From 00f43dc9d82c7e702170a725978788f39e1ce47e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2024 15:24:47 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/6xxx/CVE-2023-6047.json | 6 +- 2023/6xxx/CVE-2023-6437.json | 8 +- 2024/29xxx/CVE-2024-29200.json | 76 ++++++++++++++++- 2024/29xxx/CVE-2024-29667.json | 56 ++++++++++-- 2024/29xxx/CVE-2024-29882.json | 85 ++++++++++++++++++- 2024/29xxx/CVE-2024-29896.json | 81 +++++++++++++++++- 2024/29xxx/CVE-2024-29897.json | 91 +++++++++++++++++++- 2024/29xxx/CVE-2024-29898.json | 86 ++++++++++++++++++- 2024/2xxx/CVE-2024-2818.json | 95 ++++++++++++++++++++- 2024/30xxx/CVE-2024-30421.json | 113 ++++++++++++++++++++++++- 2024/30xxx/CVE-2024-30422.json | 113 ++++++++++++++++++++++++- 2024/30xxx/CVE-2024-30431.json | 113 ++++++++++++++++++++++++- 2024/30xxx/CVE-2024-30432.json | 113 ++++++++++++++++++++++++- 2024/30xxx/CVE-2024-30590.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30591.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30592.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30593.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30594.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30595.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30596.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30613.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30624.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30626.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30627.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30629.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30630.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30631.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30632.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30633.json | 56 ++++++++++-- 2024/31xxx/CVE-2024-31091.json | 85 +------------------ 2024/31xxx/CVE-2024-31092.json | 85 +------------------ 2024/31xxx/CVE-2024-31094.json | 69 ++------------- 2024/31xxx/CVE-2024-31095.json | 69 ++------------- 2024/31xxx/CVE-2024-31096.json | 85 +------------------ 2024/31xxx/CVE-2024-31097.json | 85 +------------------ 2024/31xxx/CVE-2024-31099.json | 85 +------------------ 2024/31xxx/CVE-2024-31100.json | 85 +------------------ 2024/31xxx/CVE-2024-31101.json | 85 +------------------ 2024/31xxx/CVE-2024-31102.json | 85 +------------------ 2024/31xxx/CVE-2024-31103.json | 85 +------------------ 2024/31xxx/CVE-2024-31104.json | 85 +------------------ 2024/31xxx/CVE-2024-31106.json | 85 +------------------ 2024/31xxx/CVE-2024-31107.json | 85 +------------------ 2024/31xxx/CVE-2024-31108.json | 85 +------------------ 2024/31xxx/CVE-2024-31110.json | 85 +------------------ 2024/31xxx/CVE-2024-31112.json | 85 +------------------ 2024/31xxx/CVE-2024-31114.json | 85 +------------------ 2024/31xxx/CVE-2024-31115.json | 85 +------------------ 2024/31xxx/CVE-2024-31116.json | 85 +------------------ 2024/31xxx/CVE-2024-31117.json | 85 +------------------ 2024/31xxx/CVE-2024-31120.json | 85 +------------------ 2024/31xxx/CVE-2024-31121.json | 85 +------------------ 2024/31xxx/CVE-2024-31122.json | 85 +------------------ 2024/31xxx/CVE-2024-31123.json | 85 +------------------ 2024/3xxx/CVE-2024-3039.json | 100 +--------------------- 2024/3xxx/CVE-2024-3040.json | 100 +--------------------- 2024/3xxx/CVE-2024-3041.json | 100 +--------------------- 2024/3xxx/CVE-2024-3042.json | 100 +--------------------- 2024/3xxx/CVE-2024-3078.json | 141 ++++++++++++++++++++++++++++++- 2024/3xxx/CVE-2024-3094.json | 150 --------------------------------- 60 files changed, 2038 insertions(+), 2678 deletions(-) diff --git a/2023/6xxx/CVE-2023-6047.json b/2023/6xxx/CVE-2023-6047.json index 752ccc76480..a8eb2e494fd 100644 --- a/2023/6xxx/CVE-2023-6047.json +++ b/2023/6xxx/CVE-2023-6047.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Algoritim E-commerce Software allows Reflected XSS.This issue affects E-commerce Software: before 3.9.2.\n\n" + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Algoritim E-commerce Software allows Reflected XSS.This issue affects E-commerce Software: through 20240329.\u00a0NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n" } ] }, @@ -40,9 +40,9 @@ "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<=", "version_name": "0", - "version_value": "3.9.2" + "version_value": "20240329" } ] } diff --git a/2023/6xxx/CVE-2023-6437.json b/2023/6xxx/CVE-2023-6437.json index 57dc8edfecb..55fe963e16b 100644 --- a/2023/6xxx/CVE-2023-6437.json +++ b/2023/6xxx/CVE-2023-6437.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3, TP-Link VX220-G2u, TP-Link VN020-G2u allows authenticated OS Command Injection.This issue affects TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3 : through 20240328. Also\u00a0\u00a0the vulnerability continues in the TP-Link VX220-G2u and TP-Link VN020-G2u models due to the products not being produced and supported.\n\n" + "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Turk Telekom TP-Link allows OS Command Injection.This issue affects TP-Link: through 2024.03.28.\n\n" } ] }, @@ -32,17 +32,17 @@ "vendor": { "vendor_data": [ { - "vendor_name": "TP-Link", + "vendor_name": "Turk Telekom", "product": { "product_data": [ { - "product_name": "TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3, TP-Link VX220-G2u, TP-Link VN020-G2u ", + "product_name": "TP-Link", "version": { "version_data": [ { "version_affected": "<=", "version_name": "0", - "version_value": "20240328" + "version_value": "2024.03.28" } ] } diff --git a/2024/29xxx/CVE-2024-29200.json b/2024/29xxx/CVE-2024-29200.json index 2df851bab88..1f70cdeb073 100644 --- a/2024/29xxx/CVE-2024-29200.json +++ b/2024/29xxx/CVE-2024-29200.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29200", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the `view_other_timesheet` permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When requesting all timesheets from the API, however, all timesheet entries are returned, regardless of whether the user shares team permissions or not. This vulnerability is fixed in 2.13.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1220: Insufficient Granularity of Access Control", + "cweId": "CWE-1220" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "kimai", + "product": { + "product_data": [ + { + "product_name": "kimai", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kimai/kimai/security/advisories/GHSA-cj3c-5xpm-cx94", + "refsource": "MISC", + "name": "https://github.com/kimai/kimai/security/advisories/GHSA-cj3c-5xpm-cx94" + } + ] + }, + "source": { + "advisory": "GHSA-cj3c-5xpm-cx94", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29667.json b/2024/29xxx/CVE-2024-29667.json index 44ad4e2c796..3cb44d75a48 100644 --- a/2024/29xxx/CVE-2024-29667.json +++ b/2024/29xxx/CVE-2024-29667.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-29667", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-29667", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/whgojp/cve-reports/wiki/CMSV6-vehicle-monitoring-platform-system-SQL-injection", + "refsource": "MISC", + "name": "https://github.com/whgojp/cve-reports/wiki/CMSV6-vehicle-monitoring-platform-system-SQL-injection" } ] } diff --git a/2024/29xxx/CVE-2024-29882.json b/2024/29xxx/CVE-2024-29882.json index b573842aaf2..4cb97d0f3b2 100644 --- a/2024/29xxx/CVE-2024-29882.json +++ b/2024/29xxx/CVE-2024-29882.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29882", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SRS is a simple, high-efficiency, real-time video server. SRS's `/api/v1/vhosts/vid-?callback=` endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and 6.0.121." