admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-04-10 20:05:02 +00:00
parent 9a73befa3e
commit 0726b28977
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
17 changed files with 829 additions and 842 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

361
2011/10xxx/CVE-2011-10006.json
View File

@ -1,370 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-10006",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.65 is able to address this issue. The identifier of the patch is 6182a5682b12369ced0becd3b505439ce2eb8132. It is recommended to upgrade the affected component. The identifier VDB-259629 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in GamerZ WP-PostRatings bis 1.64 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei wp-postratings.php. Durch das Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.65 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 6182a5682b12369ced0becd3b505439ce2eb8132 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GamerZ",
"product": {
"product_data": [
{
"product_name": "WP-PostRatings",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
},
{
"version_affected": "=",
"version_value": "1.1"
},
{
"version_affected": "=",
"version_value": "1.2"
},
{
"version_affected": "=",
"version_value": "1.3"
},
{
"version_affected": "=",
"version_value": "1.4"
},
{
"version_affected": "=",
"version_value": "1.5"
},
{
"version_affected": "=",
"version_value": "1.6"
},
{
"version_affected": "=",
"version_value": "1.7"
},
{
"version_affected": "=",
"version_value": "1.8"
},
{
"version_affected": "=",
"version_value": "1.9"
},
{
"version_affected": "=",
"version_value": "1.10"
},
{
"version_affected": "=",
"version_value": "1.11"
},
{
"version_affected": "=",
"version_value": "1.12"
},
{
"version_affected": "=",
"version_value": "1.13"
},
{
"version_affected": "=",
"version_value": "1.14"
},
{
"version_affected": "=",
"version_value": "1.15"
},
{
"version_affected": "=",
"version_value": "1.16"
},
{
"version_affected": "=",
"version_value": "1.17"
},
{
"version_affected": "=",
"version_value": "1.18"
},
{
"version_affected": "=",
"version_value": "1.19"
},
{
"version_affected": "=",
"version_value": "1.20"
},
{
"version_affected": "=",
"version_value": "1.21"
},
{
"version_affected": "=",
"version_value": "1.22"
},
{
"version_affected": "=",
"version_value": "1.23"
},
{
"version_affected": "=",
"version_value": "1.24"
},
{
"version_affected": "=",
"version_value": "1.25"
},
{
"version_affected": "=",
"version_value": "1.26"
},
{
"version_affected": "=",
"version_value": "1.27"
},
{
"version_affected": "=",
"version_value": "1.28"
},
{
"version_affected": "=",
"version_value": "1.29"
},
{
"version_affected": "=",
"version_value": "1.30"
},
{
"version_affected": "=",
"version_value": "1.31"
},
{
"version_affected": "=",
"version_value": "1.32"
},
{
"version_affected": "=",
"version_value": "1.33"
},
{
"version_affected": "=",
"version_value": "1.34"
},
{
"version_affected": "=",
"version_value": "1.35"
},
{
"version_affected": "=",
"version_value": "1.36"
},
{
"version_affected": "=",
"version_value": "1.37"
},
{
"version_affected": "=",
"version_value": "1.38"
},
{
"version_affected": "=",
"version_value": "1.39"
},
{
"version_affected": "=",
"version_value": "1.40"
},
{
"version_affected": "=",
"version_value": "1.41"
},
{
"version_affected": "=",
"version_value": "1.42"
},
{
"version_affected": "=",
"version_value": "1.43"
},
{
"version_affected": "=",
"version_value": "1.44"
},
{
"version_affected": "=",
"version_value": "1.45"
},
{
"version_affected": "=",
"version_value": "1.46"
},
{
"version_affected": "=",
"version_value": "1.47"
},
{
"version_affected": "=",
"version_value": "1.48"
},
{
"version_affected": "=",
"version_value": "1.49"
},
{
"version_affected": "=",
"version_value": "1.50"
},
{
"version_affected": "=",
"version_value": "1.51"
},
{
"version_affected": "=",
"version_value": "1.52"
},
{
"version_affected": "=",
"version_value": "1.53"
},
{
"version_affected": "=",
"version_value": "1.54"
},
{
"version_affected": "=",
"version_value": "1.55"
},
{
"version_affected": "=",
"version_value": "1.56"
},
{
"version_affected": "=",
"version_value": "1.57"
},
{
"version_affected": "=",
"version_value": "1.58"
},
{
"version_affected": "=",
"version_value": "1.59"
},
{
"version_affected": "=",
"version_value": "1.60"
},
{
"version_affected": "=",
"version_value": "1.61"
},
{
"version_affected": "=",
"version_value": "1.62"
},
{
"version_affected": "=",
"version_value": "1.63"
},
{
"version_affected": "=",
"version_value": "1.64"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.259629",
"refsource": "MISC",
"name": "https://vuldb.com/?id.259629"
},
{
"url": "https://vuldb.com/?ctiid.259629",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.259629"
},
{
"url": "https://github.com/wp-plugins/wp-postratings/commit/dcc68d03693152eba14d6fb33ba42528ff60e06a",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/wp-postratings/commit/dcc68d03693152eba14d6fb33ba42528ff60e06a"
},
{
"url": "https://github.com/wp-plugins/wp-postratings/commit/6182a5682b12369ced0becd3b505439ce2eb8132",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/wp-postratings/commit/6182a5682b12369ced0becd3b505439ce2eb8132"
},
{
"url": "https://github.com/wp-plugins/wp-postratings/releases/tag/1.65",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/wp-postratings/releases/tag/1.65"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

