admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-01-09 20:00:57 +00:00
parent 8dd92bfbb0
commit 36a466dc7a
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
45 changed files with 3130 additions and 202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2023/36xxx/CVE-2023-36361.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://gist.github.com/Cameleon037/40b3b6f6729d1d0984d6ce5b6837c46b",
"url": "https://gist.github.com/Cameleon037/40b3b6f6729d1d0984d6ce5b6837c46b"
},
{
"refsource": "MISC",
"name": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2023-36361",
"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2023-36361"
}
]
}

5
2023/45xxx/CVE-2023-45911.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/PostalBlab/Vulnerabilities/blob/main/ComScale/auth_bypass.txt",
"refsource": "MISC",
"name": "https://github.com/PostalBlab/Vulnerabilities/blob/main/ComScale/auth_bypass.txt"
},
{
"refsource": "MISC",
"name": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2023-45911",
"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2023-45911"
}
]
}

5
2023/45xxx/CVE-2023-45912.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/PostalBlab/Vulnerabilities/blob/main/ComScale/file_access.txt",
"refsource": "MISC",
"name": "https://github.com/PostalBlab/Vulnerabilities/blob/main/ComScale/file_access.txt"
},
{
"refsource": "MISC",
"name": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2023-45912",
"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2023-45912"
}
]
}

76
2024/10xxx/CVE-2024-10215.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10215",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key",
"cweId": "CWE-639"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Iqonic Design",
"product": {
"product_data": [
{
"product_name": "WPBookit",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.6.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d23a2b9-8476-4564-a5de-5e6cfc38ce68?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d23a2b9-8476-4564-a5de-5e6cfc38ce68?source=cve"
},
{
"url": "https://documentation.iqonic.design/wpbookit/versions/change-log",
"refsource": "MISC",
"name": "https://documentation.iqonic.design/wpbookit/versions/change-log"
}
]
},
"credits": [
{
"lang": "en",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
]
}

81
2024/13xxx/CVE-2024-13255.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13255",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-202 Exposure of Sensitive Information Through Data Queries",
"cweId": "CWE-202"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "RESTful Web Services",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.x-2.0",
"version_value": "7.x-2.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-019",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-019"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Fran Garcia-Linares"
},
{
"lang": "en",
"value": "Neil Drumm"
},
{
"lang": "en",
"value": "Fran Garcia-Linares"
},
{
"lang": "en",
"value": "Neil Drumm"
}
]
}

101
2024/13xxx/CVE-2024-13256.json
View File

@ -1,18 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13256",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1220 Insufficient Granularity of Access Control",
"cweId": "CWE-1220"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Email Contact",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "2.0.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-020",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-020"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Claudiu Cristea"
},
{
"lang": "en",
"value": "Claudiu Cristea"
},
{
"lang": "en",
"value": "B\u00e1lint Nagy"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "xjm"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "xjm"
},
{
"lang": "en",
"value": "Juraj Nemec"
}
]
}

97
2024/13xxx/CVE-2024-13257.json
View File

@ -1,18 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13257",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.This issue affects Commerce View Receipt: from 0.0.0 before 1.0.3."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Commerce View Receipt",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "1.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-021",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-021"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Norman K\u00e4mper-Leymann"
},
{
"lang": "en",
"value": "Norman K\u00e4mper-Leymann"
},
{
"lang": "en",
"value": "Greg Mack"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Drew Webber"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "xjm"
}
]
}

101
2024/13xxx/CVE-2024-13258.json
View File

@ -1,18 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13258",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Drupal REST & JSON API Authentication",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "2.0.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-022",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-022"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Arek Suchecki"
},
{
"lang": "en",
"value": "solideogloria"
},
{
"lang": "en",
"value": "Shashank Thigale"
},
{
"lang": "en",
"value": "Arek Suchecki"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "David Rothstein"
},
{
"lang": "en",
"value": "Michael Hess"
}
]
}