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ossrs", + "product": { + "product_data": [ + { + "product_name": "srs", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 5.0.210" + }, + { + "version_affected": "=", + "version_value": ">= 6.0.0, < 6.0.121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ossrs/srs/security/advisories/GHSA-gv9r-qcjc-5hj7", + "refsource": "MISC", + "name": "https://github.com/ossrs/srs/security/advisories/GHSA-gv9r-qcjc-5hj7" + }, + { + "url": "https://github.com/ossrs/srs/commit/244ce7bc013a0b805274a65132a2980680ba6b9d", + "refsource": "MISC", + "name": "https://github.com/ossrs/srs/commit/244ce7bc013a0b805274a65132a2980680ba6b9d" + } + ] + }, + "source": { + "advisory": "GHSA-gv9r-qcjc-5hj7", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29896.json b/2024/29xxx/CVE-2024-29896.json index efb5f63b434..e553e5547a6 100644 --- a/2024/29xxx/CVE-2024-29896.json +++ b/2024/29xxx/CVE-2024-29896.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29896", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the CSP headers generation feature might be \"allow-listing\" malicious injected resources like inlined JS, or references to external malicious scripts. The fix is available in version 1.3.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "KindSpells", + "product": { + "product_data": [ + { + "product_name": "astro-shield", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "= 1.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/KindSpells/astro-shield/security/advisories/GHSA-w387-5qqw-7g8m", + "refsource": "MISC", + "name": "https://github.com/KindSpells/astro-shield/security/advisories/GHSA-w387-5qqw-7g8m" + }, + { + "url": "https://github.com/KindSpells/astro-shield/commit/41b84576d37fa486a57005ea297658d0bc38566d", + "refsource": "MISC", + "name": "https://github.com/KindSpells/astro-shield/commit/41b84576d37fa486a57005ea297658d0bc38566d" + } + ] + }, + "source": { + "advisory": "GHSA-w387-5qqw-7g8m", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29897.json b/2024/29xxx/CVE-2024-29897.json index e3b1294eff6..05b3a746d6b 100644 --- a/2024/29xxx/CVE-2024-29897.json +++ b/2024/29xxx/CVE-2024-29897.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29897", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "miraheze", + "product": { + "product_data": [ + { + "product_name": "CreateWiki", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 23415c17ffb4832667c06abcf1eadadefd4c8937" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq", + "refsource": "MISC", + "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq" + }, + { + "url": "https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8", + "refsource": "MISC", + "name": "https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8" + }, + { + "url": "https://issue-tracker.miraheze.org/F3093343", + "refsource": "MISC", + "name": "https://issue-tracker.miraheze.org/F3093343" + }, + { + "url": "https://issue-tracker.miraheze.org/T11999", + "refsource": "MISC", + "name": "https://issue-tracker.miraheze.org/T11999" + } + ] + }, + "source": { + "advisory": "GHSA-4rcf-3cj2-46mq", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29898.json b/2024/29xxx/CVE-2024-29898.json index 3c7ccbb2fd6..e45e9765723 100644 --- a/2024/29xxx/CVE-2024-29898.json +++ b/2024/29xxx/CVE-2024-29898.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29898", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "miraheze", + "product": { + "product_data": [ + { + "product_name": "CreateWiki", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "23415c17ffb4832667c06abcf1eadadefd4c8937" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-5rcv-cf88-gv8v", + "refsource": "MISC", + "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-5rcv-cf88-gv8v" + }, + { + "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq", + "refsource": "MISC", + "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq" + }, + { + "url": "https://github.com/miraheze/CreateWiki/commit/8f8442ed5299510ea3e58416004b9334134c149c", + "refsource": "MISC", + "name": "https://github.com/miraheze/CreateWiki/commit/8f8442ed5299510ea3e58416004b9334134c149c" + } + ] + }, + "source": { + "advisory": "GHSA-5rcv-cf88-gv8v", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2818.json b/2024/2xxx/CVE-2024-2818.json index 5dfc1fe96b5..2b9b1eb6b22 100644 --- a/2024/2xxx/CVE-2024-2818.json +++ b/2024/2xxx/CVE-2024-2818.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2818", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "16.8.5" + }, + { + "version_affected": "<", + "version_name": "16.9", + "version_value": "16.9.3" + }, + { + "version_affected": "<", + "version_name": "16.10", + "version_value": "16.10.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/434803", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/434803" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 16.8.5, 16.9.3, 16.10.1 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks Quintin Crist of Trend Micro for reporting this vulnerability." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/30xxx/CVE-2024-30421.json b/2024/30xxx/CVE-2024-30421.json index 9fb0cf47708..979bd969236 100644 --- a/2024/30xxx/CVE-2024-30421.json +++ b/2024/30xxx/CVE-2024-30421.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30421", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Pixelite", + "product": { + "product_data": [ + { + "product_name": "Events Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "6.4.7.2", + "status": "unaffected" + } + ], + "lessThanOrEqual": "6.4.7.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/events-manager/wordpress-events-manager-plugin-6-4-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/events-manager/wordpress-events-manager-plugin-6-4-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 6.4.7.2 or a higher version." + } + ], + "value": "Update to 6.4.7.2 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/30xxx/CVE-2024-30422.json b/2024/30xxx/CVE-2024-30422.json index 24bfa5f1243..9b2d7bef2c2 100644 --- a/2024/30xxx/CVE-2024-30422.json +++ b/2024/30xxx/CVE-2024-30422.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30422", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WPVibes", + "product": { + "product_data": [ + { + "product_name": "Elementor Addon Elements", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.13.2", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.13.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/addon-elements-for-elementor-page-builder/wordpress-elementor-addon-elements-plugin-1-13-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/addon-elements-for-elementor-page-builder/wordpress-elementor-addon-elements-plugin-1-13-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.13.2 or a higher version." + } + ], + "value": "Update to 1.13.2 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Abu Hurayra (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/30xxx/CVE-2024-30431.json b/2024/30xxx/CVE-2024-30431.json index e0be449dd6d..07145c4e554 100644 --- a/2024/30xxx/CVE-2024-30431.json +++ b/2024/30xxx/CVE-2024-30431.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30431", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hometory Mang Board WP allows Reflected XSS.This issue affects Mang Board WP: from n/a through 1.8.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hometory", + "product": { + "product_data": [ + { + "product_name": "Mang Board WP", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.8.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.8.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/mangboard/wordpress-mang-board-wp-plugin-1-8-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/mangboard/wordpress-mang-board-wp-plugin-1-8-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.8.1 or a higher version." + } + ], + "value": "Update to 1.8.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dimas Maulana (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/30xxx/CVE-2024-30432.json b/2024/30xxx/CVE-2024-30432.json index 8aab7312ae7..e27b4bc7fab 100644 --- a/2024/30xxx/CVE-2024-30432.json +++ b/2024/30xxx/CVE-2024-30432.