diff --git a/cves/2024/13xxx/CVE-2024-13109.json b/cves/2024/13xxx/CVE-2024-13109.json new file mode 100644 index 000000000000..4af3af50ab48 --- /dev/null +++ b/cves/2024/13xxx/CVE-2024-13109.json @@ -0,0 +1,161 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-13109", + "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", + "state": "PUBLISHED", + "assignerShortName": "VulDB", + "dateReserved": "2025-01-01T11:31:29.255Z", + "datePublished": "2025-01-02T13:00:15.272Z", + "dateUpdated": "2025-01-02T13:00:15.272Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", + "shortName": "VulDB", + "dateUpdated": "2025-01-02T13:00:15.272Z" + }, + "title": "Beijing Yunfan Internet Technology Yunfan Learning Examination System doc.html improper authorization", + "problemTypes": [ + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-285", + "lang": "en", + "description": "Improper Authorization" + } + ] + }, + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-266", + "lang": "en", + "description": "Incorrect Privilege Assignment" + } + ] + } + ], + "affected": [ + { + "vendor": "Beijing Yunfan Internet Technology", + "product": "Yunfan Learning Examination System", + "versions": [ + { + "version": "1.9.2", + "status": "affected" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. It has been rated as critical. This issue affects some unknown processing of the file /doc.html. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "de", + "value": "Eine Schwachstelle wurde in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2 ausgemacht. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /doc.html. Durch das Beeinflussen mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung." + } + ], + "metrics": [ + { + "cvssV4_0": { + "version": "4.0", + "baseScore": 6.9, + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", + "baseSeverity": "MEDIUM" + } + }, + { + "cvssV3_1": { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + } + }, + { + "cvssV3_0": { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + } + }, + { + "cvssV2_0": { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N" + } + } + ], + "timeline": [ + { + "time": "2025-01-01T00:00:00.000Z", + "lang": "en", + "value": "Advisory disclosed" + }, + { + "time": "2025-01-01T01:00:00.000Z", + "lang": "en", + "value": "VulDB entry created" + }, + { + "time": "2025-01-01T12:36:41.000Z", + "lang": "en", + "value": "VulDB entry last update" + } + ], + "credits": [ + { + "lang": "en", + "value": "LVZC (VulDB User)", + "type": "reporter" + } + ], + "references": [ + { + "url": "https://vuldb.com/?id.289925", + "name": "VDB-289925 | Beijing Yunfan Internet Technology Yunfan Learning Examination System doc.html improper authorization", + "tags": [ + "vdb-entry" + ] + }, + { + "url": "https://vuldb.com/?ctiid.289925", + "name": "VDB-289925 | CTI Indicators (IOB, IOC, TTP, IOA)", + "tags": [ + "signature", + "permissions-required" + ] + }, + { + "url": "https://vuldb.com/?submit.467695", + "name": "Submit #467695 | Beijing Yunfan Internet Technology Co., Ltd yfexam-exam 1.9.2 interface leakage", + "tags": [ + "third-party-advisory" + ] + }, + { + "url": "https://github.com/qiutiandefeng/yfexam-exam/issues/4", + "tags": [ + "issue-tracking" + ] + }, + { + "url": "https://github.com/qiutiandefeng/yfexam-exam/issues/4#issue-2754670219", + "tags": [ + "exploit", + "issue-tracking" + ] + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2024/38xxx/CVE-2024-38764.json b/cves/2024/38xxx/CVE-2024-38764.json new file mode 100644 index 000000000000..5f2ac9b7b9bb --- /dev/null +++ b/cves/2024/38xxx/CVE-2024-38764.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-38764", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-19T12:34:40.590Z", + "datePublished": "2025-01-02T13:00:37.338Z", + "dateUpdated": "2025-01-02T13:00:37.338Z" + }, + "containers": { + "cna": { + "affected": [ + { + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "i-transform", + "product": "i-transform", + "vendor": "Marsian", + "versions": [ + { + "lessThanOrEqual": "3.0.9", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Marsian allows Cross Site Request Forgery.

This issue affects i-transform: from n/a through 3.0.9.

" + } + ], + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Marsian allows Cross Site Request Forgery.This issue affects i-transform: from n/a through 3.0.9." + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T13:00:37.338Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/i-transform/vulnerability/wordpress-i-transform-theme-3-0-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress i-transform theme <= 3.0.9 - Cross Site Request Forgery (CSRF) vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/38xxx/CVE-2024-38778.json b/cves/2024/38xxx/CVE-2024-38778.json new file mode 100644 index 000000000000..c1c67c2938d8 --- /dev/null +++ b/cves/2024/38xxx/CVE-2024-38778.json @@ -0,0 +1,131 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-38778", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-19T12:35:00.610Z", + "datePublished": "2025-01-02T12:58:33.218Z", + "dateUpdated": "2025-01-02T12:58:33.218Z" + }, + "containers": { + "cna": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "fulltext-search", + "product": "WP Fast Total Search", + "vendor": "Epsiloncool", + "versions": [ + { + "changes": [ + { + "at": "1.70.236", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.69.234", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Majed Refaea (Patchstack Alliance)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search.

