Skip to content

Commit

Permalink
Auto-Update: 2024-12-13T19:00:27.850419+00:00
Browse files Browse the repository at this point in the history
  • Loading branch information
@cad-safe-bot
cad-safe-bot committed Dec 13, 2024
1 parent 2ce8d16 commit 2329bf4
Show file tree
Hide file tree
Showing 106 changed files with 7,080 additions and 914 deletions.
6 changes: 3 additions & 3 deletions CVE-2022/CVE-2022-19xx/CVE-2022-1949.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"id": "CVE-2022-1949",
"sourceIdentifier": "[email protected]",
"published": "2022-06-02T14:15:34.257",
"lastModified": "2024-11-21T06:41:49.047",
"lastModified": "2024-12-13T18:47:19.243",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
Expand Down Expand Up @@ -85,10 +85,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:port389:389-ds-base:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:redhat:389_directory_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.3.0.0",
"versionEndIncluding": "2.0.0",
"matchCriteriaId": "D3EB72E8-108F-4A60-80B3-1BEF979E6384"
"matchCriteriaId": "A6C73360-00B0-4F00-9985-2498BDB2749C"
}
]
}
Expand Down
4 changes: 2 additions & 2 deletions CVE-2024/CVE-2024-116xx/CVE-2024-11691.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,13 @@
"id": "CVE-2024-11691",
"sourceIdentifier": "[email protected]",
"published": "2024-11-26T14:15:18.633",
"lastModified": "2024-12-13T14:15:20.863",
"lastModified": "2024-12-13T17:15:05.813",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. \n*This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Firefox ESR < 115.18."
"value": "Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. \n*This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18."
},
{
"lang": "es",
Expand Down
4 changes: 2 additions & 2 deletions CVE-2024/CVE-2024-116xx/CVE-2024-11694.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,13 @@
"id": "CVE-2024-11694",
"sourceIdentifier": "[email protected]",
"published": "2024-11-26T14:15:18.943",
"lastModified": "2024-12-13T14:15:21.053",
"lastModified": "2024-12-13T17:15:05.960",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Firefox ESR < 115.18."
"value": "Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18."
},
{
"lang": "es",
Expand Down
91 changes: 84 additions & 7 deletions CVE-2024/CVE-2024-124xx/CVE-2024-12479.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,17 @@
"id": "CVE-2024-12479",
"sourceIdentifier": "[email protected]",
"published": "2024-12-12T01:40:28.927",
"lastModified": "2024-12-12T01:40:28.927",
"vulnStatus": "Received",
"lastModified": "2024-12-13T17:10:45.860",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2 and classified as critical. This issue affects the function searchTopicByKeyword of the file wetech-cms-master\\wetech-core\\src\\main\\java\\tech\\wetech\\cms\\dao\\TopicDao.java. The manipulation of the argument keyword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en cjbi wetech-cms 1.0/1.1/1.2 y se clasific\u00f3 como cr\u00edtica. Este problema afecta a la funci\u00f3n searchTopicByKeyword del archivo wetech-cms-master\\wetech-core\\src\\main\\java\\tech\\wetech\\cms\\dao\\TopicDao.java. La manipulaci\u00f3n de la palabra clave del argumento conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
Expand Down Expand Up @@ -76,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
Expand Down Expand Up @@ -107,7 +131,7 @@
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
Expand All @@ -118,24 +142,77 @@
"value": "CWE-89"
}
]
},
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cjbi:wetech-cms:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F93C4E14-1A90-4E82-B7F8-C96D2B3CAE4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cjbi:wetech-cms:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83600CAC-6027-40A5-8BBF-DDED8A755401"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cjbi:wetech-cms:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFB2214-D771-4960-AB53-2AD9B2F45CCF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/hadagaga/vuln/blob/master/wetech-cms/sql-1/SQL_injection_vulnerability.md",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.287861",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.287861",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.458849",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}
91 changes: 84 additions & 7 deletions CVE-2024/CVE-2024-124xx/CVE-2024-12480.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,17 @@
"id": "CVE-2024-12480",
"sourceIdentifier": "[email protected]",
"published": "2024-12-12T01:40:29.110",
"lastModified": "2024-12-12T01:40:29.110",
"vulnStatus": "Received",
"lastModified": "2024-12-13T17:11:08.800",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been classified as critical. Affected is the function searchTopic of the file wetech-cms-master\\wetech-core\\src\\main\\java\\tech\\wetech\\cms\\dao\\TopicDao.java. The manipulation of the argument con leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en cjbi wetech-cms 1.0/1.1/1.2. Se ha clasificado como cr\u00edtica. La funci\u00f3n searchTopic del archivo wetech-cms-master\\wetech-core\\src\\main\\java\\tech\\wetech\\cms\\dao\\TopicDao.java est\u00e1 afectada. La manipulaci\u00f3n del argumento con conduce a una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
Expand Down Expand Up @@ -76,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
Expand Down Expand Up @@ -107,7 +131,7 @@
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
Expand All @@ -118,24 +142,77 @@
"value": "CWE-89"
}
]
},
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cjbi:wetech-cms:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F93C4E14-1A90-4E82-B7F8-C96D2B3CAE4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cjbi:wetech-cms:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83600CAC-6027-40A5-8BBF-DDED8A755401"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cjbi:wetech-cms:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFB2214-D771-4960-AB53-2AD9B2F45CCF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/hadagaga/vuln/blob/master/wetech-cms/sql-2/SQL_injection_vulnerability.md",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.287862",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.287862",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.458851",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}
Loading

0 comments on commit 2329bf4

Please sign in to comment.