-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Auto-Update: 2024-10-08T12:00:19.348672+00:00
- Loading branch information
1 parent
1fbdbff
commit 37e74a7
Showing
16 changed files
with
731 additions
and
122 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,8 +2,8 @@ | |
"id": "CVE-2023-26315", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-08-26T12:15:05.387", | ||
"lastModified": "2024-09-06T22:25:54.637", | ||
"vulnStatus": "Analyzed", | ||
"lastModified": "2024-10-08T10:15:03.300", | ||
"vulnStatus": "Modified", | ||
"cveTags": [], | ||
"descriptions": [ | ||
{ | ||
|
@@ -69,6 +69,16 @@ | |
"value": "CWE-77" | ||
} | ||
] | ||
}, | ||
{ | ||
"source": "[email protected]", | ||
"type": "Secondary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-78" | ||
} | ||
] | ||
} | ||
], | ||
"configurations": [ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,13 +2,13 @@ | |
"id": "CVE-2023-26317", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2023-08-02T14:15:10.407", | ||
"lastModified": "2023-08-07T16:18:22.053", | ||
"vulnStatus": "Analyzed", | ||
"lastModified": "2024-10-08T10:15:03.907", | ||
"vulnStatus": "Modified", | ||
"cveTags": [], | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "A vulnerability has been discovered in Xiaomi routers that could allow command injection through an external interface. This vulnerability arises from inadequate filtering of responses returned from the external interface. Attackers could exploit this vulnerability by hijacking the ISP or an upper-layer router to gain privileges on the Xiaomi router. Successful exploitation of this flaw could permit remote code execution and complete compromise of the device." | ||
"value": "Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing." | ||
} | ||
], | ||
"metrics": { | ||
|
@@ -32,6 +32,26 @@ | |
}, | ||
"exploitabilityScore": 3.9, | ||
"impactScore": 5.9 | ||
}, | ||
{ | ||
"source": "[email protected]", | ||
"type": "Secondary", | ||
"cvssData": { | ||
"version": "3.1", | ||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", | ||
"attackVector": "NETWORK", | ||
"attackComplexity": "HIGH", | ||
"privilegesRequired": "NONE", | ||
"userInteraction": "NONE", | ||
"scope": "UNCHANGED", | ||
"confidentialityImpact": "LOW", | ||
"integrityImpact": "HIGH", | ||
"availabilityImpact": "LOW", | ||
"baseScore": 7.0, | ||
"baseSeverity": "HIGH" | ||
}, | ||
"exploitabilityScore": 2.2, | ||
"impactScore": 4.7 | ||
} | ||
] | ||
}, | ||
|
@@ -45,6 +65,16 @@ | |
"value": "CWE-77" | ||
} | ||
] | ||
}, | ||
{ | ||
"source": "[email protected]", | ||
"type": "Secondary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-78" | ||
} | ||
] | ||
} | ||
], | ||
"configurations": [ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,7 +2,7 @@ | |
"id": "CVE-2023-26319", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2023-10-11T07:15:10.103", | ||
"lastModified": "2024-10-08T09:15:08.063", | ||
"lastModified": "2024-10-08T10:15:04.190", | ||
"vulnStatus": "Modified", | ||
"cveTags": [], | ||
"descriptions": [ | ||
|
@@ -76,7 +76,7 @@ | |
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-78" | ||
"value": "CWE-120" | ||
} | ||
] | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,8 +2,8 @@ | |
"id": "CVE-2023-26320", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2023-10-11T07:15:10.257", | ||
"lastModified": "2023-10-16T19:04:10.920", | ||
"vulnStatus": "Analyzed", | ||
"lastModified": "2024-10-08T10:15:04.293", | ||
"vulnStatus": "Modified", | ||
"cveTags": [], | ||
"descriptions": [ | ||
{ | ||
|
@@ -76,7 +76,7 @@ | |
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-77" | ||