127
2014/125xxx/CVE-2014-125111.json
View File

@ -1,136 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-125111",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in namithjawahar Wp-Insert up to 2.0.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.9 is able to address this issue. The name of the patch is a07b7b08084b9b85859f3968ce7fde0fd1fcbba3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259628."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in namithjawahar Wp-Insert bis 2.0.8 gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess. Mittels Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 2.0.9 vermag dieses Problem zu l\u00f6sen. Der Patch wird als a07b7b08084b9b85859f3968ce7fde0fd1fcbba3 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "namithjawahar",
"product": {
"product_data": [
{
"product_name": "Wp-Insert",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0.0"
},
{
"version_affected": "=",
"version_value": "2.0.1"
},
{
"version_affected": "=",
"version_value": "2.0.2"
},
{
"version_affected": "=",
"version_value": "2.0.3"
},
{
"version_affected": "=",
"version_value": "2.0.4"
},
{
"version_affected": "=",
"version_value": "2.0.5"
},
{
"version_affected": "=",
"version_value": "2.0.6"
},
{
"version_affected": "=",
"version_value": "2.0.7"
},
{
"version_affected": "=",
"version_value": "2.0.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.259628",
"refsource": "MISC",
"name": "https://vuldb.com/?id.259628"
},
{
"url": "https://vuldb.com/?ctiid.259628",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.259628"
},
{
"url": "https://github.com/wp-plugins/wp-insert/commit/a07b7b08084b9b85859f3968ce7fde0fd1fcbba3",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/wp-insert/commit/a07b7b08084b9b85859f3968ce7fde0fd1fcbba3"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

121
2021/4xxx/CVE-2021-4438.json
View File

@ -1,17 +1,130 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-4438",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The manipulation leads to improper export of android application components. Attacking locally is a requirement. Upgrading to version 1.1.5 is able to address this issue. The name of the patch is 5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259508."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in kyivstarteam react-native-sms-user-consent bis 1.1.4 f\u00fcr Android entdeckt. Betroffen davon ist die Funktion registerReceiver der Datei android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. Durch das Manipulieren mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Ein Aktualisieren auf die Version 1.1.5 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-926 Improper Export of Android Application Components",
"cweId": "CWE-926"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "kyivstarteam",
"product": {
"product_data": [
{
"product_name": "react-native-sms-user-consent",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.0"
},
{
"version_affected": "=",
"version_value": "1.1.1"
},
{
"version_affected": "=",
"version_value": "1.1.2"
},
{
"version_affected": "=",
"version_value": "1.1.3"
},
{
"version_affected": "=",
"version_value": "1.1.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.259508",
"refsource": "MISC",
"name": "https://vuldb.com/?id.259508"
},
{
"url": "https://vuldb.com/?ctiid.259508",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.259508"
},
{
"url": "https://github.com/kyivstarteam/react-native-sms-user-consent/pull/4",
"refsource": "MISC",
"name": "https://github.com/kyivstarteam/react-native-sms-user-consent/pull/4"
},
{
"url": "https://github.com/kyivstarteam/react-native-sms-user-consent/commit/5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7",
"refsource": "MISC",
"name": "https://github.com/kyivstarteam/react-native-sms-user-consent/commit/5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7"
},
{
"url": "https://github.com/kyivstarteam/react-native-sms-user-consent/releases/tag/1.1.5",
"refsource": "MISC",
"name": "https://github.com/kyivstarteam/react-native-sms-user-consent/releases/tag/1.1.5"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

2
2024/27xxx/CVE-2024-27575.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Directory Traversal vulnerability in INOTEC Sicherheitstechnik GmbH INOTEC Sicherheitstechnik GmbH WebServer CPS220/64 V.3.3.19 allows a remote attacker to execute arbitrary code via the /etc/passwd file."
"value": "INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary files via absolute path traversal, such as with the /cgi-bin/display?file=/etc/passwd URI."
}
]
},

2
2024/31xxx/CVE-2024-31498.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator."
"value": "Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator."
}
]
},

84
2024/31xxx/CVE-2024-31871.json
View File

@ -1,93 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-31871",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation",
"cweId": "CWE-295"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Verify Access Appliance",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.0.0",
"version_value": "10.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7147932",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7147932"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287306",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287306"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

84
2024/31xxx/CVE-2024-31872.json
View File

@ -1,93 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-31872",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-599 Missing Validation of OpenSSL Certificate",
"cweId": "CWE-599"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Verify Access Appliance",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.0.0",
"version_value": "10.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7147932",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7147932"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287316",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287316"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