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30432", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Slider - Slider for your block editor allows Stored XSS.This issue affects B Slider - Slider for your block editor: from n/a through 1.1.12.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bPlugins", + "product": { + "product_data": [ + { + "product_name": "B Slider - Slider for your block editor", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.1.13", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.1.12", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/b-slider/wordpress-b-slider-plugin-1-1-12-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/b-slider/wordpress-b-slider-plugin-1-1-12-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.1.13 or a higher version." + } + ], + "value": "Update to 1.1.13 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Jean Tirstan T (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/30xxx/CVE-2024-30590.json b/2024/30xxx/CVE-2024-30590.json index a40a01fc2d1..34f1a674ad7 100644 --- a/2024/30xxx/CVE-2024-30590.json +++ b/2024/30xxx/CVE-2024-30590.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30590", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30590", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/setSchedWifi_end.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/setSchedWifi_end.md" } ] } diff --git a/2024/30xxx/CVE-2024-30591.json b/2024/30xxx/CVE-2024-30591.json index a16fa1cc7df..199cc74c6e4 100644 --- a/2024/30xxx/CVE-2024-30591.json +++ b/2024/30xxx/CVE-2024-30591.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30591", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30591", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/saveParentControlInfo_time.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/saveParentControlInfo_time.md" } ] } diff --git a/2024/30xxx/CVE-2024-30592.json b/2024/30xxx/CVE-2024-30592.json index e88b48fbc02..0148ca893ba 100644 --- a/2024/30xxx/CVE-2024-30592.json +++ b/2024/30xxx/CVE-2024-30592.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30592", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30592", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the page parameter of the fromAddressNat function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/fromAddressNat_page.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/fromAddressNat_page.md" } ] } diff --git a/2024/30xxx/CVE-2024-30593.json b/2024/30xxx/CVE-2024-30593.json index d096683ff81..ee8b80f0186 100644 --- a/2024/30xxx/CVE-2024-30593.json +++ b/2024/30xxx/CVE-2024-30593.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30593", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30593", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the deviceName parameter of the formSetDeviceName function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetDeviceName_devName.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetDeviceName_devName.md" } ] } diff --git a/2024/30xxx/CVE-2024-30594.json b/2024/30xxx/CVE-2024-30594.json index c16b45d9665..38a399ab0df 100644 --- a/2024/30xxx/CVE-2024-30594.json +++ b/2024/30xxx/CVE-2024-30594.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30594", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30594", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/addWifiMacFilter_deviceMac.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/addWifiMacFilter_deviceMac.md" } ] } diff --git a/2024/30xxx/CVE-2024-30595.json b/2024/30xxx/CVE-2024-30595.json index 2400e4b2b41..ef0f133b4ab 100644 --- a/2024/30xxx/CVE-2024-30595.json +++ b/2024/30xxx/CVE-2024-30595.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30595", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30595", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/addWifiMacFilter_deviceId.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/addWifiMacFilter_deviceId.md" } ] } diff --git a/2024/30xxx/CVE-2024-30596.json b/2024/30xxx/CVE-2024-30596.json index 3a67846df72..7d47b17f7ce 100644 --- a/2024/30xxx/CVE-2024-30596.json +++ b/2024/30xxx/CVE-2024-30596.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30596", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30596", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetDeviceName_deviceId.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetDeviceName_deviceId.md" } ] } diff --git a/2024/30xxx/CVE-2024-30613.json b/2024/30xxx/CVE-2024-30613.json index 54f4849b084..267002ee919 100644 --- a/2024/30xxx/CVE-2024-30613.json +++ b/2024/30xxx/CVE-2024-30613.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30613", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30613", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/setSmartPowerManagement.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/setSmartPowerManagement.md" } ] } diff --git a/2024/30xxx/CVE-2024-30624.json b/2024/30xxx/CVE-2024-30624.json index acf61251b8c..8166922e38a 100644 --- a/2024/30xxx/CVE-2024-30624.json +++ b/2024/30xxx/CVE-2024-30624.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30624", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30624", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the urls parameter from saveParentControlInfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/saveParentControlInfo_urls.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/saveParentControlInfo_urls.md" } ] } diff --git a/2024/30xxx/CVE-2024-30626.json b/2024/30xxx/CVE-2024-30626.json index 6b55e73dfdc..3ffcf6e55a0 100644 --- a/2024/30xxx/CVE-2024-30626.json +++ b/2024/30xxx/CVE-2024-30626.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30626", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30626", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedEndTime parameter from setSchedWifi function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/setSchedWifi_end.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/setSchedWifi_end.md" } ] } diff --git a/2024/30xxx/CVE-2024-30627.json b/2024/30xxx/CVE-2024-30627.json index 45ead72bc1b..020d274b9db 100644 --- a/2024/30xxx/CVE-2024-30627.json +++ b/2024/30xxx/CVE-2024-30627.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30627", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30627", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the deviceId parameter from saveParentControlInfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/saveParentControlInfo_deviceId.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/saveParentControlInfo_deviceId.md" } ] } diff --git a/2024/30xxx/CVE-2024-30629.json b/2024/30xxx/CVE-2024-30629.json index c92c18be583..cb68420caa4 100644 --- a/2024/30xxx/CVE-2024-30629.json +++ b/2024/30xxx/CVE-2024-30629.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30629", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30629", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the list1 parameter from fromDhcpListClient function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromDhcpListClient_list1.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromDhcpListClient_list1.md" } ] } diff --git a/2024/30xxx/CVE-2024-30630.json b/2024/30xxx/CVE-2024-30630.json index cab61d0674d..4e523049d6a 100644 --- a/2024/30xxx/CVE-2024-30630.json +++ b/2024/30xxx/CVE-2024-30630.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30630", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30630", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the time parameter from saveParentControlInfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/saveParentControlInfo_time.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/saveParentControlInfo_time.md" } ] } diff --git a/2024/30xxx/CVE-2024-30631.json b/2024/30xxx/CVE-2024-30631.json index 3f0e780653b..6d39e3ddccc 100644 --- a/2024/30xxx/CVE-2024-30631.json +++ b/2024/30xxx/CVE-2024-30631.