"value": "CWE-120" | ||
} | ||
] | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
{ | ||
"id": "CVE-2024-3506", | ||
"sourceIdentifier": "cf45122d-9d50-442a-9b23-e05cde9943d8", | ||
"published": "2024-10-08T10:15:04.417", | ||
"lastModified": "2024-10-08T10:15:04.417", | ||
"vulnStatus": "Received", | ||
"cveTags": [], | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "A possible buffer overflow in selected cameras' drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions." | ||
} | ||
], | ||
"metrics": { | ||
"cvssMetricV40": [ | ||
{ | ||
"source": "cf45122d-9d50-442a-9b23-e05cde9943d8", | ||
"type": "Secondary", | ||
"cvssData": { | ||
"version": "4.0", | ||
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", | ||
"attackVector": "ADJACENT", | ||
"attackComplexity": "HIGH", | ||
"attackRequirements": "PRESENT", | ||
"privilegesRequired": "NONE", | ||
"userInteraction": "ACTIVE", | ||
"vulnerableSystemConfidentiality": "HIGH", | ||
"vulnerableSystemIntegrity": "HIGH", | ||
"vulnerableSystemAvailability": "LOW", | ||
"subsequentSystemConfidentiality": "LOW", | ||
"subsequentSystemIntegrity": "LOW", | ||
"subsequentSystemAvailability": "LOW", | ||
"exploitMaturity": "NOT_DEFINED", | ||
"confidentialityRequirements": "NOT_DEFINED", | ||
"integrityRequirements": "NOT_DEFINED", | ||
"availabilityRequirements": "NOT_DEFINED", | ||
"modifiedAttackVector": "NOT_DEFINED", | ||
"modifiedAttackComplexity": "NOT_DEFINED", | ||
"modifiedAttackRequirements": "NOT_DEFINED", | ||
"modifiedPrivilegesRequired": "NOT_DEFINED", | ||
"modifiedUserInteraction": "NOT_DEFINED", | ||
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", | ||
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED", | ||
"modifiedVulnerableSystemAvailability": "NOT_DEFINED", | ||
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", | ||
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED", | ||
"modifiedSubsequentSystemAvailability": "NOT_DEFINED", | ||
"safety": "NOT_DEFINED", | ||
"automatable": "NOT_DEFINED", | ||
"recovery": "NOT_DEFINED", | ||
"valueDensity": "NOT_DEFINED", | ||
"vulnerabilityResponseEffort": "NOT_DEFINED", | ||
"providerUrgency": "NOT_DEFINED", | ||
"baseScore": 7.3, | ||
"baseSeverity": "HIGH" | ||
} | ||
} | ||
], | ||
"cvssMetricV31": [ | ||
{ | ||
"source": "cf45122d-9d50-442a-9b23-e05cde9943d8", | ||
"type": "Secondary", | ||
"cvssData": { | ||
"version": "3.1", | ||
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", | ||
"attackVector": "ADJACENT_NETWORK", | ||
"attackComplexity": "HIGH", | ||
"privilegesRequired": "NONE", | ||
"userInteraction": "REQUIRED", | ||
"scope": "UNCHANGED", | ||
"confidentialityImpact": "HIGH", | ||
"integrityImpact": "HIGH", | ||
"availabilityImpact": "LOW", | ||
"baseScore": 6.7, | ||
"baseSeverity": "MEDIUM" | ||
}, | ||
"exploitabilityScore": 1.2, | ||
"impactScore": 5.5 | ||
} | ||
] | ||
}, | ||
"weaknesses": [ | ||
{ | ||
"source": "cf45122d-9d50-442a-9b23-e05cde9943d8", | ||
"type": "Secondary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-120" | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://supportcommunity.milestonesys.com/KBRedir?art=000065801&lang=en_US", | ||
"source": "cf45122d-9d50-442a-9b23-e05cde9943d8" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,7 +2,7 @@ | |
"id": "CVE-2024-45277", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-10-08T04:15:08.133", | ||
"lastModified": "2024-10-08T04:15:08.133", | ||
"lastModified": "2024-10-08T10:15:04.770", | ||
"vulnStatus": "Received", | ||
"cveTags": [], | ||
"descriptions": [ | ||
|
@@ -55,6 +55,10 @@ | |
{ | ||