84
2024/31xxx/CVE-2024-31873.json
View File

@ -1,93 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-31873",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Verify Access Appliance",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.0.0",
"version_value": "10.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7147932",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7147932"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287317",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287317"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

84
2024/31xxx/CVE-2024-31874.json
View File

@ -1,93 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-31874",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-457 Use of Uninitialized Variable",
"cweId": "CWE-457"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Verify Access Appliance",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.0.0",
"version_value": "10.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7147932",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7147932"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287318",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287318"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

61
2024/31xxx/CVE-2024-31948.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-31948",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-31948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/FRRouting/frr/pull/15628",
"refsource": "MISC",
"name": "https://github.com/FRRouting/frr/pull/15628"
},
{
"url": "https://github.com/FRRouting/frr/pull/15628/commits/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138",
"refsource": "MISC",
"name": "https://github.com/FRRouting/frr/pull/15628/commits/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138"
}
]
}

61
2024/31xxx/CVE-2024-31949.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-31949",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-31949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/FRRouting/frr/pull/15640",
"refsource": "MISC",
"name": "https://github.com/FRRouting/frr/pull/15640"
},
{
"url": "https://github.com/FRRouting/frr/pull/15640/commits/30a332dad86fafd2b0b6c61d23de59ed969a219b",
"refsource": "MISC",
"name": "https://github.com/FRRouting/frr/pull/15640/commits/30a332dad86fafd2b0b6c61d23de59ed969a219b"
}
]
}

100
2024/3xxx/CVE-2024-3416.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3416",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. This vulnerability affects unknown code of the file admin/editt.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259588."
},
{
"lang": "deu",
"value": "In SourceCodester Online Courseware 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei admin/editt.php. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Online Courseware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.259588",
"refsource": "MISC",
"name": "https://vuldb.com/?id.259588"
},
{
"url": "https://vuldb.com/?ctiid.259588",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.259588"
},
{
"url": "https://vuldb.com/?submit.311593",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.311593"
},
{
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-01.md",
"refsource": "MISC",
"name": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-01.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "liuann (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

100
2024/3xxx/CVE-2024-3417.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3417",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in SourceCodester Online Courseware 1.0. This issue affects some unknown processing of the file admin/saveeditt.php. The manipulation of the argument contact leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259589 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in SourceCodester Online Courseware 1.0 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei admin/saveeditt.php. Dank der Manipulation des Arguments contact mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Online Courseware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.259589",
"refsource": "MISC",
"name": "https://vuldb.com/?id.259589"
},
{
"url": "https://vuldb.com/?ctiid.259589",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.259589"
},
{
"url": "https://vuldb.com/?submit.311595",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.311595"
},
{
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-02.md",
"refsource": "MISC",
"name": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-02.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "liuann (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

100
2024/3xxx/CVE-2024-3418.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3418",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/deactivateteach.php. The manipulation of the argument selector leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259590 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in SourceCodester Online Courseware 1.0 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei admin/deactivateteach.php. Dank Manipulation des Arguments selector mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Online Courseware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.259590",
"refsource": "MISC",
"name": "https://vuldb.com/?id.259590"
},
{
"url": "https://vuldb.com/?ctiid.259590",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.259590"
},
{
"url": "https://vuldb.com/?submit.311596",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.311596"
},
{
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-03.md",
"refsource": "MISC",
"name": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-03.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "liuann (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

100
2024/3xxx/CVE-2024-3419.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3419",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/edit.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259591."
},
{
"lang": "deu",
"value": "In SourceCodester Online Courseware 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei admin/edit.php. Mit der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Online Courseware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.259591",
"refsource": "MISC",
"name": "https://vuldb.com/?id.259591"
},
{
"url": "https://vuldb.com/?ctiid.259591",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.259591"
},
{
"url": "https://vuldb.com/?submit.311597",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.311597"
},
{
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-04.md",
"refsource": "MISC",
"name": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-04.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "liuann (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

100
2024/3xxx/CVE-2024-3420.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3420",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/saveedit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259592."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in SourceCodester Online Courseware 1.0 gefunden. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei admin/saveedit.php. Durch die Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Online Courseware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.259592",
"refsource": "MISC",
"name": "https://vuldb.com/?id.259592"
},
{
"url": "https://vuldb.com/?ctiid.259592",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.259592"
},
{
"url": "https://vuldb.com/?submit.311598",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.311598"
},
{
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-05.md",
"refsource": "MISC",
"name": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-05.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "liuann (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

100
2024/3xxx/CVE-2024-3421.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3421",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in SourceCodester Online Courseware 1.0. It has been classified as critical. This affects an unknown part of the file admin/deactivatestud.php. The manipulation of the argument selector leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259593 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in SourceCodester Online Courseware 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei admin/deactivatestud.php. Durch Manipulation des Arguments selector mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Online Courseware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.259593",
"refsource": "MISC",
"name": "https://vuldb.com/?id.259593"
},
{
"url": "https://vuldb.com/?ctiid.259593",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.259593"
},
{
"url": "https://vuldb.com/?submit.311599",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.311599"
},
{
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-06.md",
"refsource": "MISC",
"name": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-06.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "liuann (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}