From 2fb292f5c80012b983c20a8b815b7385287103b0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2024 14:06:48 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/44xxx/CVE-2023-44324.json | 2 +- 2023/6xxx/CVE-2023-6725.json | 6 ++ 2023/7xxx/CVE-2023-7250.json | 150 +-------------------------------- 2024/29xxx/CVE-2024-29102.json | 113 +------------------------ 2024/29xxx/CVE-2024-29103.json | 113 +------------------------ 2024/29xxx/CVE-2024-29104.json | 113 +------------------------ 2024/29xxx/CVE-2024-29105.json | 113 +------------------------ 2024/29xxx/CVE-2024-29106.json | 113 +------------------------ 2024/29xxx/CVE-2024-29107.json | 113 +------------------------ 2024/29xxx/CVE-2024-29108.json | 113 +------------------------ 2024/2xxx/CVE-2024-2193.json | 18 ++++ 2024/2xxx/CVE-2024-2495.json | 84 +++++++++++++++++- 2024/2xxx/CVE-2024-2497.json | 95 ++++++++++++++++++++- 2024/2xxx/CVE-2024-2514.json | 103 +--------------------- 2024/2xxx/CVE-2024-2515.json | 103 +--------------------- 2024/2xxx/CVE-2024-2516.json | 103 +--------------------- 2024/2xxx/CVE-2024-2517.json | 103 +--------------------- 2024/2xxx/CVE-2024-2518.json | 103 +--------------------- 2024/2xxx/CVE-2024-2519.json | 103 +--------------------- 2024/2xxx/CVE-2024-2520.json | 103 +--------------------- 2024/2xxx/CVE-2024-2521.json | 103 +--------------------- 2024/2xxx/CVE-2024-2522.json | 103 +--------------------- 2024/2xxx/CVE-2024-2523.json | 103 +--------------------- 2024/2xxx/CVE-2024-2524.json | 103 +--------------------- 2024/2xxx/CVE-2024-2525.json | 103 +--------------------- 2024/2xxx/CVE-2024-2526.json | 103 +--------------------- 2024/2xxx/CVE-2024-2527.json | 103 +--------------------- 2024/2xxx/CVE-2024-2528.json | 103 +--------------------- 2024/2xxx/CVE-2024-2529.json | 103 +--------------------- 2024/2xxx/CVE-2024-2530.json | 103 +--------------------- 2024/2xxx/CVE-2024-2531.json | 103 +--------------------- 2024/2xxx/CVE-2024-2532.json | 103 +--------------------- 2024/2xxx/CVE-2024-2533.json | 103 +--------------------- 2024/2xxx/CVE-2024-2534.json | 103 +--------------------- 2024/2xxx/CVE-2024-2535.json | 103 +--------------------- 35 files changed, 316 insertions(+), 3096 deletions(-) diff --git a/2023/44xxx/CVE-2023-44324.json b/2023/44xxx/CVE-2023-44324.json index 7d948970468..b5c8a5a2ec1 100644 --- a/2023/44xxx/CVE-2023-44324.json +++ b/2023/44xxx/CVE-2023-44324.json @@ -36,7 +36,7 @@ "product": { "product_data": [ { - "product_name": "Adobe Framemaker", + "product_name": "Adobe Framemaker Publishing Server", "version": { "version_data": [ { diff --git a/2023/6xxx/CVE-2023-6725.json b/2023/6xxx/CVE-2023-6725.json index 79c59377d15..0f69de19879 100644 --- a/2023/6xxx/CVE-2023-6725.json +++ b/2023/6xxx/CVE-2023-6725.json @@ -140,6 +140,12 @@ } ] }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Michael Johnson (Red Hat)." + } + ], "impact": { "cvss": [ { diff --git a/2023/7xxx/CVE-2023-7250.json b/2023/7xxx/CVE-2023-7250.json index 0a51887dde5..70ebcaa7121 100644 --- a/2023/7xxx/CVE-2023-7250.json +++ b/2023/7xxx/CVE-2023-7250.json @@ -1,159 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-7250", - "ASSIGNER": "secalert@redhat.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Permissive List of Allowed Inputs", - "cweId": "CWE-183" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "iperf", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "3.15", - "status": "unaffected" - } - ] - } - } - ] - } - } - ] - } - }, - { - "vendor_name": "Red Hat", - "product": { - "product_data": [ - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 8", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 9", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - } - ] - } - }, - { - "vendor_name": "Fedora", - "product": { - "product_data": [ - { - "product_name": "Fedora", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://access.redhat.com/security/cve/CVE-2023-7250", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2023-7250" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244707", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2244707" - } - ] - }, - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 5.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/29xxx/CVE-2024-29102.json b/2024/29xxx/CVE-2024-29102.json index 4b25ee614b2..76e1ad0a061 100644 --- a/2024/29xxx/CVE-2024-29102.json +++ b/2024/29xxx/CVE-2024-29102.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29102", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes Extensions For CF7 allows Stored XSS.This issue affects Extensions For CF7: from n/a through 3.0.6.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "HasThemes", - "product": { - "product_data": [ - { - "product_name": "Extensions For CF7", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "3.0.7", - "status": "unaffected" - } - ], - "lessThanOrEqual": "3.0.6", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/extensions-for-cf7/wordpress-extensions-for-cf7-plugin-3-0-6-unauthenticated-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/extensions-for-cf7/wordpress-extensions-for-cf7-plugin-3-0-6-unauthenticated-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 3.0.7 or a higher version." - } - ], - "value": "Update to 3.0.7 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "FearZzZz (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/29xxx/CVE-2024-29103.json b/2024/29xxx/CVE-2024-29103.json index 168cee2db21..31f3d1314e9 100644 --- a/2024/29xxx/CVE-2024-29103.json +++ b/2024/29xxx/CVE-2024-29103.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29103", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam Database for Contact Form 7 allows Stored XSS.This issue affects Database for Contact Form 7: from n/a through 3.0.6.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "NinjaTeam", - "product": { - "product_data": [ - { - "product_name": "Database for Contact Form 7", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "3.0.7", - "status": "unaffected" - } - ], - "lessThanOrEqual": "3.0.6", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/cf7-database/wordpress-database-for-contact-form-7-plugin-3-0-6-unauthenticated-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/cf7-database/wordpress-database-for-contact-form-7-plugin-3-0-6-unauthenticated-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 3.0.7 or a higher version." - } - ], - "value": "Update to 3.0.7 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "FearZzZz (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/29xxx/CVE-2024-29104.json b/2024/29xxx/CVE-2024-29104.json index c5a9de75186..483302c9d0e 100644 --- a/2024/29xxx/CVE-2024-29104.json +++ b/2024/29xxx/CVE-2024-29104.