forked from CVEProject/cvelistV5
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- 5 new CVEs: CVE-2024-10970, CVE-2025-0170, CVE-2025-0455, CVE-2025-0456, CVE-2025-0457 - 0 updated CVEs:
- Loading branch information
cvelistV5 Github Action
committed
Jan 16, 2025
1 parent
11b0b71
commit 35b2733
Showing
5 changed files
with
616 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,98 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2024-10970", | ||
| "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "Wordfence", | ||
| "dateReserved": "2024-11-07T13:46:36.925Z", | ||
| "datePublished": "2025-01-16T01:49:04.000Z", | ||
| "dateUpdated": "2025-01-16T01:49:04.000Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "providerMetadata": { | ||
| "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", | ||
| "shortName": "Wordfence", | ||
| "dateUpdated": "2025-01-16T01:49:04.000Z" | ||
| }, | ||
| "affected": [ | ||
| { | ||
| "vendor": "stylemix", | ||
| "product": "Motors – Car Dealer, Classifieds & Listing", | ||
| "versions": [ | ||
| { | ||
| "version": "*", | ||
| "status": "affected", | ||
| "lessThanOrEqual": "1.4.43", | ||
| "versionType": "semver" | ||
| } | ||
| ], | ||
| "defaultStatus": "unaffected" | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes." | ||
| } | ||
| ], | ||
| "title": "Motors – Car Dealer, Classifieds & Listing <= 1.4.43 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Custom Title", | ||
| "references": [ | ||
| { | ||
| "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fc58c679-3e87-4bcc-b1bc-718ae52c291a?source=cve" | ||
| }, | ||
| { | ||
| "url": "https://plugins.trac.wordpress.org/browser/motors-car-dealership-classified-listings/tags/1.4.42/includes/functions.php#L939" | ||
| } | ||
| ], | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", | ||
| "cweId": "CWE-94", | ||
| "type": "CWE" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "metrics": [ | ||
| { | ||
| "cvssV3_1": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", | ||
| "baseScore": 5.4, | ||
| "baseSeverity": "MEDIUM" | ||
| } | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "type": "finder", | ||
| "value": "Gregory Stewart" | ||
| }, | ||
| { | ||
| "lang": "en", | ||
| "type": "finder", | ||
| "value": "Chance" | ||
| } | ||
| ], | ||
| "timeline": [ | ||
| { | ||
| "time": "2024-09-24T00:00:00.000+00:00", | ||
| "lang": "en", | ||
| "value": "Discovered" | ||
| }, | ||
| { | ||
| "time": "2025-01-15T11:56:38.000+00:00", | ||
| "lang": "en", | ||
| "value": "Disclosed" | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,98 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2025-0170", | ||
| "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "Wordfence", | ||
| "dateReserved": "2025-01-02T07:18:27.588Z", | ||
| "datePublished": "2025-01-16T01:49:03.466Z", | ||
| "dateUpdated": "2025-01-16T01:49:03.466Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "providerMetadata": { | ||
| "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", | ||
| "shortName": "Wordfence", | ||
| "dateUpdated": "2025-01-16T01:49:03.466Z" | ||
| }, | ||
| "affected": [ | ||
| { | ||
| "vendor": "scriptsbundle", | ||
| "product": "DWT - Directory & Listing WordPress Theme", | ||
| "versions": [ | ||
| { | ||
| "version": "*", | ||
| "status": "affected", | ||
| "lessThanOrEqual": "3.3.3", | ||
| "versionType": "semver" | ||
| } | ||
| ], | ||
| "defaultStatus": "unaffected" | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sort_by' and 'token' parameters. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." | ||
| } | ||
| ], | ||
| "title": "DWT - Directory & Listing WordPress Theme <= 3.3.3 - Reflected Cross-Site Scripting", | ||
| "references": [ | ||
| { | ||
| "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d607e7c0-7812-4c77-a763-6095677b3525?source=cve" | ||
| }, | ||
| { | ||
| "url": "https://scriptsbundle.gitbook.io/dwt-directory-and-listing-wordpress-theme" | ||
| } | ||
| ], | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", | ||
| "cweId": "CWE-79", | ||
| "type": "CWE" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "metrics": [ | ||
| { | ||