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30631", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30631", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedStartTime parameter from setSchedWifi function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/setSchedWifi_start.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/setSchedWifi_start.md" } ] } diff --git a/2024/30xxx/CVE-2024-30632.json b/2024/30xxx/CVE-2024-30632.json index 82a3495c2d9..8bca1e2e9aa 100644 --- a/2024/30xxx/CVE-2024-30632.json +++ b/2024/30xxx/CVE-2024-30632.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30632", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30632", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security_5g parameter from formWifiBasicSet function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formWifiBasicSet_security_5g.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formWifiBasicSet_security_5g.md" } ] } diff --git a/2024/30xxx/CVE-2024-30633.json b/2024/30xxx/CVE-2024-30633.json index 2dc049f8d22..3219935b0ec 100644 --- a/2024/30xxx/CVE-2024-30633.json +++ b/2024/30xxx/CVE-2024-30633.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30633", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30633", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security parameter from the formWifiBasicSet function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formWifiBasicSet_security.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formWifiBasicSet_security.md" } ] } diff --git a/2024/31xxx/CVE-2024-31091.json b/2024/31xxx/CVE-2024-31091.json index 3d99d05c8d5..9f64b7aa19f 100644 --- a/2024/31xxx/CVE-2024-31091.json +++ b/2024/31xxx/CVE-2024-31091.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31091", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SparkWeb Interactive, Inc. Custom Field Bulk Editor allows Reflected XSS.This issue affects Custom Field Bulk Editor: from n/a through 1.9.1.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "SparkWeb Interactive, Inc.", - "product": { - "product_data": [ - { - "product_name": "Custom Field Bulk Editor", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.9.1" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/custom-field-bulk-editor/wordpress-custom-field-bulk-editor-plugin-1-9-1-cross-site-scripting-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/custom-field-bulk-editor/wordpress-custom-field-bulk-editor-plugin-1-9-1-cross-site-scripting-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Dimas Maulana (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31092.json b/2024/31xxx/CVE-2024-31092.json index a4c7282b1f5..6f1aeb70704 100644 --- a/2024/31xxx/CVE-2024-31092.json +++ b/2024/31xxx/CVE-2024-31092.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31092", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Philip M. Hofer (Frumph) Comic Easel allows Reflected XSS.This issue affects Comic Easel: from n/a through 1.15.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Philip M. Hofer (Frumph)", - "product": { - "product_data": [ - { - "product_name": "Comic Easel", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.15" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/comic-easel/wordpress-comic-easel-plugin-1-15-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/comic-easel/wordpress-comic-easel-plugin-1-15-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Dimas Maulana (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31094.json b/2024/31xxx/CVE-2024-31094.json index 6fbd7ff89d1..58538d90ed9 100644 --- a/2024/31xxx/CVE-2024-31094.json +++ b/2024/31xxx/CVE-2024-31094.json @@ -1,77 +1,18 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31094", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Deserialization of Untrusted Data vulnerability in Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05.\n\n" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-502 Deserialization of Untrusted Data", - "cweId": "CWE-502" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Filter Custom Fields & Taxonomies Light", - "product": { - "product_data": [ - { - "product_name": "Filter Custom Fields & Taxonomies Light", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.05" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/filter-custom-fields-taxonomies-light/wordpress-filter-custom-fields-taxonomies-light-plugin-1-05-php-object-injection-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/filter-custom-fields-taxonomies-light/wordpress-filter-custom-fields-taxonomies-light-plugin-1-05-php-object-injection-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Mika (Patchstack Alliance)" - } - ] + } } \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31095.json b/2024/31xxx/CVE-2024-31095.json index 28ac3964652..c55be430604 100644 --- a/2024/31xxx/CVE-2024-31095.json +++ b/2024/31xxx/CVE-2024-31095.json @@ -1,77 +1,18 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31095", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Authorization Bypass Through User-Controlled Key vulnerability in Ricard Torres Thumbs Rating.This issue affects Thumbs Rating: from n/a through 5.1.0.\n\n" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-639 Authorization Bypass Through User-Controlled Key", - "cweId": "CWE-639" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Ricard Torres", - "product": { - "product_data": [ - { - "product_name": "Thumbs Rating", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "5.1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/thumbs-rating/wordpress-thumbs-rating-plugin-5-1-0-insecure-direct-object-references-idor-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/thumbs-rating/wordpress-thumbs-rating-plugin-5-1-0-insecure-direct-object-references-idor-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Kyle Sanchez (Patchstack Alliance)" - } - ] + } } \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31096.json b/2024/31xxx/CVE-2024-31096.json index 2d01f560a5b..efdeff4c73e 100644 --- a/2024/31xxx/CVE-2024-31096.json +++ b/2024/31xxx/CVE-2024-31096.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31096", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in kopatheme Nictitate.This issue affects Nictitate: from n/a through 1.1.4.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "kopatheme", - "product": { - "product_data": [ - { - "product_name": "Nictitate", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.1.4" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/nictitate/wordpress-nictitate-theme-1-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/nictitate/wordpress-nictitate-theme-1-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Dhabaleshwar Das (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 4.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31097.json b/2024/31xxx/CVE-2024-31097.json index d0bb5a68613..598bf46f405 100644 --- a/2024/31xxx/CVE-2024-31097.json +++ b/2024/31xxx/CVE-2024-31097.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31097", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stephan Spencer SEO Title Tag allows Reflected XSS.This issue affects SEO Title Tag: from n/a through 3.5.9.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Stephan Spencer", - "product": { - "product_data": [ - { - "product_name": "SEO Title Tag", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "3.5.9" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/seo-title-tag/wordpress-seo-title-tag-plugin-3-5-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/seo-title-tag/wordpress-seo-title-tag-plugin-3-5-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Dimas Maulana (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31099.json b/2024/31xxx/CVE-2024-31099.json index 20a4797dbe9..738ebf25cce 100644 --- a/2024/31xxx/CVE-2024-31099.json +++ b/2024/31xxx/CVE-2024-31099.