Auto-Update: 2024-10-10T04:00:16.934414+00:00

CVE-2024/CVE-2024-281xx/CVE-2024-28125.json

@@ -2,13 +2,20 @@
  "id": "CVE-2024-28125",
  "sourceIdentifier": "[email protected]",
  "published": "2024-03-18T08:15:06.347",
- "lastModified": "2024-08-28T16:35:19.333",
+ "lastModified": "2024-10-10T02:15:02.830",
  "vulnStatus": "Awaiting Analysis",
- "cveTags": [],
+ "cveTags": [
+ {
+ "sourceIdentifier": "[email protected]",
+ "tags": [
+ "disputed"
+ ]
+ }
+ ],
  "descriptions": [
  {
  "lang": "en",
- "value": "FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands."
+ "value": "FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation."
  },
  {
  "lang": "es",
@@ -40,6 +47,16 @@
  ]
  },
  "weaknesses": [
+ {
+ "source": "[email protected]",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-78"
+ }
+ ]
+ },
  {
  "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
  "type": "Secondary",

CVE-2024/CVE-2024-489xx/CVE-2024-48957.json

@@ -0,0 +1,25 @@
+{
+ "id": "CVE-2024-48957",
+ "sourceIdentifier": "[email protected]",
+ "published": "2024-10-10T02:15:02.990",
+ "lastModified": "2024-10-10T02:15:02.990",
+ "vulnStatus": "Received",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https:/libarchive/libarchive/compare/v3.7.4...v3.7.5",
+ "source": "[email protected]"
+ },
+ {
+ "url": "https:/libarchive/libarchive/pull/2149",
+ "source": "[email protected]"
+ }
+ ]
+}

CVE-2024/CVE-2024-489xx/CVE-2024-48958.json

@@ -0,0 +1,25 @@
+{
+ "id": "CVE-2024-48958",
+ "sourceIdentifier": "[email protected]",
+ "published": "2024-10-10T02:15:03.057",
+ "lastModified": "2024-10-10T02:15:03.057",
+ "vulnStatus": "Received",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https:/libarchive/libarchive/compare/v3.7.4...v3.7.5",
+ "source": "[email protected]"
+ },
+ {
+ "url": "https:/libarchive/libarchive/pull/2148",
+ "source": "[email protected]"
+ }
+ ]
+}

CVE-2024/CVE-2024-70xx/CVE-2024-7048.json

@@ -0,0 +1,56 @@
+{
+ "id": "CVE-2024-7048",
+ "sourceIdentifier": "[email protected]",
+ "published": "2024-10-10T02:15:03.113",
+ "lastModified": "2024-10-10T02:15:03.113",
+ "vulnStatus": "Received",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this vulnerability, an attacker can view metadata of files uploaded by an admin and overwrite these files, compromising the integrity and availability of the RAG models."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "[email protected]",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-269"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://huntr.com/bounties/acd0b2dd-61eb-4712-82d3-a4e35d6ee560",
+ "source": "[email protected]"
+ }
+ ]
+}

CVE-2024/CVE-2024-84xx/CVE-2024-8477.json

@@ -0,0 +1,60 @@
+{
+ "id": "CVE-2024-8477",
+ "sourceIdentifier": "[email protected]",
+ "published": "2024-10-10T03:15:02.300",
+ "lastModified": "2024-10-10T03:15:02.300",
+ "vulnStatus": "Received",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. This is due to missing or incorrect nonce validation on the Init() function. This makes it possible for unauthenticated attackers to log out of a Brevo connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "[email protected]",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/3165451/mailin/tags/3.1.88/page/page-home.php",
+ "source": "[email protected]"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e070b422-9036-4362-832b-43fd4838f394?source=cve",
+ "source": "[email protected]"
+ }
+ ]
+}

CVE-2024/CVE-2024-85xx/CVE-2024-8513.json

@@ -0,0 +1,60 @@
+{
+ "id": "CVE-2024-8513",
+ "sourceIdentifier": "[email protected]",
+ "published": "2024-10-10T02:15:03.323",
+ "lastModified": "2024-10-10T02:15:03.323",
+ "vulnStatus": "Received",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The QA Analytics \u2013 Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_save_plugin_config() function in all versions up to, and including, 4.1.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "[email protected]",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/qa-heatmap-analytics/trunk/class-qahm-admin-page-config.php#L801",
+ "source": "[email protected]"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/15d29d58-9e28-4e18-aeb9-9c63cb308673?source=cve",
+ "source": "[email protected]"
+ }
+ ]
+}

CVE-2024/CVE-2024-87xx/CVE-2024-8729.json

@@ -0,0 +1,60 @@
+{
+ "id": "CVE-2024-8729",
+ "sourceIdentifier": "[email protected]",
+ "published": "2024-10-10T02:15:03.550",
+ "lastModified": "2024-10-10T02:15:03.550",
+ "vulnStatus": "Received",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "[email protected]",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/easy-social-share-buttons/trunk/includes/class-easy-social-share-buttons-settings.php#L271",
+ "source": "[email protected]"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b616bb6c-0861-4920-a589-f2c5bb819164?source=cve",
+ "source": "[email protected]"
+ }
+ ]
+}