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29104", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zimma Ltd. Ticket Tailor allows Stored XSS.This issue affects Ticket Tailor: from n/a through 1.10.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Zimma Ltd.", - "product": { - "product_data": [ - { - "product_name": "Ticket Tailor", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "1.12", - "status": "unaffected" - } - ], - "lessThanOrEqual": "1.10", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/ticket-tailor/wordpress-ticket-tailor-plugin-1-10-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/ticket-tailor/wordpress-ticket-tailor-plugin-1-10-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 1.12 or a higher version." - } - ], - "value": "Update to 1.12 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "wpdabh (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/29xxx/CVE-2024-29105.json b/2024/29xxx/CVE-2024-29105.json index dabe9627bfa..51420223dcc 100644 --- a/2024/29xxx/CVE-2024-29105.json +++ b/2024/29xxx/CVE-2024-29105.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29105", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through 2.1.5.5.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Timersys", - "product": { - "product_data": [ - { - "product_name": "WP Popups", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "2.1.5.6", - "status": "unaffected" - } - ], - "lessThanOrEqual": "2.1.5.5", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/wp-popups-lite/wordpress-wp-popups-wordpress-popup-builder-plugin-2-1-5-5-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/wp-popups-lite/wordpress-wp-popups-wordpress-popup-builder-plugin-2-1-5-5-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 2.1.5.6 or a higher version." - } - ], - "value": "Update to 2.1.5.6 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "Huynh Tien Si (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 5.9, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/29xxx/CVE-2024-29106.json b/2024/29xxx/CVE-2024-29106.json index 547fa832612..de2c7f5bce9 100644 --- a/2024/29xxx/CVE-2024-29106.json +++ b/2024/29xxx/CVE-2024-29106.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29106", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Leap13", - "product": { - "product_data": [ - { - "product_name": "Premium Addons for Elementor", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "4.10.17", - "status": "unaffected" - } - ], - "lessThanOrEqual": "4.10.16", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/premium-addons-for-elementor/wordpress-premium-addons-for-elementor-plugin-4-10-16-cross-site-scripting-xss-vulnerability-2?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/premium-addons-for-elementor/wordpress-premium-addons-for-elementor-plugin-4-10-16-cross-site-scripting-xss-vulnerability-2?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 4.10.17 or a higher version." - } - ], - "value": "Update to 4.10.17 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "Abu Hurayra (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/29xxx/CVE-2024-29107.json b/2024/29xxx/CVE-2024-29107.json index ad8c9e1edc6..f6302560462 100644 --- a/2024/29xxx/CVE-2024-29107.json +++ b/2024/29xxx/CVE-2024-29107.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29107", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.12.10.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "WPVibes", - "product": { - "product_data": [ - { - "product_name": "Elementor Addon Elements", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "1.12.11", - "status": "unaffected" - } - ], - "lessThanOrEqual": "1.12.10", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/addon-elements-for-elementor-page-builder/wordpress-elementor-addon-elements-plugin-1-12-10-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/addon-elements-for-elementor-page-builder/wordpress-elementor-addon-elements-plugin-1-12-10-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 1.12.11 or a higher version." - } - ], - "value": "Update to 1.12.11 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "Abu Hurayra (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/29xxx/CVE-2024-29108.json b/2024/29xxx/CVE-2024-29108.json index 56ee4eb24de..35548f96a72 100644 --- a/2024/29xxx/CVE-2024-29108.json +++ b/2024/29xxx/CVE-2024-29108.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29108", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.1.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Leevio", - "product": { - "product_data": [ - { - "product_name": "Happy Addons for Elementor", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "3.10.2", - "status": "unaffected" - } - ], - "lessThanOrEqual": "3.10.1", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/happy-elementor-addons/wordpress-happy-addons-for-elementor-plugin-3-10-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/happy-elementor-addons/wordpress-happy-addons-for-elementor-plugin-3-10-1-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 3.10.2 or a higher version." - } - ], - "value": "Update to 3.10.2 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "Abu Hurayra (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2193.json b/2024/2xxx/CVE-2024-2193.json index 16204523472..aa97bd5be59 100644 --- a/2024/2xxx/CVE-2024-2193.json +++ b/2024/2xxx/CVE-2024-2193.json @@ -65,6 +65,24 @@ } ] } + }, + { + "vendor_name": "Linux Kernel", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "944d5fe50f3f" + } + ] + } + } + ] + } } ] } diff --git a/2024/2xxx/CVE-2024-2495.json b/2024/2xxx/CVE-2024-2495.json index 4181dcadd61..cc275ff9e38 100644 --- a/2024/2xxx/CVE-2024-2495.json +++ b/2024/2xxx/CVE-2024-2495.