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31099", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.5.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-862 Missing Authorization", - "cweId": "CWE-862" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Averta", - "product": { - "product_data": [ - { - "product_name": "Shortcodes and extra features for Phlox theme", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "2.15.5" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/auxin-elements/wordpress-phlox-core-elements-plugin-2-15-5-broken-access-control-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/auxin-elements/wordpress-phlox-core-elements-plugin-2-15-5-broken-access-control-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Rafie Muhammad (Patchstack)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 6.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31100.json b/2024/31xxx/CVE-2024-31100.json index 9f335a499d3..a57ecb01ffa 100644 --- a/2024/31xxx/CVE-2024-31100.json +++ b/2024/31xxx/CVE-2024-31100.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31100", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in Festi-Team Popup Cart Lite for WooCommerce.This issue affects Popup Cart Lite for WooCommerce: from n/a through 1.1.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Festi-Team", - "product": { - "product_data": [ - { - "product_name": "Popup Cart Lite for WooCommerce", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.1" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/woocommerce-woocart-popup-lite/wordpress-popup-cart-lite-for-woocommerce-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/woocommerce-woocart-popup-lite/wordpress-popup-cart-lite-for-woocommerce-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Skalucy (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 5.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31101.json b/2024/31xxx/CVE-2024-31101.json index 040f04009e3..8035356d205 100644 --- a/2024/31xxx/CVE-2024-31101.json +++ b/2024/31xxx/CVE-2024-31101.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31101", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech AI Twitter Feeds (Twitter widget & shortcode) allows Stored XSS.This issue affects AI Twitter Feeds (Twitter widget & shortcode): from n/a through 2.4.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "August Infotech", - "product": { - "product_data": [ - { - "product_name": "AI Twitter Feeds (Twitter widget & shortcode)", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "2.4" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/ai-twitter-feeds/wordpress-ai-twitter-feeds-twitter-widget-shortcode-plugin-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/ai-twitter-feeds/wordpress-ai-twitter-feeds-twitter-widget-shortcode-plugin-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "NG\u00d4 THI\u00caN AN / ancorn_ from VNPT-VCI (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31102.json b/2024/31xxx/CVE-2024-31102.json index cf96ffc7aa2..2706bf0b616 100644 --- a/2024/31xxx/CVE-2024-31102.json +++ b/2024/31xxx/CVE-2024-31102.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31102", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scimone Ignazio Prenotazioni allows Stored XSS.This issue affects Prenotazioni: from n/a through 1.7.4.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Scimone Ignazio", - "product": { - "product_data": [ - { - "product_name": "Prenotazioni", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.7.4" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/prenotazioni/wordpress-prenotazioni-plugin-1-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/prenotazioni/wordpress-prenotazioni-plugin-1-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Faizal Abroni (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 5.9, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31103.json b/2024/31xxx/CVE-2024-31103.json index 88ca7bb21b6..04fb9c0f4a1 100644 --- a/2024/31xxx/CVE-2024-31103.json +++ b/2024/31xxx/CVE-2024-31103.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31103", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kanban for WordPress Kanban Boards for WordPress allows Reflected XSS.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Kanban for WordPress", - "product": { - "product_data": [ - { - "product_name": "Kanban Boards for WordPress", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "2.5.21" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/kanban/wordpress-kanban-boards-for-wordpress-plugin-2-5-21-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/kanban/wordpress-kanban-boards-for-wordpress-plugin-2-5-21-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Yudistira Arya (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31104.json b/2024/31xxx/CVE-2024-31104.json index 5b8b277ebbb..6b856e22d68 100644 --- a/2024/31xxx/CVE-2024-31104.json +++ b/2024/31xxx/CVE-2024-31104.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31104", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GetResponse GetResponse for WordPress allows Stored XSS.This issue affects GetResponse for WordPress: from n/a through 5.5.33.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "GetResponse", - "product": { - "product_data": [ - { - "product_name": "GetResponse for WordPress", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "5.5.33" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/getresponse-integration/wordpress-getresponse-for-wordpress-plugin-5-5-33-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/getresponse-integration/wordpress-getresponse-for-wordpress-plugin-5-5-33-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "NG\u00d4 THI\u00caN AN / ancorn_ from VNPT-VCI (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31106.json b/2024/31xxx/CVE-2024-31106.json index 34a5dc6b80c..55d94d9b932 100644 --- a/2024/31xxx/CVE-2024-31106.json +++ b/2024/31xxx/CVE-2024-31106.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31106", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yooslider Yoo Slider allows Reflected XSS.This issue affects Yoo Slider: from n/a through 2.1.1.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Yooslider", - "product": { - "product_data": [ - { - "product_name": "Yoo Slider", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "2.1.1" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/yoo-slider/wordpress-yoo-slider-image-slider-video-slider-plugin-2-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/yoo-slider/wordpress-yoo-slider-image-slider-video-slider-plugin-2-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Dimas Maulana (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31107.json b/2024/31xxx/CVE-2024-31107.json index bdf10f5c1b1..0cbce59eb54 100644 --- a/2024/31xxx/CVE-2024-31107.json +++ b/2024/31xxx/CVE-2024-31107.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31107", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DiSo Development Team OpenID allows Reflected XSS.This issue affects OpenID: from n/a through 3.6.1.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "DiSo Development Team", - "product": { - "product_data": [ - { - "product_name": "OpenID", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "3.6.1" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/openid/wordpress-openid-plugin-3-6-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/openid/wordpress-openid-plugin-3-6-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Dimas Maulana (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31108.json b/2024/31xxx/CVE-2024-31108.json index cedc6590cd4..720e61ad5f0 100644 --- a/2024/31xxx/CVE-2024-31108.json +++ b/2024/31xxx/CVE-2024-31108.