From 316f9fb4997155c1b161ea8cc7ee15b222e3302f Mon Sep 17 00:00:00 2001 From: ghost Date: Sat, 5 Oct 2024 13:21:43 +0000 Subject: [PATCH] =?UTF-8?q?chore:=20generate=20CVEs=20metadata=20?= =?UTF-8?q?=F0=9F=A4=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cves.json | 1 + cves.json-checksum.txt | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/cves.json b/cves.json index 319b04d396..9d19047eda 100644 --- a/cves.json +++ b/cves.json @@ -2646,6 +2646,7 @@ {"ID":"CVE-2024-7332","Info":{"Name":"TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability","Severity":"critical","Description":"A critical vulnerability has been discovered in TOTOLINK CP450 version 4.1.0cu.747_B20191224. This vulnerability affects an unknown part of the file /web_cste/cgi-bin/product.ini of the Telnet Service component. The issue stems from the use of a hard-coded password, which can be exploited remotely without any user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-7332.yaml"} {"ID":"CVE-2024-7339","Info":{"Name":"TVT DVR Sensitive Device - Information Disclosure","Severity":"medium","Description":"A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-7339.yaml"} {"ID":"CVE-2024-7340","Info":{"Name":"W\u0026B Weave Server - Remote Arbitrary File Leak","Severity":"high","Description":"The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-7340.yaml"} +{"ID":"CVE-2024-7354","Info":{"Name":"Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting","Severity":"medium","Description":"The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-7354.yaml"} {"ID":"CVE-2024-7593","Info":{"Name":"Ivanti vTM - Authentication Bypass","Severity":"critical","Description":"Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-7593.yaml"} {"ID":"CVE-2024-7714","Info":{"Name":"AI Assistant with ChatGPT by AYS \u003c= 2.0.9 - Unauthenticated AJAX Calls","Severity":"medium","Description":"The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ays_chatgpt_disconnect, ays_chatgpt_connect, and ays_chatgpt_save_feedback\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-7714.yaml"} {"ID":"CVE-2024-7786","Info":{"Name":"Sensei LMS \u003c 4.24.2 - Email Template Leak","Severity":"high","Description":"The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-7786.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index 499d95d45f..0c70731616 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -2635ac259e852d71ed94dd93666a0e18 +34d767d0d4ce4e7d79ac3e12ad34b41b