-
Notifications
You must be signed in to change notification settings - Fork 18
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Auto-Update: 2024-12-17T07:00:20.452212+00:00
- Loading branch information
1 parent
080c4b3
commit 69b5cd8
Showing
7 changed files
with
344 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
{ | ||
"id": "CVE-2024-12356", | ||
"sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891", | ||
"published": "2024-12-17T05:15:06.413", | ||
"lastModified": "2024-12-17T05:15:06.413", | ||
"vulnStatus": "Received", | ||
"cveTags": [], | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user." | ||
} | ||
], | ||
"metrics": { | ||
"cvssMetricV31": [ | ||
{ | ||
"source": "13061848-ea10-403d-bd75-c83a022c2891", | ||
"type": "Secondary", | ||
"cvssData": { | ||
"version": "3.1", | ||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", | ||
"baseScore": 9.8, | ||
"baseSeverity": "CRITICAL", | ||
"attackVector": "NETWORK", | ||
"attackComplexity": "LOW", | ||
"privilegesRequired": "NONE", | ||
"userInteraction": "NONE", | ||
"scope": "UNCHANGED", | ||
"confidentialityImpact": "HIGH", | ||
"integrityImpact": "HIGH", | ||
"availabilityImpact": "HIGH" | ||
}, | ||
"exploitabilityScore": 3.9, | ||
"impactScore": 5.9 | ||
} | ||
] | ||
}, | ||
"weaknesses": [ | ||
{ | ||
"source": "13061848-ea10-403d-bd75-c83a022c2891", | ||
"type": "Secondary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-77" | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12356", | ||
"source": "13061848-ea10-403d-bd75-c83a022c2891" | ||
}, | ||
{ | ||
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-10", | ||
"source": "13061848-ea10-403d-bd75-c83a022c2891" | ||
}, | ||
{ | ||
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12356", | ||
"source": "13061848-ea10-403d-bd75-c83a022c2891" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
{ | ||
"id": "CVE-2024-38499", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-12-17T06:15:20.760", | ||
"lastModified": "2024-12-17T06:15:20.760", | ||
"vulnStatus": "Received", | ||
"cveTags": [], | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute \"caf encrypt\"/\"sd_acmd encrypt\" commands." | ||
} | ||
], | ||
"metrics": { | ||
"cvssMetricV40": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Secondary", | ||
"cvssData": { | ||
"version": "4.0", | ||
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", | ||
"baseScore": 7.3, | ||
"baseSeverity": "HIGH", | ||
"attackVector": "LOCAL", | ||
"attackComplexity": "HIGH", | ||
"attackRequirements": "PRESENT", | ||
"privilegesRequired": "LOW", | ||
"userInteraction": "ACTIVE", | ||
"vulnerableSystemConfidentiality": "HIGH", | ||
"vulnerableSystemIntegrity": "HIGH", | ||
"vulnerableSystemAvailability": "HIGH", | ||
"subsequentSystemConfidentiality": "HIGH", | ||
"subsequentSystemIntegrity": "HIGH", | ||
"subsequentSystemAvailability": "HIGH", | ||
"exploitMaturity": "NOT_DEFINED", | ||
"confidentialityRequirements": "NOT_DEFINED", | ||
"integrityRequirements": "NOT_DEFINED", | ||
"availabilityRequirements": "NOT_DEFINED", | ||
"modifiedAttackVector": "NOT_DEFINED", | ||
"modifiedAttackComplexity": "NOT_DEFINED", | ||
"modifiedAttackRequirements": "NOT_DEFINED", | ||
"modifiedPrivilegesRequired": "NOT_DEFINED", | ||
"modifiedUserInteraction": "NOT_DEFINED", | ||
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", | ||
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED", | ||
"modifiedVulnerableSystemAvailability": "NOT_DEFINED", | ||
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", | ||
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED", | ||
"modifiedSubsequentSystemAvailability": "NOT_DEFINED", | ||
"safety": "NOT_DEFINED", | ||
"automatable": "NOT_DEFINED", | ||
"recovery": "NOT_DEFINED", | ||
"valueDensity": "NOT_DEFINED", | ||
"vulnerabilityResponseEffort": "NOT_DEFINED", | ||
"providerUrgency": "NOT_DEFINED" | ||
} | ||
} | ||
] | ||
}, | ||
"weaknesses": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Secondary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-269" | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25284", | ||
"source": "[email protected]" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
{ | ||
