chore: generate CVEs metadata 🤖
parent
e7998a6c2d
commit
e1374ec6ff
|
@ -2549,6 +2549,7 @@
|
|||
{"ID":"CVE-2024-4358","Info":{"Name":"Progress Telerik Report Server - Authentication Bypass","Severity":"critical","Description":"In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4358.yaml"}
|
||||
{"ID":"CVE-2024-4434","Info":{"Name":"LearnPress WordPress LMS Plugin \u003c= 4.2.6.5 - SQL Injection","Severity":"critical","Description":"The LearnPress WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4434.yaml"}
|
||||
{"ID":"CVE-2024-4443","Info":{"Name":"Business Directory Plugin \u003c= 6.4.2 - SQL Injection","Severity":"critical","Description":"The Business Directory Plugin Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4443.yaml"}
|
||||
{"ID":"CVE-2024-44849","Info":{"Name":"Qualitor \u003c= 8.24 - Remote Code Execution","Severity":"critical","Description":"Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-44849.yaml"}
|
||||
{"ID":"CVE-2024-45195","Info":{"Name":"Apache OFBiz - Remote Code Execution","Severity":"high","Description":"Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45195.yaml"}
|
||||
{"ID":"CVE-2024-45241","Info":{"Name":"CentralSquare CryWolf - Path Traversal","Severity":"high","Description":"A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45241.yaml"}
|
||||
{"ID":"CVE-2024-45388","Info":{"Name":"Hoverfly \u003c 1.10.3 - Arbitrary File Read","Severity":"high","Description":"Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45388.yaml"}
|
||||
|
|
|
@ -1 +1 @@
|
|||
2284a5aea5e6621d71c6d45c2d688d1f
|
||||
15e4c0a45fcab192e49de688c4595caa
|
||||
|
|
Loading…
Reference in New Issue