diff --git a/2023/47xxx/CVE-2023-47996.json b/2023/47xxx/CVE-2023-47996.json index 02eb1ed917d..e2ed371646a 100644 --- a/2023/47xxx/CVE-2023-47996.json +++ b/2023/47xxx/CVE-2023-47996.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-47996", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-47996", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47996", + "url": "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47996" } ] } diff --git a/2023/47xxx/CVE-2023-47997.json b/2023/47xxx/CVE-2023-47997.json index 5ed0ecfae92..c4f68f59119 100644 --- a/2023/47xxx/CVE-2023-47997.json +++ b/2023/47xxx/CVE-2023-47997.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-47997", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-47997", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47997", + "url": "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47997" } ] } diff --git a/2023/48xxx/CVE-2023-48655.json b/2023/48xxx/CVE-2023-48655.json index a4800f32eac..abde76e9ae0 100644 --- a/2023/48xxx/CVE-2023-48655.json +++ b/2023/48xxx/CVE-2023-48655.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-48655", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-48655", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176" + }, + { + "url": "https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b" + }, + { + "refsource": "MISC", + "name": "https://zigrin.com/advisories/misp-blind-sql-injection-in-array-input-parameters/", + "url": "https://zigrin.com/advisories/misp-blind-sql-injection-in-array-input-parameters/" } ] } diff --git a/2023/48xxx/CVE-2023-48656.json b/2023/48xxx/CVE-2023-48656.json index b8abb66f9d0..68a7c935d5c 100644 --- a/2023/48xxx/CVE-2023-48656.json +++ b/2023/48xxx/CVE-2023-48656.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-48656", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-48656", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176" + }, + { + "url": "https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074" + }, + { + "refsource": "MISC", + "name": "https://zigrin.com/advisories/misp-blind-sql-injection-in-order-parameter/", + "url": "https://zigrin.com/advisories/misp-blind-sql-injection-in-order-parameter/" } ] } diff --git a/2023/48xxx/CVE-2023-48657.json b/2023/48xxx/CVE-2023-48657.json index a4710e499e5..9f7f01905b8 100644 --- a/2023/48xxx/CVE-2023-48657.json +++ b/2023/48xxx/CVE-2023-48657.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-48657", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-48657", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176" + }, + { + "url": "https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc" + }, + { + "refsource": "MISC", + "name": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/", + "url": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/" } ] } diff --git a/2023/48xxx/CVE-2023-48658.json b/2023/48xxx/CVE-2023-48658.json index ca18481055a..317cbdac9e7 100644 --- a/2023/48xxx/CVE-2023-48658.json +++ b/2023/48xxx/CVE-2023-48658.json @@ -61,6 +61,11 @@ "url": "https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d", "refsource": "MISC", "name": "https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d" + }, + { + "refsource": "MISC", + "name": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/", + "url": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/" } ] } diff --git a/2023/48xxx/CVE-2023-48659.json b/2023/48xxx/CVE-2023-48659.json index 760fc840cf0..cf45d5a72f7 100644 --- a/2023/48xxx/CVE-2023-48659.json +++ b/2023/48xxx/CVE-2023-48659.json @@ -61,6 +61,11 @@ "url": "https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed", "refsource": "MISC", "name": "https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed" + }, + { + "refsource": "MISC", + "name": "https://zigrin.com/advisories/misp-reflected-cross-site-scripting-in-galaxies/", + "url": "https://zigrin.com/advisories/misp-reflected-cross-site-scripting-in-galaxies/" } ] } diff --git a/2024/0xxx/CVE-2024-0354.json b/2024/0xxx/CVE-2024-0354.json index a58cbeac694..9eb3286d333 100644 --- a/2024/0xxx/CVE-2024-0354.json +++ b/2024/0xxx/CVE-2024-0354.json @@ -1,17 +1,136 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0354", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. This issue affects some unknown processing of the file index.php. The manipulation of the argument f leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250121 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in unknown-o download-station bis 1.1.8 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei index.php. Durch die Manipulation