z" }, { - "cveId": "CVE-2024-56235", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56235", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56235.json", - "dateUpdated": "2024-12-31T10:16:40.490Z" + "cveId": "CVE-2024-56221", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56221", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56221.json", + "dateUpdated": "2024-12-31T10:31:42.399Z" }, { - "cveId": "CVE-2024-56256", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56256", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56256.json", - "dateUpdated": "2024-12-31T10:15:36.923Z" + "cveId": "CVE-2024-56223", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56223", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56223.json", + "dateUpdated": "2024-12-31T10:30:46.565Z" }, { - "cveId": "CVE-2024-56265", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56265", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56265.json", - "dateUpdated": "2024-12-31T10:14:03.679Z" + "cveId": "CVE-2024-56224", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56224", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56224.json", + "dateUpdated": "2024-12-31T10:29:57.649Z" + }, + { + "cveId": "CVE-2024-56226", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56226", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56226.json", + "dateUpdated": "2024-12-31T10:29:08.495Z" + }, + { + "cveId": "CVE-2024-56228", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56228", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56228.json", + "dateUpdated": "2024-12-31T10:28:22.918Z" + }, + { + "cveId": "CVE-2024-56231", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56231", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56231.json", + "dateUpdated": "2024-12-31T10:27:14.085Z" + }, + { + "cveId": "CVE-2024-56233", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56233", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56233.json", + "dateUpdated": "2024-12-31T10:26:25.270Z" + }, + { + "cveId": "CVE-2024-56234", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56234", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56234.json", + "dateUpdated": "2024-12-31T10:25:39.128Z" + } + ], + "updated": [ + { + "cveId": "CVE-2024-9355", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-9355", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/9xxx/CVE-2024-9355.json", + "dateUpdated": "2024-12-31T10:28:33.446Z" } ], - "updated": [], "error": [] } \ No newline at end of file diff --git a/cves/deltaLog.json b/cves/deltaLog.json index 4d597a2b3284..090e59c8c812 100644 --- a/cves/deltaLog.json +++ b/cves/deltaLog.json @@ -1,4 +1,97 @@ [ + { + "fetchTime": "2024-12-31T10:34:35.425Z", + "numberOfChanges": 14, + "new": [ + { + "cveId": "CVE-2024-12105", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12105", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12105.json", + "dateUpdated": "2024-12-31T10:32:08.238Z" + }, + { + "cveId": "CVE-2024-12106", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12106", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12106.json", + "dateUpdated": "2024-12-31T10:32:02.035Z" + }, + { + "cveId": "CVE-2024-12108", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12108", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12108.json", + "dateUpdated": "2024-12-31T10:31:56.107Z" + }, + { + "cveId": "CVE-2024-56209", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56209", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56209.json", + "dateUpdated": "2024-12-31T10:33:43.176Z" + }, + { + "cveId": "CVE-2024-56210", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56210", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56210.json", + "dateUpdated": "2024-12-31T10:32:48.853Z" + }, + { + "cveId": "CVE-2024-56221", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56221", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56221.json", + "dateUpdated": "2024-12-31T10:31:42.399Z" + }, + { + "cveId": "CVE-2024-56223", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56223", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56223.json", + "dateUpdated": "2024-12-31T10:30:46.565Z" + }, + { + "cveId": "CVE-2024-56224", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56224", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56224.json", + "dateUpdated": "2024-12-31T10:29:57.649Z" + }, + { + "cveId": "CVE-2024-56226", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56226", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56226.json", + "dateUpdated": "2024-12-31T10:29:08.495Z" + }, + { + "cveId": "CVE-2024-56228", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56228", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56228.json", + "dateUpdated": "2024-12-31T10:28:22.918Z" + }, + { + "cveId": "CVE-2024-56231", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56231", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56231.json", + "dateUpdated": "2024-12-31T10:27:14.085Z" + }, + { + "cveId": "CVE-2024-56233", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56233", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56233.json", + "dateUpdated": "2024-12-31T10:26:25.270Z" + }, + { + "cveId": "CVE-2024-56234", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56234", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56234.json", + "dateUpdated": "2024-12-31T10:25:39.128Z" + } + ], + "updated": [ + { + "cveId": "CVE-2024-9355", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-9355", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/9xxx/CVE-2024-9355.json", + "dateUpdated": "2024-12-31T10:28:33.446Z" + } + ], + "error": [] + }, { "fetchTime": "2024-12-31T10:25:09.334Z", "numberOfChanges": 8,