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2495", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + "cweId": "CWE-1321" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FriendlyElec", + "product": { + "product_data": [ + { + "product_name": "FriendlyWrt", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2022-11-16.51b3d35" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-key-plain-text-vulnerability-friendlyelecs-friendlywrt", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-key-plain-text-vulnerability-friendlyelecs-friendlywrt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "HADESS" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2497.json b/2024/2xxx/CVE-2024-2497.json index d74d8e51300..ab217e64144 100644 --- a/2024/2xxx/CVE-2024-2497.json +++ b/2024/2xxx/CVE-2024-2497.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2497", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in RaspAP raspap-webgui 3.0.9 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei includes/provider.php der Komponente HTTP POST Request Handler. Durch die Manipulation des Arguments country mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "RaspAP", + "product": { + "product_data": [ + { + "product_name": "raspap-webgui", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.0.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.256919", + "refsource": "MISC", + "name": "https://vuldb.com/?id.256919" + }, + { + "url": "https://vuldb.com/?ctiid.256919", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.256919" + }, + { + "url": "https://toradah.notion.site/Code-Injection-Leading-to-Remote-Code-Execution-RCE-in-RaspAP-Web-GUI-d321e1a416694520bec7099253c65060?pvs=4", + "refsource": "MISC", + "name": "https://toradah.notion.site/Code-Injection-Leading-to-Remote-Code-Execution-RCE-in-RaspAP-Web-GUI-d321e1a416694520bec7099253c65060?pvs=4" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "torada (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.7, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2514.json b/2024/2xxx/CVE-2024-2514.json index e97d5905bda..962eb20d160 100644 --- a/2024/2xxx/CVE-2024-2514.json +++ b/2024/2xxx/CVE-2024-2514.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2514", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as critical was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256951. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 wurde eine kritische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /login.php. Mit der Manipulation des Arguments email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256951", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256951" - }, - { - "url": "https://vuldb.com/?ctiid.256951", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256951" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20Auth%20bypass%20-%20login.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20Auth%20bypass%20-%20login.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 7.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 7.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 7.5, - "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2515.json b/2024/2xxx/CVE-2024-2515.json index 31642e7f435..5e96f583e39 100644 --- a/2024/2xxx/CVE-2024-2515.json +++ b/2024/2xxx/CVE-2024-2515.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2515", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this issue is some unknown functionality of the file home.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256952. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine problematische Schwachstelle wurde in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 entdeckt. Dies betrifft einen unbekannten Teil der Datei home.php. Durch die Manipulation des Arguments id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256952", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256952" - }, - { - "url": "https://vuldb.com/?ctiid.256952", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256952" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20home.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20home.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 3.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "3.0", - "baseScore": 3.5, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "2.0", - "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2516.json b/2024/2xxx/CVE-2024-2516.json index 75d583b89de..4228fcffc99 100644 --- a/2024/2xxx/CVE-2024-2516.json +++ b/2024/2xxx/CVE-2024-2516.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2516", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file home.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256953 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Es wurde eine kritische Schwachstelle in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei home.php. Durch Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256953", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256953" - }, - { - "url": "https://vuldb.com/?ctiid.256953", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256953" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Blind%20SQL%20Injection%20-%20home.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Blind%20SQL%20Injection%20-%20home.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2517.json b/2024/2xxx/CVE-2024-2517.json index 57efab3f703..feedc4b9219 100644 --- a/2024/2xxx/CVE-2024-2517.json +++ b/2024/2xxx/CVE-2024-2517.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2517", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as critical. This vulnerability affects unknown code of the file book_history.php. The manipulation of the argument del_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256954 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei book_history.php. Mittels dem Manipulieren des Arguments del_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256954", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256954" - }, - { - "url": "https://vuldb.com/?ctiid.256954", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256954" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Blind%20SQL%20Injection%20-%20book_history.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Blind%20SQL%20Injection%20-%20book_history.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2518.json b/2024/2xxx/CVE-2024-2518.json index 0483eac6fbb..91f43ebb1e8 100644 --- a/2024/2xxx/CVE-2024-2518.json +++ b/2024/2xxx/CVE-2024-2518.