diff --git a/2024/12xxx/CVE-2024-12362.json b/2024/12xxx/CVE-2024-12362.json index 369f03d4295..55e535ecf10 100644 --- a/2024/12xxx/CVE-2024-12362.json +++ b/2024/12xxx/CVE-2024-12362.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12362", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in InvoicePlane bis 1.6.1 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion download der Datei invoices.php. Durch das Manipulieren des Arguments invoice mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.6.2-beta-1 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "InvoicePlane", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.6.0" + }, + { + "version_affected": "=", + "version_value": "1.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.288537", + "refsource": "MISC", + "name": "https://vuldb.com/?id.288537" + }, + { + "url": "https://vuldb.com/?ctiid.288537", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.288537" + }, + { + "url": "https://vuldb.com/?submit.459908", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.459908" + }, + { + "url": "https://github.com/InvoicePlane/InvoicePlane/pull/1127", + "refsource": "MISC", + "name": "https://github.com/InvoicePlane/InvoicePlane/pull/1127" + }, + { + "url": "https://github.com/InvoicePlane/InvoicePlane/releases/tag/v1.6.2-beta-1", + "refsource": "MISC", + "name": "https://github.com/InvoicePlane/InvoicePlane/releases/tag/v1.6.2-beta-1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Dan_AC (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N" } ] } diff --git a/2024/12xxx/CVE-2024-12478.json b/2024/12xxx/CVE-2024-12478.json index 219d3fe3f75..dc0113c7fed 100644 --- a/2024/12xxx/CVE-2024-12478.json +++ b/2024/12xxx/CVE-2024-12478.json @@ -1,17 +1,127 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12478", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function upload_file of the file /index.php/upload/upload_file/1/1. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product." + }, + { + "lang": "deu", + "value": "In InvoicePlane bis 1.6.1 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion upload_file der Datei /index.php/upload/upload_file/1/1. Durch Manipulieren des Arguments file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.6.2-beta-1 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unrestricted Upload", + "cweId": "CWE-434" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "InvoicePlane", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.6.0" + }, + { + "version_affected": "=", + "version_value": "1.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.288538", + "refsource": "MISC", + "name": "https://vuldb.com/?id.288538" + }, + { + "url": "https://vuldb.com/?ctiid.288538", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.288538" + }, + { + "url": "https://vuldb.com/?submit.459910", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.459910" + }, + { + "url": "https://github.com/InvoicePlane/InvoicePlane/pull/1141", + "refsource": "MISC", + "name": "https://github.com/InvoicePlane/InvoicePlane/pull/1141" + }, + { + "url": "https://github.com/InvoicePlane/InvoicePlane/releases/tag/v1.6.2-beta-1", + "refsource": "MISC", + "name": "https://github.com/InvoicePlane/InvoicePlane/releases/tag/v1.6.2-beta-1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Dan_AC (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/12xxx/CVE-2024-12603.json b/2024/12xxx/CVE-2024-12603.json index d099c02e7a1..2325e5d7d9e 100644 --- a/2024/12xxx/CVE-2024-12603.json +++ b/2024/12xxx/CVE-2024-12603.json @@ -40,8 +40,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "2.5.0.59" + "version_affected": "<=", + "version_name": "1.1.2.269", + "version_value": "\uff1c1.1.2.292" } ] } diff --git a/2024/12xxx/CVE-2024-12668.json b/2024/12xxx/CVE-2024-12668.json new file mode 100644 index 00000000000..c6893b1c7d5 --- /dev/null +++ b/2024/12xxx/CVE-2024-12668.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12668", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47484.json b/2024/47xxx/CVE-2024-47484.json index 0fa4234a41e..49904c18146 100644 --- a/2024/47xxx/CVE-2024-47484.json +++ b/2024/47xxx/CVE-2024-47484.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution." + "value": "Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution." } ] }, diff --git a/2024/47xxx/CVE-2024-47977.json b/2024/47xxx/CVE-2024-47977.json index 7b4e37621e0..81314cf8f30 100644 --- a/2024/47xxx/CVE-2024-47977.json +++ b/2024/47xxx/CVE-2024-47977.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution." + "value": "Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution." } ] }, diff --git a/2024/52xxx/CVE-2024-52538.json b/2024/52xxx/CVE-2024-52538.json index 78dc2c925c1..3130bec03ef 100644 --- a/2024/52xxx/CVE-2024-52538.json +++ b/2024/52xxx/CVE-2024-52538.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection." + "value": "Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection." } ] },