| "cvssV3_1": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", | ||
| "baseScore": 6.1, | ||
| "baseSeverity": "MEDIUM" | ||
| } | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "type": "finder", | ||
| "value": "István Márton" | ||
| } | ||
| ], | ||
| "timeline": [ | ||
| { | ||
| "time": "2025-01-02T00:00:00.000+00:00", | ||
| "lang": "en", | ||
| "value": "Discovered" | ||
| }, | ||
| { | ||
| "time": "2025-01-02T00:00:00.000+00:00", | ||
| "lang": "en", | ||
| "value": "Vendor Notified" | ||
| }, | ||
| { | ||
| "time": "2025-01-15T00:00:00.000+00:00", | ||
| "lang": "en", | ||
| "value": "Disclosed" | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,140 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2025-0455", | ||
| "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "twcert", | ||
| "dateReserved": "2025-01-14T07:51:47.556Z", | ||
| "datePublished": "2025-01-16T01:29:25.439Z", | ||
| "dateUpdated": "2025-01-16T01:38:02.941Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "affected": [ | ||
| { | ||
| "defaultStatus": "unaffected", | ||
| "product": "airPASS", | ||
| "vendor": "NetVision Information", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "2.9.0.241231", | ||
| "status": "affected", | ||
| "version": "2.9.0", | ||
| "versionType": "custom" | ||
| }, | ||
| { | ||
| "lessThan": "3.0.0.241231", | ||
| "status": "affected", | ||
| "version": "3.0.0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "datePublic": "2025-01-16T01:25:00.000Z", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "supportingMedia": [ | ||
| { | ||
| "base64": false, | ||
| "type": "text/html", | ||
| "value": "<span style=\"background-color: rgb(255, 255, 255);\">The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.</span>" | ||
| } | ||
| ], | ||
| "value": "The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents." | ||
| } | ||
| ], | ||
| "impacts": [ | ||
| { | ||
| "capecId": "CAPEC-66", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CAPEC-66 SQL Injection" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "metrics": [ | ||
| { | ||
| "cvssV3_1": { | ||
| "attackComplexity": "LOW", | ||
| "attackVector": "NETWORK", | ||
| "availabilityImpact": "HIGH", | ||
| "baseScore": 9.8, | ||
| "baseSeverity": "CRITICAL", | ||
| "confidentialityImpact": "HIGH", | ||
| "integrityImpact": "HIGH", | ||
| "privilegesRequired": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "userInteraction": "NONE", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", | ||
| "version": "3.1" | ||
| }, | ||
| "format": "CVSS", | ||
| "scenarios": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "GENERAL" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "cweId": "CWE-89", | ||
| "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", | ||
| "lang": "en", | ||
| "type": "CWE" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", | ||
| "shortName": "twcert", | ||
| "dateUpdated": "2025-01-16T01:38:02.941Z" | ||
| }, | ||
| "references": [ | ||
| { | ||
| "tags": [ | ||
| "third-party-advisory" | ||
| ], | ||
| "url": "https://www.twcert.org.tw/tw/cp-132-8357-28308-1.html" | ||
| }, | ||
| { | ||
| "tags": [ | ||
| "third-party-advisory" | ||
| ], | ||
| "url": "https://www.twcert.org.tw/en/cp-139-8358-143bc-2.html" | ||
| } | ||
| ], | ||
| "solutions": [ | ||
| { | ||
| "lang": "en", | ||
| "supportingMedia": [ | ||
| { | ||
| "base64": false, | ||
| "type": "text/html", | ||
| "value": "<span style=\"background-color: rgb(255, 255, 255);\">For v2.9.0.x, please update to version 2.9.0.241231 or later.</span><br><span style=\"background-color: rgb(255, 255, 255);\">For v3.0.0.x, please update to version 3.0.0.241231 or later.</span>\n\n<br>" | ||
| } | ||
| ], | ||
| "value": "For v2.9.0.x, please update to version 2.9.0.241231 or later.\nFor v3.0.0.x, please update to version 3.0.0.241231 or later." | ||
| } | ||
| ], | ||
| "source": { | ||
| "advisory": "TVN-202501001", | ||
| "discovery": "EXTERNAL" | ||
| }, | ||
| "title": "NetVision Information airPASS - SQL injection", | ||
| "x_generator": { | ||
| "engine": "Vulnogram 0.2.0" | ||
| } | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.