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2518", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. This issue affects some unknown processing of the file book_history.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256955. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine problematische Schwachstelle wurde in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 gefunden. Davon betroffen ist unbekannter Code der Datei book_history.php. Mittels Manipulieren des Arguments id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256955", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256955" - }, - { - "url": "https://vuldb.com/?ctiid.256955", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256955" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20book_history.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20book_history.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 3.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "3.0", - "baseScore": 3.5, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "2.0", - "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2519.json b/2024/2xxx/CVE-2024-2519.json index 6d0f9dd0fa9..062617a02a6 100644 --- a/2024/2xxx/CVE-2024-2519.json +++ b/2024/2xxx/CVE-2024-2519.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2519", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been classified as problematic. Affected is an unknown function of the file navbar.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256956. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Es wurde eine problematische Schwachstelle in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Datei navbar.php. Durch das Manipulieren des Arguments id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256956", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256956" - }, - { - "url": "https://vuldb.com/?ctiid.256956", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256956" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20navbar.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20navbar.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 3.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "3.0", - "baseScore": 3.5, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "2.0", - "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2520.json b/2024/2xxx/CVE-2024-2520.json index ed4e51611e4..3bfb0f9de46 100644 --- a/2024/2xxx/CVE-2024-2520.json +++ b/2024/2xxx/CVE-2024-2520.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2520", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookdate.php. The manipulation of the argument room_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 wurde eine kritische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/bookdate.php. Durch Manipulieren des Arguments room_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256957", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256957" - }, - { - "url": "https://vuldb.com/?ctiid.256957", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256957" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20bookdate.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20bookdate.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2521.json b/2024/2xxx/CVE-2024-2521.json index b4f0a82e3e1..8e2cea54569 100644 --- a/2024/2xxx/CVE-2024-2521.json +++ b/2024/2xxx/CVE-2024-2521.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2521", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/bookdate.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256958 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine problematische Schwachstelle wurde in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei /admin/bookdate.php. Durch das Beeinflussen des Arguments id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256958", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256958" - }, - { - "url": "https://vuldb.com/?ctiid.256958", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256958" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20bookdate.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20bookdate.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 3.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "3.0", - "baseScore": 3.5, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "2.0", - "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2522.json b/2024/2xxx/CVE-2024-2522.json index 0126ac5de1f..9a1e46253cc 100644 --- a/2024/2xxx/CVE-2024-2522.json +++ b/2024/2xxx/CVE-2024-2522.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2522", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/booktime.php. The manipulation of the argument room_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256959. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Es wurde eine Schwachstelle in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/booktime.php. Durch Beeinflussen des Arguments room_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256959", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256959" - }, - { - "url": "https://vuldb.com/?ctiid.256959", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256959" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20booktime.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20booktime.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2523.json b/2024/2xxx/CVE-2024-2523.json index 4c123e3f23d..a08f148f60c 100644 --- a/2024/2xxx/CVE-2024-2523.json +++ b/2024/2xxx/CVE-2024-2523.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2523", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as problematic was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This vulnerability affects unknown code of the file /admin/booktime.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /admin/booktime.php. Dank der Manipulation des Arguments id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256960", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256960" - }, - { - "url": "https://vuldb.com/?ctiid.256960", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256960" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20booktime.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20booktime.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 3.