This issue affects WP Fast Total Search: from n/a through 1.69.234.

" + } + ], + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search.This issue affects WP Fast Total Search: from n/a through 1.69.234." + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:58:33.218Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/fulltext-search/vulnerability/wordpress-wp-fast-total-search-1-69-234-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WP Fast Total Search plugin to the latest available version (at least 1.70.236)." + } + ], + "value": "Update the WordPress WP Fast Total Search plugin to the latest available version (at least 1.70.236)." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress WP Fast Total Search <= 1.69.234 - Cross Site Request Forgery (CSRF) vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/39xxx/CVE-2024-39623.json b/cves/2024/39xxx/CVE-2024-39623.json new file mode 100644 index 000000000000..f43e4c85f036 --- /dev/null +++ b/cves/2024/39xxx/CVE-2024-39623.json @@ -0,0 +1,140 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-39623", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-26T21:17:39.688Z", + "datePublished": "2025-01-02T12:56:23.968Z", + "dateUpdated": "2025-01-02T12:56:23.968Z" + }, + "containers": { + "cna": { + "affected": [ + { + "defaultStatus": "unaffected", + "product": "ListingPro", + "vendor": "CridioStudio", + "versions": [ + { + "changes": [ + { + "at": "2.9.5", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.9.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro allows Authentication Bypass.

This issue affects ListingPro: from n/a through 2.9.4.

" + } + ], + "value": "Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro allows Authentication Bypass.This issue affects ListingPro: from n/a through 2.9.4." + } + ], + "impacts": [ + { + "capecId": "CAPEC-115", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-115 Authentication Bypass" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:56:23.968Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/listingpro/vulnerability/wordpress-listingpro-theme-2-9-3-cross-site-request-forgery-csrf-to-account-takeover-vulnerability?_s_id=cve" + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available. No reply from the vendor." + } + ], + "value": "No patched version is available. No reply from the vendor." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress ListingPro theme <= 2.9.4 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/delta.json b/cves/delta.json index 56158f9acbc5..45fbfecff539 100644 --- a/cves/delta.json +++ b/cves/delta.json @@ -1,30 +1,30 @@ { - "fetchTime": "2025-01-02T12:33:42.276Z", + "fetchTime": "2025-01-02T13:02:23.955Z", "numberOfChanges": 4, "new": [ { - "cveId": "CVE-2024-13108", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13108", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13108.json", - "dateUpdated": "2025-01-02T12:31:05.759Z" + "cveId": "CVE-2024-13109", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13109", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13109.json", + "dateUpdated": "2025-01-02T13:00:15.272Z" }, { - "cveId": "CVE-2024-56014", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56014", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56014.json", - "dateUpdated": "2025-01-02T12:25:45.625Z" + "cveId": "CVE-2024-38764", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38764", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38764.json", + "dateUpdated": "2025-01-02T13:00:37.338Z" }, { - "cveId": "CVE-2024-56257", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56257", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56257.json", - "dateUpdated": "2025-01-02T12:23:45.655Z" + "cveId": "CVE-2024-38778", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38778", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38778.json", + "dateUpdated": "2025-01-02T12:58:33.218Z" }, { - "cveId": "CVE-2024-56268", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56268", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56268.json", - "dateUpdated": "2025-01-02T12:22:08.760Z" + "cveId": "CVE-2024-39623", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39623", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39623.json", + "dateUpdated": "2025-01-02T12:56:23.968Z" } ], "updated": [], diff --git a/cves/deltaLog.json b/cves/deltaLog.json index ed0defb55b0f..181f71f6ee6f 100644 --- a/cves/deltaLog.json +++ b/cves/deltaLog.json @@ -1,4 +1,36 @@ [ + { + "fetchTime": "2025-01-02T13:02:23.955Z", + "numberOfChanges": 4, + "new": [ + { + "cveId": "CVE-2024-13109", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13109", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13109.json", + "dateUpdated": "2025-01-02T13:00:15.272Z" + }, + { + "cveId": "CVE-2024-38764", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38764", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38764.json", + "dateUpdated": "2025-01-02T13:00:37.338Z" + }, + { + "cveId": "CVE-2024-38778", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38778", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38778.json", + "dateUpdated": "2025-01-02T12:58:33.218Z" + }, + { + "cveId": "CVE-2024-39623", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39623", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39623.json", + "dateUpdated": "2025-01-02T12:56:23.968Z" + } + ], + "updated": [], + "error": [] + }, { "fetchTime": "2025-01-02T12:33:42.276Z", "numberOfChanges": 4,