From 27a2f2530ccd8fb4e2a1931e473b117eb93efaf4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 6 May 2024 03:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/32xxx/CVE-2023-32871.json | 54 ++++++++++++++++-- 2023/32xxx/CVE-2023-32873.json | 54 ++++++++++++++++-- 2024/20xxx/CVE-2024-20021.json | 54 ++++++++++++++++-- 2024/20xxx/CVE-2024-20056.json | 54 ++++++++++++++++-- 2024/20xxx/CVE-2024-20057.json | 54 ++++++++++++++++-- 2024/20xxx/CVE-2024-20058.json | 54 ++++++++++++++++-- 2024/20xxx/CVE-2024-20059.json | 54 ++++++++++++++++-- 2024/20xxx/CVE-2024-20060.json | 54 ++++++++++++++++-- 2024/20xxx/CVE-2024-20064.json | 54 ++++++++++++++++-- 2024/34xxx/CVE-2024-34538.json | 62 ++++++++++++++++++++ 2024/4xxx/CVE-2024-4516.json | 100 +++++++++++++++++++++++++++++++-- 2024/4xxx/CVE-2024-4517.json | 100 +++++++++++++++++++++++++++++++-- 12 files changed, 704 insertions(+), 44 deletions(-) create mode 100644 2024/34xxx/CVE-2024-34538.json diff --git a/2023/32xxx/CVE-2023-32871.json b/2023/32xxx/CVE-2023-32871.json index 521edb16327..045645ab069 100644 --- a/2023/32xxx/CVE-2023-32871.json +++ b/2023/32xxx/CVE-2023-32871.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32871", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-391 Unchecked Error Condition", + "cweId": "CWE-391" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT2737, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6893, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8755, MT8765, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 11.0, 12.0, 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 3.3, 4.0 / RDK-B 22Q3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/May-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2024" } ] } diff --git a/2023/32xxx/CVE-2023-32873.json b/2023/32xxx/CVE-2023-32873.json index c71c9128dd4..71dde3f8251 100644 --- a/2023/32xxx/CVE-2023-32873.json +++ b/2023/32xxx/CVE-2023-32873.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32873", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08583919; Issue ID: ALPS08304227." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6765, MT6768, MT6833, MT6853, MT6855, MT6893, MT6895, MT6983, MT8321, MT8385, MT8755, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8792, MT8795T, MT8796", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0, 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/May-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2024" } ] } diff --git a/2024/20xxx/CVE-2024-20021.json b/2024/20xxx/CVE-2024-20021.json index 0b2759a4009..df6f69c5e38 100644 --- a/2024/20xxx/CVE-2024-20021.json +++ b/2024/20xxx/CVE-2024-20021.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20021", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6768, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8168, MT8183, MT8188, MT8188T, MT8195, MT8195Z, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8666A, MT8666B, MT8667, MT8673, MT8675, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766Z, MT8768, MT8768A, MT8768B, MT8768T, MT8768Z, MT8781, MT8781, MT8786, MT8788, MT8788T, MT8788, MT8788X, MT8788Z, MT8792, MT8795T, MT8796, MT8798", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0, 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/May-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2024" } ] } diff --git a/2024/20xxx/CVE-2024-20056.json b/2024/20xxx/CVE-2024-20056.json index d67fbc585c8..f7a71f27edb 100644 --- a/2024/20xxx/CVE-2024-20056.json +++ b/2024/20xxx/CVE-2024-20056.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20056", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6739, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6880, MT6885, MT6886, MT6890, MT6893, MT6895, MT6897, MT6983, MT6985, MT6989, MT8666, MT8667, MT8673, MT8676, MT8678", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0, 14.0 / OpenWRT 19.07, 21.02, 23.05 / RDK-B 2022q3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/May-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2024" } ] } diff --git a/2024/20xxx/CVE-2024-20057.json b/2024/20xxx/CVE-2024-20057.json index e8fa9314969..7b9e393f6e7 100644 --- a/2024/20xxx/CVE-2024-20057.json +++ b/2024/20xxx/CVE-2024-20057.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20057", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587881; Issue ID: ALPS08587881." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6983, MT8321, MT8385, MT8755, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8792, MT8795T, MT8796", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0, 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/May-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2024" } ] } diff --git a/2024/20xxx/CVE-2024-20058.json b/2024/20xxx/CVE-2024-20058.json index a625d03c077..716dfe6722b 100644 --- a/2024/20xxx/CVE-2024-20058.json +++ b/2024/20xxx/CVE-2024-20058.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20058", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID: ALPS08580204." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6765, MT6768, MT6785, MT6833, MT6853, MT6855, MT6893, MT6983, MT8321, MT8385, MT8755, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8792, MT8795T, MT8796, MT8797, MT8798", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0, 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/May-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2024" } ] } diff --git a/2024/20xxx/CVE-2024-20059.json b/2024/20xxx/CVE-2024-20059.json index c46cbcc0839..aa841b4dd65 100644 --- a/2024/20xxx/CVE-2024-20059.json +++ b/2024/20xxx/CVE-2024-20059.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20059", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541749." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1332 Improper Handling of Faults that Lead to Instruction Skips", + "cweId": "CWE-1332" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT6989, MT8188, MT8370, MT8390", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0, 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/May-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2024" } ] } diff --git a/2024/20xxx/CVE-2024-20060.json b/2024/20xxx/CVE-2024-20060.json index e917efc9d34..67c25b83c45 100644 --- a/2024/20xxx/CVE-2024-20060.json +++ b/2024/20xxx/CVE-2024-20060.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20060", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541754." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1332 Improper Handling of Faults that Lead to Instruction Skips", + "cweId": "CWE-1332" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT6989, MT8188, MT8370, MT8390", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0, 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/May-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2024" } ] } diff --git a/2024/20xxx/CVE-2024-20064.json b/2024/20xxx/CVE-2024-20064.json index a8e0f7873ed..127f83d2a78 100644 --- a/2024/20xxx/CVE-2024-20064.json +++ b/2024/20xxx/CVE-2024-20064.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20064", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID: MSV-1229." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6761, MT6762, MT6768, MT6781, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT6989, MT8678, MT8755, MT8775, MT8792, MT8796", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 13.0, 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/May-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2024" } ] } diff --git a/2024/34xxx/CVE-2024-34538.json b/2024/34xxx/CVE-2024-34538.json new file mode 100644 index 00000000000..7098c475e0c --- /dev/null +++ b/2024/34xxx/CVE-2024-34538.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2024-34538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hansesecure.de/2023/02/schwachstelle-in-passwordsafe-mateso/", + "refsource": "MISC", + "name": "https://hansesecure.de/2023/02/schwachstelle-in-passwordsafe-mateso/" + } + ] + } +} \ No newline at end of file diff --git a/2024/4xxx/CVE-2024-4516.json b/2024/4xxx/CVE-2024-4516.json index 0b50e9ff9ab..fa940bb586d 100644 --- a/2024/4xxx/CVE-2024-4516.json +++ b/2024/4xxx/CVE-2024-4516.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-4516", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/timetable.php. The manipulation of the argument grade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263120." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 gefunden. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei /view/timetable.php. Dank der Manipulation des Arguments grade mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Complete Web-Based School Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.263120", + "refsource": "MISC", + "name": "https://vuldb.com/?id.263120" + }, + { + "url": "https://vuldb.com/?ctiid.263120", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.263120" + }, + { + "url": "https://vuldb.com/?submit.329697", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.329697" + }, + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf", + "refsource": "MISC", + "name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2024/4xxx/CVE-2024-4517.json b/2024/4xxx/CVE-2024-4517.json index ff533801699..5346b85aecf 100644 --- a/2024/4xxx/CVE-2024-4517.json +++ b/2024/4xxx/CVE-2024-4517.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-4517", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263121 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /view/teacher_salary_invoice1.php. Dank Manipulation des Arguments date mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Complete Web-Based School Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.263121", + "refsource": "MISC", + "name": "https://vuldb.com/?id.263121" + }, + { + "url": "https://vuldb.com/?ctiid.263121", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.263121" + }, + { + "url": "https://vuldb.com/?submit.329698", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.329698" + }, + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf", + "refsource": "MISC", + "name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] }