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "3.0", - "baseScore": 3.5, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "2.0", - "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2524.json b/2024/2xxx/CVE-2024-2524.json index 3e53eac1adc..5ce30877c13 100644 --- a/2024/2xxx/CVE-2024-2524.json +++ b/2024/2xxx/CVE-2024-2524.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2524", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as critical, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This issue affects some unknown processing of the file /admin/receipt.php. The manipulation of the argument room_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine Schwachstelle wurde in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /admin/receipt.php. Dank Manipulation des Arguments room_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256961", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256961" - }, - { - "url": "https://vuldb.com/?ctiid.256961", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256961" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20receipt.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20receipt.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2525.json b/2024/2xxx/CVE-2024-2525.json index d20cb2f07ac..caf4e31a353 100644 --- a/2024/2xxx/CVE-2024-2525.json +++ b/2024/2xxx/CVE-2024-2525.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2525", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as problematic, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected is an unknown function of the file /admin/receipt.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Es wurde eine Schwachstelle in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/receipt.php. Mit der Manipulation des Arguments id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256962", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256962" - }, - { - "url": "https://vuldb.com/?ctiid.256962", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256962" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20receipt.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20receipt.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 3.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "3.0", - "baseScore": 3.5, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "2.0", - "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2526.json b/2024/2xxx/CVE-2024-2526.json index b2fa680bcc3..14db0a8caa2 100644 --- a/2024/2xxx/CVE-2024-2526.json +++ b/2024/2xxx/CVE-2024-2526.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2526", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/rooms.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin/rooms.php. Durch die Manipulation des Arguments id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256963", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256963" - }, - { - "url": "https://vuldb.com/?ctiid.256963", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256963" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20rooms.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20rooms.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 3.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "3.0", - "baseScore": 3.5, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "2.0", - "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2527.json b/2024/2xxx/CVE-2024-2527.json index 22cd8db8014..956c4abb803 100644 --- a/2024/2xxx/CVE-2024-2527.json +++ b/2024/2xxx/CVE-2024-2527.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2527", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/rooms.php. The manipulation of the argument room_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256964. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine Schwachstelle wurde in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 gefunden. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /admin/rooms.php. Durch Manipulation des Arguments room_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256964", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256964" - }, - { - "url": "https://vuldb.com/?ctiid.256964", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256964" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20rooms.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20rooms.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2528.json b/2024/2xxx/CVE-2024-2528.json index 1b4d304aff1..cf5a5f12d76 100644 --- a/2024/2xxx/CVE-2024-2528.json +++ b/2024/2xxx/CVE-2024-2528.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2528", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-rooms.php. The manipulation of the argument room_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256965 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Es wurde eine Schwachstelle in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /admin/update-rooms.php. Mittels dem Manipulieren des Arguments room_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256965", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256965" - }, - { - "url": "https://vuldb.com/?ctiid.256965", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256965" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20update-rooms.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20update-rooms.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2529.json b/2024/2xxx/CVE-2024-2529.json index ce1b0eac263..7703f7ba4fa 100644 --- a/2024/2xxx/CVE-2024-2529.json +++ b/2024/2xxx/CVE-2024-2529.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2529", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/rooms.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256966 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /admin/rooms.php. Mittels Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-434 Unrestricted Upload", - "cweId": "CWE-434" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256966", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256966" - }, - { - "url": "https://vuldb.com/?ctiid.256966", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256966" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Arbitrary%20File%20Upload%20-%20rooms.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Arbitrary%20File%20Upload%20-%20rooms.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2530.json b/2024/2xxx/CVE-2024-2530.json index 07f2ecfea2e..5bc0674758e 100644 --- a/2024/2xxx/CVE-2024-2530.json +++ b/2024/2xxx/CVE-2024-2530.