-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Auto-Update: 2024-10-10T04:00:16.934414+00:00
- Loading branch information
1 parent
dcd3a0f
commit dc4c4e8
Showing
27 changed files
with
1,489 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,13 +2,20 @@ | |
"id": "CVE-2024-28125", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-03-18T08:15:06.347", | ||
"lastModified": "2024-08-28T16:35:19.333", | ||
"lastModified": "2024-10-10T02:15:02.830", | ||
"vulnStatus": "Awaiting Analysis", | ||
"cveTags": [], | ||
"cveTags": [ | ||
{ | ||
"sourceIdentifier": "[email protected]", | ||
"tags": [ | ||
"disputed" | ||
] | ||
} | ||
], | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands." | ||
"value": "FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation." | ||
}, | ||
{ | ||
"lang": "es", | ||
|
@@ -40,6 +47,16 @@ | |
] | ||
}, | ||
"weaknesses": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Secondary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-78" | ||
} | ||
] | ||
}, | ||
{ | ||
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", | ||
"type": "Secondary", | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
{ | ||
"id": "CVE-2024-48957", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-10-10T02:15:02.990", | ||
"lastModified": "2024-10-10T02:15:02.990", | ||
"vulnStatus": "Received", | ||
"cveTags": [], | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst." | ||
} | ||
], | ||
"metrics": {}, | ||
"references": [ | ||
{ | ||
"url": "https:/libarchive/libarchive/compare/v3.7.4...v3.7.5", | ||
"source": "[email protected]" | ||
}, | ||
{ | ||
"url": "https:/libarchive/libarchive/pull/2149", | ||
"source": "[email protected]" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
{ | ||
"id": "CVE-2024-48958", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-10-10T02:15:03.057", | ||
"lastModified": "2024-10-10T02:15:03.057", | ||
"vulnStatus": "Received", | ||
"cveTags": [], | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst." | ||
} | ||
], | ||
"metrics": {}, | ||
"references": [ | ||
{ | ||
"url": "https:/libarchive/libarchive/compare/v3.7.4...v3.7.5", | ||
"source": "[email protected]" | ||
}, | ||
{ | ||
"url": "https:/libarchive/libarchive/pull/2148", | ||
"source": "[email protected]" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
{ | ||
"id": "CVE-2024-7048", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-10-10T02:15:03.113", | ||
"lastModified": "2024-10-10T02:15:03.113", | ||
"vulnStatus": "Received", | ||
"cveTags": [], | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this vulnerability, an attacker can view metadata of files uploaded by an admin and overwrite these files, compromising the integrity and availability of the RAG models." | ||
} | ||
], | ||
"metrics": { | ||
"cvssMetricV30": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Secondary", | ||
"cvssData": { | ||
"version": "3.0", | ||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", | ||
"attackVector": "NETWORK", | ||
"attackComplexity": "LOW", | ||
"privilegesRequired": "LOW", | ||
"userInteraction": "NONE", | ||
"scope": "UNCHANGED", | ||
"confidentialityImpact": "LOW", | ||
"integrityImpact": "LOW", | ||
"availabilityImpact": "LOW", | ||
"baseScore": 6.3, | ||
"baseSeverity": "MEDIUM" | ||
}, | ||
"exploitabilityScore": 2.8, | ||
"impactScore": 3.4 | ||
} | ||
] | ||
}, | ||
"weaknesses": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Primary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-269" | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://huntr.com/bounties/acd0b2dd-61eb-4712-82d3-a4e35d6ee560", | ||
"source": "[email protected]" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
{ | ||
"id": "CVE-2024-8477", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-10-10T03:15:02.300", | ||
"lastModified": "2024-10-10T03:15:02.300", | ||
"vulnStatus": "Received", | ||
"cveTags": [], | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. This is due to missing or incorrect nonce validation on the Init() function. This makes it possible for unauthenticated attackers to log out of a Brevo connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." | ||
} | ||
], | ||