"url": "https://url.sap/sapsecuritypatchday", | ||
"source": "[email protected]" | ||
}, | ||
{ | ||
"url": "https://www.npmjs.com/package/@sap/hana-client?activeTab=code", | ||
"source": "[email protected]" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
{ | ||
"id": "CVE-2024-8422", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-10-08T10:15:04.880", | ||
"lastModified": "2024-10-08T10:15:04.880", | ||
"vulnStatus": "Received", | ||
"cveTags": [], | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial\nof service and loss of confidentiality & integrity when application user opens a malicious Zelio\nSoft 2 project file." | ||
} | ||
], | ||
"metrics": { | ||
"cvssMetricV31": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Secondary", | ||
"cvssData": { | ||
"version": "3.1", | ||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", | ||
"attackVector": "LOCAL", | ||
"attackComplexity": "LOW", | ||
"privilegesRequired": "NONE", | ||
"userInteraction": "REQUIRED", | ||
"scope": "UNCHANGED", | ||
"confidentialityImpact": "HIGH", | ||
"integrityImpact": "HIGH", | ||
"availabilityImpact": "HIGH", | ||
"baseScore": 7.8, | ||
"baseSeverity": "HIGH" | ||
}, | ||
"exploitabilityScore": 1.8, | ||
"impactScore": 5.9 | ||
} | ||
] | ||
}, | ||
"weaknesses": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Primary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-416" | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-06.pdf", | ||
"source": "[email protected]" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
{ | ||
"id": "CVE-2024-8433", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-10-08T10:15:05.110", | ||
"lastModified": "2024-10-08T10:15:05.110", | ||
"vulnStatus": "Received", | ||
"cveTags": [], | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "The Easy Mega Menu Plugin for WordPress \u2013 ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018themehunk_megamenu_bg_image' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that this was partially fixed in 1.1.0 due to the missing authorization protection that was added." | ||
} | ||
], | ||
"metrics": { | ||
"cvssMetricV31": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Primary", | ||
"cvssData": { | ||
"version": "3.1", | ||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", | ||
"attackVector": "NETWORK", | ||
"attackComplexity": "LOW", | ||
"privilegesRequired": "LOW", | ||
"userInteraction": "NONE", | ||
"scope": "CHANGED", | ||
"confidentialityImpact": "LOW", | ||
"integrityImpact": "LOW", | ||
"availabilityImpact": "NONE", | ||
"baseScore": 6.4, | ||
"baseSeverity": "MEDIUM" | ||
}, | ||
"exploitabilityScore": 3.1, | ||
"impactScore": 2.7 | ||
} | ||
] | ||
}, | ||
"weaknesses": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Primary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-79" | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://plugins.trac.wordpress.org/browser/themehunk-megamenu-plus/tags/1.1.0/views/admin/item_settings.php?rev=3156084#L196", | ||
"source": "[email protected]" | ||
}, | ||
{ | ||
"url": "https://plugins.trac.wordpress.org/browser/themehunk-megamenu-plus/trunk/inc/megamenu-base.php#L35", | ||
"source": "[email protected]" | ||
}, | ||
{ | ||
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3163871%40themehunk-megamenu-plus&new=3163871%40themehunk-megamenu-plus&sfp_email=&sfph_mail=#file21", | ||
"source": "[email protected]" | ||
}, | ||
{ | ||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fc661cfd-6290-4b36-858a-cf2269b5fcf9?source=cve", | ||
"source": "[email protected]" | ||
} | ||
] | ||
} |
Oops, something went wrong.