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2530", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/update-rooms.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256967. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine Schwachstelle wurde in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /admin/update-rooms.php. Durch das Manipulieren des Arguments id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256967", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256967" - }, - { - "url": "https://vuldb.com/?ctiid.256967", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256967" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20update-rooms.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20update-rooms.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 3.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "3.0", - "baseScore": 3.5, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "2.0", - "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2531.json b/2024/2xxx/CVE-2024-2531.json index bb28e7a54e9..7214619ed25 100644 --- a/2024/2xxx/CVE-2024-2531.json +++ b/2024/2xxx/CVE-2024-2531.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2531", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected is an unknown function of the file /admin/update-rooms.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256968. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Es wurde eine kritische Schwachstelle in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /admin/update-rooms.php. Durch Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-434 Unrestricted Upload", - "cweId": "CWE-434" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256968", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256968" - }, - { - "url": "https://vuldb.com/?ctiid.256968", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256968" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Arbitrary%20File%20Upload%20-%20update-rooms.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Arbitrary%20File%20Upload%20-%20update-rooms.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2532.json b/2024/2xxx/CVE-2024-2532.json index 03f95806dee..6946a6a6419 100644 --- a/2024/2xxx/CVE-2024-2532.json +++ b/2024/2xxx/CVE-2024-2532.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2532", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as critical was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/update-users.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256969 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei /admin/update-users.php. Durch das Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256969", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256969" - }, - { - "url": "https://vuldb.com/?ctiid.256969", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256969" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20update-users.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20update-users.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2533.json b/2024/2xxx/CVE-2024-2533.json index 6a79be5afa1..836ebb46a3f 100644 --- a/2024/2xxx/CVE-2024-2533.json +++ b/2024/2xxx/CVE-2024-2533.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2533", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-users.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256970 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine problematische Schwachstelle wurde in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 entdeckt. Davon betroffen ist unbekannter Code der Datei /admin/update-users.php. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256970", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256970" - }, - { - "url": "https://vuldb.com/?ctiid.256970", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256970" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20update-users.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20update-users.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 3.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "3.0", - "baseScore": 3.5, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "2.0", - "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2534.json b/2024/2xxx/CVE-2024-2534.json index 7122abf5720..685c87aceeb 100644 --- a/2024/2xxx/CVE-2024-2534.json +++ b/2024/2xxx/CVE-2024-2534.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2534", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/users.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256971. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Es wurde eine kritische Schwachstelle in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /admin/users.php. Dank der Manipulation des Arguments user_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256971", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256971" - }, - { - "url": "https://vuldb.com/?ctiid.256971", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256971" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20users.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20users.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2535.json b/2024/2xxx/CVE-2024-2535.json index 8253c76f7ab..4459ddd21ed 100644 --- a/2024/2xxx/CVE-2024-2535.json +++ b/2024/2xxx/CVE-2024-2535.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2535", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256972. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/users.php. Dank Manipulation des Arguments id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MAGESH-K21", - "product": { - "product_data": [ - { - "product_name": "Online-College-Event-Hall-Reservation-System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256972", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256972" - }, - { - "url": "https://vuldb.com/?ctiid.256972", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256972" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20users.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20users.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 3.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "3.0", - "baseScore": 3.5, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "2.0", - "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] }