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31108", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iFlyChat Team iFlyChat \u2013 WordPress Chat iflychat allows Stored XSS.This issue affects iFlyChat \u2013 WordPress Chat: from n/a through 4.7.2.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "iFlyChat Team", - "product": { - "product_data": [ - { - "product_name": "iFlyChat \u2013 WordPress Chat", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "4.7.2" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/iflychat/wordpress-iflychat-plugin-4-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/iflychat/wordpress-iflychat-plugin-4-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "LVT-tholv2k (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31110.json b/2024/31xxx/CVE-2024-31110.json index 83849d0d20e..90563918530 100644 --- a/2024/31xxx/CVE-2024-31110.json +++ b/2024/31xxx/CVE-2024-31110.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31110", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Katz Web Services, Inc. Contact Form 7 Newsletter allows Reflected XSS.This issue affects Contact Form 7 Newsletter: from n/a through 2.2.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Katz Web Services, Inc.", - "product": { - "product_data": [ - { - "product_name": "Contact Form 7 Newsletter", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "2.2" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/contact-form-7-newsletter/wordpress-contact-form-7-newsletter-plugin-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/contact-form-7-newsletter/wordpress-contact-form-7-newsletter-plugin-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Dimas Maulana (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31112.json b/2024/31xxx/CVE-2024-31112.json index 1507fc0a879..005325817a9 100644 --- a/2024/31xxx/CVE-2024-31112.json +++ b/2024/31xxx/CVE-2024-31112.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31112", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stephanie Leary Convert Post Types allows Reflected XSS.This issue affects Convert Post Types: from n/a through 1.4.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Stephanie Leary", - "product": { - "product_data": [ - { - "product_name": "Convert Post Types", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.4" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/convert-post-types/wordpress-convert-post-types-plugin-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/convert-post-types/wordpress-convert-post-types-plugin-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Dimas Maulana (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31114.json b/2024/31xxx/CVE-2024-31114.json index fc9cc414c67..0658d7e8e47 100644 --- a/2024/31xxx/CVE-2024-31114.json +++ b/2024/31xxx/CVE-2024-31114.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31114", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", - "cweId": "CWE-434" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "biplob018", - "product": { - "product_data": [ - { - "product_name": "Shortcode Addons", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "3.2.5" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/shortcode-addons/wordpress-shortcode-addons-3-2-5-arbitrary-file-upload-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/shortcode-addons/wordpress-shortcode-addons-3-2-5-arbitrary-file-upload-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Peng Zhou (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 9.1, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31115.json b/2024/31xxx/CVE-2024-31115.json index 0e618ef52cb..3d80cdf1d9d 100644 --- a/2024/31xxx/CVE-2024-31115.json +++ b/2024/31xxx/CVE-2024-31115.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31115", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 6.9.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", - "cweId": "CWE-434" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "QuanticaLabs", - "product": { - "product_data": [ - { - "product_name": "Chauffeur Taxi Booking System for WordPress", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "6.9" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/chauffeur-booking-system/wordpress-chauffeur-taxi-booking-system-for-wordpress-plugin-6-9-arbitrary-file-upload-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/chauffeur-booking-system/wordpress-chauffeur-taxi-booking-system-for-wordpress-plugin-6-9-arbitrary-file-upload-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Kursat Cetin (Patchstack)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31116.json b/2024/31xxx/CVE-2024-31116.json index e6ee2e4f6cd..911d34631e2 100644 --- a/2024/31xxx/CVE-2024-31116.json +++ b/2024/31xxx/CVE-2024-31116.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31116", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web 10Web Map Builder for Google Maps.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.74.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "10Web", - "product": { - "product_data": [ - { - "product_name": "10Web Map Builder for Google Maps", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.0.74" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/wd-google-maps/wordpress-10web-map-builder-for-google-maps-plugin-1-0-74-sql-injection-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/wd-google-maps/wordpress-10web-map-builder-for-google-maps-plugin-1-0-74-sql-injection-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Muhammad Daffa (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.6, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31117.json b/2024/31xxx/CVE-2024-31117.json index c4f283519a3..51ded9e90d8 100644 --- a/2024/31xxx/CVE-2024-31117.json +++ b/2024/31xxx/CVE-2024-31117.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31117", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moises Heberle WooCommerce Bookings Calendar.This issue affects WooCommerce Bookings Calendar: from n/a through 1.0.36.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Moises Heberle", - "product": { - "product_data": [ - { - "product_name": "WooCommerce Bookings Calendar", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.0.36" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/woo-bookings-calendar/wordpress-woocommerce-bookings-calendar-plugin-1-0-36-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/woo-bookings-calendar/wordpress-woocommerce-bookings-calendar-plugin-1-0-36-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "LVT-tholv2k (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31120.json b/2024/31xxx/CVE-2024-31120.json index ab4172c1a92..664cb9ed597 100644 --- a/2024/31xxx/CVE-2024-31120.json +++ b/2024/31xxx/CVE-2024-31120.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31120", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Stored XSS.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "wpdevart", - "product": { - "product_data": [ - { - "product_name": "Responsive Image Gallery, Gallery Album", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "2.0.3" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/gallery-album/wordpress-gallery-image-and-video-gallery-with-thumbnails-plugin-2-0-3-cross-site-scripting-xss-vulnerability-2?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/gallery-album/wordpress-gallery-image-and-video-gallery-with-thumbnails-plugin-2-0-3-cross-site-scripting-xss-vulnerability-2?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "LVT-tholv2k (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31121.json b/2024/31xxx/CVE-2024-31121.json index f1122cc8dc0..637e7fd17a1 100644 --- a/2024/31xxx/CVE-2024-31121.json +++ b/2024/31xxx/CVE-2024-31121.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31121", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Contributor Cross Site Scripting (XSS) in HeartThis <= 0.1.0 versions." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "WP Site Care", - "product": { - "product_data": [ - { - "product_name": "HeartThis", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "0.1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/heart-this/wordpress-heartthis-plugin-0-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/heart-this/wordpress-heartthis-plugin-0-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "CatFather (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31122.json b/2024/31xxx/CVE-2024-31122.json index 291dab952b5..0d7ee9a5e45 100644 --- a/2024/31xxx/CVE-2024-31122.json +++ b/2024/31xxx/CVE-2024-31122.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31122", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prism IT Systems User Rights Access Manager allows Reflected XSS.This issue affects User Rights Access Manager: from n/a through 1.1.2.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Prism IT Systems", - "product": { - "product_data": [ - { - "product_name": "User Rights Access Manager", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.1.2" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/user-rights-access-manager/wordpress-user-rights-access-manager-plugin-1-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/user-rights-access-manager/wordpress-user-rights-access-manager-plugin-1-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Yudistira Arya (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 5.8, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/31xxx/CVE-2024-31123.json b/2024/31xxx/CVE-2024-31123.json index 1a374354dcd..bdc7d8e8fcb 100644 --- a/2024/31xxx/CVE-2024-31123.json +++ b/2024/31xxx/CVE-2024-31123.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31123", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderFAQ allows Reflected XSS.This issue affects SpiderFAQ: from n/a through 1.3.2.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "WebDorado", - "product": { - "product_data": [ - { - "product_name": "SpiderFAQ", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.3.2" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/spider-faq/wordpress-spiderfaq-plugin-1-3-2-cross-site-scripting-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/spider-faq/wordpress-spiderfaq-plugin-1-3-2-cross-site-scripting-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Dimas Maulana (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3039.json b/2024/3xxx/CVE-2024-3039.json index 7c92a635faf..19d993cb3e6 100644 --- a/2024/3xxx/CVE-2024-3039.json +++ b/2024/3xxx/CVE-2024-3039.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3039", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Es wurde eine kritische Schwachstelle in Shanghai Brad Technology BladeX 3.4.0 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei /api/blade-user/export-user der Komponente API. Durch die Manipulation mit der Eingabe updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Shanghai Brad Technology", - "product": { - "product_data": [ - { - "product_name": "BladeX", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "3.4.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258426", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258426" - }, - { - "url": "https://vuldb.com/?ctiid.258426", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258426" - }, - { - "url": "https://vuldb.com/?submit.301469", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.301469" - }, - { - "url": "https://spoofer.cn/bladex_sqli/", - "refsource": "MISC", - "name": "https://spoofer.cn/bladex_sqli/" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Spoofer (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3040.json b/2024/3xxx/CVE-2024-3040.json index f80e9a7c305..e02a3701803 100644 --- a/2024/3xxx/CVE-2024-3040.json +++ b/2024/3xxx/CVE-2024-3040.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3040", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_crl_conf. The manipulation of the argument CRLId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258429 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Es wurde eine kritische Schwachstelle in Netentsec NS-ASG Application Security Gateway 6.3 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/list_crl_conf. Mittels Manipulieren des Arguments CRLId mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Netentsec", - "product": { - "product_data": [ - { - "product_name": "NS-ASG Application Security Gateway", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "6.3" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258429", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258429" - }, - { - "url": "https://vuldb.com/?ctiid.258429", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258429" - }, - { - "url": "https://vuldb.com/?submit.302340", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.302340" - }, - { - "url": "https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-list_crl_conf.md", - "refsource": "MISC", - "name": "https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-list_crl_conf.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "onelastcrush (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3041.json b/2024/3xxx/CVE-2024-3041.json index 7f051fd430f..666c57ded3c 100644 --- a/2024/3xxx/CVE-2024-3041.json +++ b/2024/3xxx/CVE-2024-3041.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3041", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. This vulnerability affects unknown code of the file /protocol/log/listloginfo.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258430 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In Netentsec NS-ASG Application Security Gateway 6.3 wurde eine kritische Schwachstelle gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /protocol/log/listloginfo.php. Durch das Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Netentsec", - "product": { - "product_data": [ - { - "product_name": "NS-ASG Application Security Gateway", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "6.3" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258430", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258430" - }, - { - "url": "https://vuldb.com/?ctiid.258430", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258430" - }, - { - "url": "https://vuldb.com/?submit.302342", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.302342" - }, - { - "url": "https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-listloginfo.md", - "refsource": "MISC", - "name": "https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-listloginfo.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Activate-rz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3042.json b/2024/3xxx/CVE-2024-3042.json index 299506c52a8..876f1193e44 100644 --- a/2024/3xxx/CVE-2024-3042.json +++ b/2024/3xxx/CVE-2024-3042.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3042", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in SourceCodester Simple Subscription Website 1.0 and classified as critical. This issue affects some unknown processing of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258431." - }, - { - "lang": "deu", - "value": "Eine kritische Schwachstelle wurde in SourceCodester Simple Subscription Website 1.0 gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei manage_user.php. Durch Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "SourceCodester", - "product": { - "product_data": [ - { - "product_name": "Simple Subscription Website", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258431", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258431" - }, - { - "url": "https://vuldb.com/?ctiid.258431", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258431" - }, - { - "url": "https://vuldb.com/?submit.306119", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.306119" - }, - { - "url": "https://github.com/maxmvp666/planCve/blob/main/Simple%20Subscription%20Website%20with%20Admin%20System%20manage_user.php%20has%20Sqlinjection.pdf", - "refsource": "MISC", - "name": "https://github.com/maxmvp666/planCve/blob/main/Simple%20Subscription%20Website%20with%20Admin%20System%20manage_user.php%20has%20Sqlinjection.pdf" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "shaozhenghao666 (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3078.json b/2024/3xxx/CVE-2024-3078.json index f9990939c7e..96e69774229 100644 --- a/2024/3xxx/CVE-2024-3078.json +++ b/2024/3xxx/CVE-2024-3078.json @@ -1,17 +1,150 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3078", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 is able to address this issue. The patch is named 3ab5172e9c8f14fa1f7b24e7147eac74e2412b62. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-258611." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in Qdrant bis 1.6.1/1.7.4/1.8.2 gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei lib/collection/src/collection/snapshots.rs der Komponente Full Snapshot REST API. Dank Manipulation mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.8.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 3ab5172e9c8f14fa1f7b24e7147eac74e2412b62 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Qdrant", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.6.0" + }, + { + "version_affected": "=", + "version_value": "1.6.1" + }, + { + "version_affected": "=", + "version_value": "1.7.0" + }, + { + "version_affected": "=", + "version_value": "1.7.1" + }, + { + "version_affected": "=", + "version_value": "1.7.2" + }, + { + "version_affected": "=", + "version_value": "1.7.3" + }, + { + "version_affected": "=", + "version_value": "1.7.4" + }, + { + "version_affected": "=", + "version_value": "1.8.0" + }, + { + "version_affected": "=", + "version_value": "1.8.1" + }, + { + "version_affected": "=", + "version_value": "1.8.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258611", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258611" + }, + { + "url": "https://vuldb.com/?ctiid.258611", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258611" + }, + { + "url": "https://github.com/qdrant/qdrant/pull/3856", + "refsource": "MISC", + "name": "https://github.com/qdrant/qdrant/pull/3856" + }, + { + "url": "https://github.com/qdrant/qdrant/commit/3ab5172e9c8f14fa1f7b24e7147eac74e2412b62", + "refsource": "MISC", + "name": "https://github.com/qdrant/qdrant/commit/3ab5172e9c8f14fa1f7b24e7147eac74e2412b62" + }, + { + "url": "https://github.com/qdrant/qdrant/releases/tag/v1.8.3", + "refsource": "MISC", + "name": "https://github.com/qdrant/qdrant/releases/tag/v1.8.3" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/3xxx/CVE-2024-3094.json b/2024/3xxx/CVE-2024-3094.json index 6d340d570a2..2d8eda2503c 100644 --- a/2024/3xxx/CVE-2024-3094.json +++ b/2024/3xxx/CVE-2024-3094.json @@ -180,156 +180,6 @@ "url": "https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users", "refsource": "MISC", "name": "https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users" - }, - { - "url": "https://news.ycombinator.com/item?id=39865810", - "refsource": "MISC", - "name": "https://news.ycombinator.com/item?id=39865810" - }, - { - "url": "https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/", - "refsource": "MISC", - "name": "https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/" - }, - { - "url": "https://www.theregister.com/2024/03/29/malicious_backdoor_xz/", - "refsource": "MISC", - "name": "https://www.theregister.com/2024/03/29/malicious_backdoor_xz/" - }, - { - "url": "https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094", - "refsource": "MISC", - "name": "https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094" - }, - { - "url": "https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils", - "refsource": "MISC", - "name": "https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils" - }, - { - "url": "https://aws.amazon.com/security/security-bulletins/AWS-2024-002/", - "refsource": "MISC", - "name": "https://aws.amazon.com/security/security-bulletins/AWS-2024-002/" - }, - { - "url": "https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils", - "refsource": "MISC", - "name": "https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils" - }, - { - "url": "https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/", - "refsource": "MISC", - "name": "https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/" - }, - { - "url": "https://bugzilla.suse.com/show_bug.cgi?id=1222124", - "refsource": "MISC", - "name": "https://bugzilla.suse.com/show_bug.cgi?id=1222124" - }, - { - "url": "https://security.archlinux.org/CVE-2024-3094", - "refsource": "MISC", - "name": "https://security.archlinux.org/CVE-2024-3094" - }, - { - "url": "https://security.alpinelinux.org/vuln/CVE-2024-3094", - "refsource": "MISC", - "name": "https://security.alpinelinux.org/vuln/CVE-2024-3094" - }, - { - "url": "https://security-tracker.debian.org/tracker/CVE-2024-3094", - "refsource": "MISC", - "name": "https://security-tracker.debian.org/tracker/CVE-2024-3094" - }, - { - "url": "https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html", - "refsource": "MISC", - "name": "https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html" - }, - { - "url": "https://news.ycombinator.com/item?id=39877267", - "refsource": "MISC", - "name": "https://news.ycombinator.com/item?id=39877267" - }, - { - "url": "https://gynvael.coldwind.pl/?lang=en&id=782", - "refsource": "MISC", - "name": "https://gynvael.coldwind.pl/?lang=en&id=782" - }, - { - "url": "https://ubuntu.com/security/CVE-2024-3094", - "refsource": "MISC", - "name": "https://ubuntu.com/security/CVE-2024-3094" - }, - { - "url": "https://github.com/advisories/GHSA-rxwq-x6h5-x525", - "refsource": "MISC", - "name": "https://github.com/advisories/GHSA-rxwq-x6h5-x525" - }, - { - "url": "https://bugs.gentoo.org/928134", - "refsource": "MISC", - "name": "https://bugs.gentoo.org/928134" - }, - { - "url": "https://lists.debian.org/debian-security-announce/2024/msg00057.html", - "refsource": "MISC", - "name": "https://lists.debian.org/debian-security-announce/2024/msg00057.html" - }, - { - "url": "https://twitter.com/debian/status/1774219194638409898", - "refsource": "MISC", - "name": "https://twitter.com/debian/status/1774219194638409898" - }, - { - "url": "https://twitter.com/infosecb/status/1774597228864139400", - "refsource": "MISC", - "name": "https://twitter.com/infosecb/status/1774597228864139400" - }, - { - "url": "https://twitter.com/infosecb/status/1774595540233167206", - "refsource": "MISC", - "name": "https://twitter.com/infosecb/status/1774595540233167206" - }, - { - "url": "https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27", - "refsource": "MISC", - "name": "https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27" - }, - { - "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024", - "refsource": "MISC", - "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024" - }, - { - "url": "https://github.com/karcherm/xz-malware", - "refsource": "MISC", - "name": "https://github.com/karcherm/xz-malware" - }, - { - "url": "https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-1-tarballs/42405", - "refsource": "MISC", - "name": "https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-1-tarballs/42405" - }, - { - "url": "https://xeiaso.net/notes/2024/xz-vuln/", - "refsource": "MISC", - "name": "https://xeiaso.net/notes/2024/xz-vuln/" - }, - { - "url": "https://lwn.net/Articles/967180/", - "refsource": "MISC", - "name": "https://lwn.net/Articles/967180/" - }, - { - "url": "https://boehs.org/node/everything-i-know-about-the-xz-backdoor", - "refsource": "MISC", - "name": "https://boehs.org/node/everything-i-know-about-the-xz-backdoor" - }, - { - "url": "https://tukaani.org/xz-backdoor/", - "refsource": "MISC", - "name": "https://tukaani.org/xz-backdoor/" } ] },