-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Weston Steimel <[email protected]>
- Loading branch information
1 parent
7e3119a
commit 8efdd34
Showing
25 changed files
with
950 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "tenable", | ||
"cveId": "CVE-2024-12015", | ||
"description": "The 'Project Manager' WordPress Plugin is affected by an authenticated SQL injection vulnerability in the 'orderby' parameter in the '/pm/v2/activites' route.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://www.tenable.com/security/research/tra-2024-47" | ||
] | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:wedevs:wp_project_manager:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "wedevs-project-manager", | ||
"packageType": "wordpress-plugin", | ||
"product": "WP Project Manager", | ||
"repo": "https://plugins.svn.wordpress.org/wedevs-project-manager", | ||
"vendor": "WeDevs", | ||
"versions": [ | ||
{ | ||
"lessThanOrEqual": "2.6.15", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "custom" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
}, | ||
"references": [ | ||
{ | ||
"url": "https://patchstack.com/database/wordpress/plugin/wedevs-project-manager/vulnerability/wordpress-wp-project-manager-plugin-2-6-15-sql-injection-vulnerability" | ||
} | ||
] | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "icscert", | ||
"cveId": "CVE-2024-50380", | ||
"description": "Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01" | ||
], | ||
"solutions": [ | ||
"Snap One has released the following updates/fixes for the affected products:\n\n * OvrC Pro v7.2 has been automatically pushed out to devices to update via OvrC cloud.\n * OvrC Pro v7.3 has been automatically pushed out to devices to update via OvrC cloud.\n * Disable UPnP.\n\n\nFor more information, see Snap One’s Release Notes https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf ." | ||
] | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"cpes": [ | ||
"cpe:2.3:a:snapone:orvc:*:*:*:*:*:pro:*:*" | ||
], | ||
"product": "OVRC cloud", | ||
"vendor": "Snap One", | ||
"versions": [ | ||
{ | ||
"lessThan": "7.3", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "custom" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "icscert", | ||
"cveId": "CVE-2024-50381", | ||
"description": "A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the targeted device and can make a request to unclaim it from its original connection and make a request to claim it.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01" | ||
], | ||
"solutions": [ | ||
"Snap One has released the following updates/fixes for the affected products:\n\n * OvrC Pro v7.2 has been automatically pushed out to devices to update via OvrC cloud.\n * OvrC Pro v7.3 has been automatically pushed out to devices to update via OvrC cloud.\n * Disable UPnP.\n\n\nFor more information, see Snap One’s Release Notes https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf ." | ||
] | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"cpes": [ | ||
"cpe:2.3:a:snapone:orvc:*:*:*:*:*:pro:*:*" | ||
], | ||
"product": "OVRC cloud", | ||
"vendor": "Snap One", | ||
"versions": [ | ||
{ | ||
"lessThan": "7.3", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "custom" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "patchstack", | ||
"cveId": "CVE-2024-52492", | ||
"description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gopi Ramasamy Image horizontal reel scroll slideshow allows Stored XSS.This issue affects Image horizontal reel scroll slideshow: from n/a through 13.4.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://patchstack.com/database/wordpress/plugin/image-horizontal-reel-scroll-slideshow/vulnerability/wordpress-image-horizontal-reel-scroll-slideshow-plugin-13-4-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" | ||
] | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:gopiplus:image_horizontal_reel_scroll_slideshow:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "image-horizontal-reel-scroll-slideshow", | ||
"packageType": "wordpress-plugin", | ||
"product": "Image horizontal reel scroll slideshow", | ||
"repo": "https://plugins.svn.wordpress.org/image-horizontal-reel-scroll-slideshow", | ||
"vendor": "Gopi Ramasamy", | ||
"versions": [ | ||
{ | ||
"lessThanOrEqual": "13.4", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "custom" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
}, | ||
"references": [ | ||
{ | ||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ff21c04-b615-417a-a640-e17c3211f449?source=cve" | ||
} | ||
] | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "patchstack", | ||
"cveId": "CVE-2024-52493", | ||
"description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Leuze Meteor Slides allows Stored XSS.This issue affects Meteor Slides: from n/a through 1.5.7.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://patchstack.com/database/wordpress/plugin/meteor-slides/vulnerability/wordpress-meteor-slides-plugin-1-5-7-cross-site-scripting-xss-vulnerability?_s_id=cve" | ||
] | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:meteor_slides_project:meteor_slides:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "meteor-slides", | ||
"packageType": "wordpress-plugin", | ||
"product": "Meteor Slides", | ||
"repo": "https://plugins.svn.wordpress.org/meteor-slides", | ||
"vendor": "Josh Leuze", | ||
"versions": [ | ||
{ | ||
"lessThanOrEqual": "1.5.7", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "custom" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
}, | ||
"references": [ | ||
{ | ||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7922de94-986c-47c1-ab95-284734ef85d1?source=cve" | ||
} | ||
] | ||
} | ||
} |
Oops, something went wrong.