"id": "CVE-2024-54125", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-12-17T06:15:21.030", | ||
"lastModified": "2024-12-17T06:15:21.030", | ||
"vulnStatus": "Received", | ||
"cveTags": [], | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "Improper authorization in handler for custom URL scheme issue in \"Shonen Jump+\" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack." | ||
} | ||
], | ||
"metrics": { | ||
"cvssMetricV30": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Secondary", | ||
"cvssData": { | ||
"version": "3.0", | ||
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", | ||
"baseScore": 3.3, | ||
"baseSeverity": "LOW", | ||
"attackVector": "LOCAL", | ||
"attackComplexity": "LOW", | ||
"privilegesRequired": "NONE", | ||
"userInteraction": "REQUIRED", | ||
"scope": "UNCHANGED", | ||
"confidentialityImpact": "NONE", | ||
"integrityImpact": "LOW", | ||
"availabilityImpact": "NONE" | ||
}, | ||
"exploitabilityScore": 1.8, | ||
"impactScore": 1.4 | ||
} | ||
] | ||
}, | ||
"weaknesses": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Primary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-939" | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://jvn.jp/en/jp/JVN08430039/", | ||
"source": "[email protected]" | ||
}, | ||
{ | ||
"url": "https://shonenjumpplus.com/article/info20241216", | ||
"source": "[email protected]" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
{ | ||
"id": "CVE-2024-55864", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-12-17T05:15:09.937", | ||
"lastModified": "2024-12-17T05:15:09.937", | ||
"vulnStatus": "Received", | ||
"cveTags": [], | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the page." | ||
} | ||
], | ||
"metrics": { | ||
"cvssMetricV30": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Secondary", | ||
"cvssData": { | ||
"version": "3.0", | ||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", | ||
"baseScore": 4.8, | ||
"baseSeverity": "MEDIUM", | ||
"attackVector": "NETWORK", | ||
"attackComplexity": "LOW", | ||
"privilegesRequired": "HIGH", | ||
"userInteraction": "REQUIRED", | ||
"scope": "CHANGED", | ||
"confidentialityImpact": "LOW", | ||
"integrityImpact": "LOW", | ||
"availabilityImpact": "NONE" | ||
}, | ||
"exploitabilityScore": 1.7, | ||
"impactScore": 2.7 | ||
} | ||
] | ||
}, | ||
"weaknesses": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Primary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-79" | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://jvn.jp/en/vu/JVNVU90748215/", | ||
"source": "[email protected]" | ||
}, | ||
{ | ||
"url": "https://mywpcustomize.com/update-history-my-wp-customize-admin-frontend-1-24-1/", | ||
"source": "[email protected]" | ||
}, | ||
{ | ||
"url": "https://wordpress.org/plugins/my-wp/#developers", | ||
"source": "[email protected]" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
{ | ||
"id": "CVE-2024-9624", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-12-17T06:15:21.173", | ||
"lastModified": "2024-12-17T06:15:21.173", | ||
"vulnStatus": "Received", | ||
"cveTags": [], | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On cloud platforms, it might allow attackers to read the Instance metadata." | ||
} | ||
], | ||
"metrics": { | ||
"cvssMetricV31": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Primary", | ||
"cvssData": { | ||
"version": "3.1", | ||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", | ||
"baseScore": 7.6, | ||
"baseSeverity": "HIGH", | ||
"attackVector": "NETWORK", | ||
"attackComplexity": "LOW", | ||
"privilegesRequired": "HIGH", | ||
"userInteraction": "NONE", | ||
"scope": "CHANGED", | ||
"confidentialityImpact": "HIGH", | ||
"integrityImpact": "LOW", | ||
"availabilityImpact": "NONE" | ||
}, | ||
"exploitabilityScore": 2.3, | ||
"impactScore": 4.7 | ||
} | ||
] | ||
}, | ||
"weaknesses": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Primary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-918" | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eabde2e7-5cd4-4c3e-959a-69e04f6350d3?source=cve", | ||
"source": "[email protected]" | ||
}, | ||
{ | ||
"url": "https://www.wpallimport.com", | ||
"source": "[email protected]" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.