Skip to content

Commit

Permalink
4 changes (4 new | 0 updated):
Browse files Browse the repository at this point in the history
      - 4 new CVEs:  CVE-2024-13109, CVE-2024-38764, CVE-2024-38778, CVE-2024-39623
      - 0 updated CVEs:
  • Loading branch information
cvelistV5 Github Action committed Jan 2, 2025
1 parent bb2ae66 commit eeb70fd
Show file tree
Hide file tree
Showing 6 changed files with 604 additions and 17 deletions.
161 changes: 161 additions & 0 deletions cves/2024/13xxx/CVE-2024-13109.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,161 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-13109",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"state": "PUBLISHED",
"assignerShortName": "VulDB",
"dateReserved": "2025-01-01T11:31:29.255Z",
"datePublished": "2025-01-02T13:00:15.272Z",
"dateUpdated": "2025-01-02T13:00:15.272Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2025-01-02T13:00:15.272Z"
},
"title": "Beijing Yunfan Internet Technology Yunfan Learning Examination System doc.html improper authorization",
"problemTypes": [
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-285",
"lang": "en",
"description": "Improper Authorization"
}
]
},
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-266",
"lang": "en",
"description": "Incorrect Privilege Assignment"
}
]
}
],
"affected": [
{
"vendor": "Beijing Yunfan Internet Technology",
"product": "Yunfan Learning Examination System",
"versions": [
{
"version": "1.9.2",
"status": "affected"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. It has been rated as critical. This issue affects some unknown processing of the file /doc.html. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2 ausgemacht. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /doc.html. Durch das Beeinflussen mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."
}
],
"metrics": [
{
"cvssV4_0": {
"version": "4.0",
"baseScore": 6.9,
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_1": {
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_0": {
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV2_0": {
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
}
}
],
"timeline": [
{
"time": "2025-01-01T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2025-01-01T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2025-01-01T12:36:41.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "LVZC (VulDB User)",
"type": "reporter"
}
],
"references": [
{
"url": "https://vuldb.com/?id.289925",
"name": "VDB-289925 | Beijing Yunfan Internet Technology Yunfan Learning Examination System doc.html improper authorization",
"tags": [
"vdb-entry"
]
},
{
"url": "https://vuldb.com/?ctiid.289925",
"name": "VDB-289925 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.467695",
"name": "Submit #467695 | Beijing Yunfan Internet Technology Co., Ltd yfexam-exam 1.9.2 interface leakage",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/qiutiandefeng/yfexam-exam/issues/4",
"tags": [
"issue-tracking"
]
},
{
"url": "https://github.com/qiutiandefeng/yfexam-exam/issues/4#issue-2754670219",
"tags": [
"exploit",
"issue-tracking"
]
}
]
}
}
}
123 changes: 123 additions & 0 deletions cves/2024/38xxx/CVE-2024-38764.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-38764",
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"state": "PUBLISHED",
"assignerShortName": "Patchstack",
"dateReserved": "2024-06-19T12:34:40.590Z",
"datePublished": "2025-01-02T13:00:37.338Z",
"dateUpdated": "2025-01-02T13:00:37.338Z"
},
"containers": {
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/themes",
"defaultStatus": "unaffected",
"packageName": "i-transform",
"product": "i-transform",
"vendor": "Marsian",
"versions": [
{
"lessThanOrEqual": "3.0.9",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dhabaleshwar Das (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Marsian allows Cross Site Request Forgery.<p>This issue affects i-transform: from n/a through 3.0.9.</p>"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Marsian allows Cross Site Request Forgery.This issue affects i-transform: from n/a through 3.0.9."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack",
"dateUpdated": "2025-01-02T13:00:37.338Z"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/theme/i-transform/vulnerability/wordpress-i-transform-theme-3-0-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress i-transform theme <= 3.0.9 - Cross Site Request Forgery (CSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
}
}
Loading

0 comments on commit eeb70fd

Please sign in to comment.