"metrics": { | ||
"cvssMetricV31": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Primary", | ||
"cvssData": { | ||
"version": "3.1", | ||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", | ||
"attackVector": "NETWORK", | ||
"attackComplexity": "LOW", | ||
"privilegesRequired": "NONE", | ||
"userInteraction": "REQUIRED", | ||
"scope": "UNCHANGED", | ||
"confidentialityImpact": "NONE", | ||
"integrityImpact": "LOW", | ||
"availabilityImpact": "NONE", | ||
"baseScore": 4.3, | ||
"baseSeverity": "MEDIUM" | ||
}, | ||
"exploitabilityScore": 2.8, | ||
"impactScore": 1.4 | ||
} | ||
] | ||
}, | ||
"weaknesses": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Secondary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-352" | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://plugins.trac.wordpress.org/changeset/3165451/mailin/tags/3.1.88/page/page-home.php", | ||
"source": "[email protected]" | ||
}, | ||
{ | ||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e070b422-9036-4362-832b-43fd4838f394?source=cve", | ||
"source": "[email protected]" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
{ | ||
"id": "CVE-2024-8513", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-10-10T02:15:03.323", | ||
"lastModified": "2024-10-10T02:15:03.323", | ||
"vulnStatus": "Received", | ||
"cveTags": [], | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "The QA Analytics \u2013 Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_save_plugin_config() function in all versions up to, and including, 4.1.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings." | ||
} | ||
], | ||
"metrics": { | ||
"cvssMetricV31": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Primary", | ||
"cvssData": { | ||
"version": "3.1", | ||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", | ||
"attackVector": "NETWORK", | ||
"attackComplexity": "LOW", | ||
"privilegesRequired": "NONE", | ||
"userInteraction": "NONE", | ||
"scope": "UNCHANGED", | ||
"confidentialityImpact": "NONE", | ||
"integrityImpact": "LOW", | ||
"availabilityImpact": "NONE", | ||
"baseScore": 5.3, | ||
"baseSeverity": "MEDIUM" | ||
}, | ||
"exploitabilityScore": 3.9, | ||
"impactScore": 1.4 | ||
} | ||
] | ||
}, | ||
"weaknesses": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Secondary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-862" | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://plugins.trac.wordpress.org/browser/qa-heatmap-analytics/trunk/class-qahm-admin-page-config.php#L801", | ||
"source": "[email protected]" | ||
}, | ||
{ | ||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/15d29d58-9e28-4e18-aeb9-9c63cb308673?source=cve", | ||
"source": "[email protected]" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
{ | ||
"id": "CVE-2024-8729", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-10-10T02:15:03.550", | ||
"lastModified": "2024-10-10T02:15:03.550", | ||
"vulnStatus": "Received", | ||
"cveTags": [], | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." | ||
} | ||
], | ||
"metrics": { | ||
"cvssMetricV31": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Secondary", | ||
"cvssData": { | ||
"version": "3.1", | ||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", | ||
"attackVector": "NETWORK", | ||
"attackComplexity": "LOW", | ||
"privilegesRequired": "NONE", | ||
"userInteraction": "REQUIRED", | ||
"scope": "CHANGED", | ||
"confidentialityImpact": "LOW", | ||
"integrityImpact": "LOW", | ||
"availabilityImpact": "NONE", | ||
"baseScore": 6.1, | ||
"baseSeverity": "MEDIUM" | ||
}, | ||
"exploitabilityScore": 2.8, | ||
"impactScore": 2.7 | ||
} | ||
] | ||
}, | ||
"weaknesses": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Primary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-79" | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://plugins.trac.wordpress.org/browser/easy-social-share-buttons/trunk/includes/class-easy-social-share-buttons-settings.php#L271", | ||
"source": "[email protected]" | ||
}, | ||
{ | ||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b616bb6c-0861-4920-a589-f2c5bb819164?source=cve", | ||
"source": "[email protected]" | ||
} | ||
] | ||
} |
Oops, something went wrong.