des Arguments f mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-24 Path Traversal: '../filedir'", + "cweId": "CWE-24" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "unknown-o", + "product": { + "product_data": [ + { + "product_name": "download-station", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.1.0" + }, + { + "version_affected": "=", + "version_value": "1.1.1" + }, + { + "version_affected": "=", + "version_value": "1.1.2" + }, + { + "version_affected": "=", + "version_value": "1.1.3" + }, + { + "version_affected": "=", + "version_value": "1.1.4" + }, + { + "version_affected": "=", + "version_value": "1.1.5" + }, + { + "version_affected": "=", + "version_value": "1.1.6" + }, + { + "version_affected": "=", + "version_value": "1.1.7" + }, + { + "version_affected": "=", + "version_value": "1.1.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.250121", + "refsource": "MISC", + "name": "https://vuldb.com/?id.250121" + }, + { + "url": "https://vuldb.com/?ctiid.250121", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.250121" + }, + { + "url": "https://note.zhaoj.in/share/nHD5xiHQgHG0", + "refsource": "MISC", + "name": "https://note.zhaoj.in/share/nHD5xiHQgHG0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "glzjin (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N" } ] } diff --git a/2024/0xxx/CVE-2024-0355.json b/2024/0xxx/CVE-2024-0355.json index 8f762a54fa4..f93b656b76e 100644 --- a/2024/0xxx/CVE-2024-0355.json +++ b/2024/0xxx/CVE-2024-0355.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0355", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250122 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in PHPGurukul Dairy Farm Shop Management System bis 1.1 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei add-category.php. Durch Manipulation des Arguments category mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHPGurukul", + "product": { + "product_data": [ + { + "product_name": "Dairy Farm Shop Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + }, + { + "version_affected": "=", + "version_value": "1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.250122", + "refsource": "MISC", + "name": "https://vuldb.com/?id.250122" + }, + { + "url": "https://vuldb.com/?ctiid.250122", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.250122" + }, + { + "url": "https://medium.com/@heishou/dfsms-has-sql-injection-vulnerability-e9cfbc375be8", + "refsource": "MISC", + "name": "https://medium.com/@heishou/dfsms-has-sql-injection-vulnerability-e9cfbc375be8" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "heishou (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/0xxx/CVE-2024-0356.json b/2024/0xxx/CVE-2024-0356.json index 6030ed97b5b..e08f778e35e 100644 --- a/2024/0xxx/CVE-2024-0356.json +++ b/2024/0xxx/CVE-2024-0356.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0356", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Mandelo ssm_shiro_blog 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file updateRoles of the component Backend. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250123." + }, + { + "lang": "deu", + "value": "In Mandelo ssm_shiro_blog 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei updateRoles der Komponente Backend. Mittels dem Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Controls", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mandelo", + "product": { + "product_data": [ + { + "product_name": "ssm_shiro_blog", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.250123", + "refsource": "MISC", + "name": "https://vuldb.com/?id.250123" + }, + { + "url": "https://vuldb.com/?ctiid.250123", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.250123" + }, + { + "url": "https://medium.com/@heishou/ssm-has-a-vertical-override-vulnerability-8728da71842e", + "refsource": "MISC", + "name": "https://medium.com/@heishou/ssm-has-a-vertical-override-vulnerability-8728da71842e" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "heishou (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2024/0xxx/CVE-2024-0385.json b/2024/0xxx/CVE-2024-0385.json new file mode 100644 index 00000000000..0e51369b38a --- /dev/null +++ b/2024/0xxx/CVE-2024-0385.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-0385", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/0xxx/CVE-2024-0386.json b/2024/0xxx/CVE-2024-0386.json new file mode 100644 index 00000000000..a93a0b7b474 --- /dev/null +++ b/2024/0xxx/CVE-2024-0386.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-0386", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file