93
2024/13xxx/CVE-2024-13259.json
View File

@ -1,18 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13259",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.This issue affects Image Sizes: from 0.0.0 before 3.0.2."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-201 Insertion of Sensitive Information Into Sent Data",
"cweId": "CWE-201"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Image Sizes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "3.0.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-023",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-023"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Dezs\u00c5\u0091 Bicz\u00c3\u00b3"
},
{
"lang": "en",
"value": "Dezs\u00c5\u0091 Bicz\u00c3\u00b3"
},
{
"lang": "en",
"value": "Pascal Crott"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "Neil Drumm"
},
{
"lang": "en",
"value": "Michael Hess"
}
]
}

89
2024/13xxx/CVE-2024-13260.json
View File

@ -1,18 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13260",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Migrate queue importer",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "2.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-024",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-024"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Pierre Rudloff"
},
{
"lang": "en",
"value": "David B\u00e4tge"
},
{
"lang": "en",
"value": "Pierre Rudloff"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "Michael Hess"
}
]
}

98
2024/13xxx/CVE-2024-13261.json
View File

@ -1,18 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13261",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM allows Cross Site Request Forgery.This issue affects Acquia DAM: from 0.0.0 before 1.0.13, from 1.1.0 before 1.1.0-beta3."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Acquia DAM",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "1.0.13"
},
{
"version_affected": "<",
"version_name": "1.1.0",
"version_value": "1.1.0-beta3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-025",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-025"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Matt Glaman"
},
{
"lang": "en",
"value": "Matt Glaman"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Bal\u00e1zs Ertl-Bakos"
},
{
"lang": "en",
"value": "Jakob Perry"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "xjm"
}
]
}

85
2024/13xxx/CVE-2024-13262.json
View File

@ -1,18 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13262",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal View Password allows Cross-Site Scripting (XSS).This issue affects View Password: from 0.0.0 before 6.0.4."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "View Password",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "6.0.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-026",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-026"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Ide Braakman"
},
{
"lang": "en",
"value": "Ana Colautti"
},
{
"lang": "en",
"value": "Ide Braakman"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Juraj Nemec"
}
]
}

85
2024/13xxx/CVE-2024-13263.json
View File

@ -1,18 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13263",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')",
"cweId": "CWE-96"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Opigno group manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "3.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-027",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-027"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "catch"
},
{
"lang": "en",
"value": "Marcin Grabias"
},
{
"lang": "en",
"value": "Yurii Boichenko"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Benji Fisher"
}
]
}

97
2024/13xxx/CVE-2024-13264.json
View File

@ -1,18 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13264",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')",
"cweId": "CWE-96"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Opigno module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "3.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-028",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-028"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Marcin Grabias"
},
{
"lang": "en",
"value": "catch"
},
{
"lang": "en",
"value": "Yurii Boichenko"
},
{
"lang": "en",
"value": "Axel Minck"
},
{
"lang": "en",
"value": "Yuriy Korzhov"
},
{
"lang": "en",
"value": "Andrii Aleksandrov"
},
{
"lang": "en",
"value": "catch"
},
{
"lang": "en",
"value": "Greg Knaddison"
}
]
}

93
2024/13xxx/CVE-2024-13265.json
View File

@ -1,18 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13265",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')",
"cweId": "CWE-96"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Opigno Learning path",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "3.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-029",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-029"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Marcin Grabias"
},
{
"lang": "en",
"value": "catch"
},
{
"lang": "en",
"value": "Axel Minck"
},
{
"lang": "en",
"value": "Yuriy Korzhov"
},
{
"lang": "en",
"value": "Andrii Aleksandrov"
},
{
"lang": "en",
"value": "Yurii Boichenko"
},
{
"lang": "en",
"value": "Greg Knaddison"
}
]
}

85
2024/13xxx/CVE-2024-13266.json
View File

@ -1,18 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13266",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Responsive and off-canvas menu",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "4.4.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-030",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-030"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "collinhaines"
},
{
"lang": "en",
"value": "Stephen Cox"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "Drew Webber"
}
]
}

97
2024/13xxx/CVE-2024-13267.json
View File

@ -1,18 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13267",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')",
"cweId": "CWE-96"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Opigno TinCan Question Type",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.x-1.0",
"version_value": "7.x-1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-031",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-031"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "Marcin Grabias"
},
{
"lang": "en",
"value": "catch"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "Axel Minck"
},
{
"lang": "en",
"value": "Yurii Boichenko"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Juraj Nemec"
}
]
}

89
2024/13xxx/CVE-2024-13268.json
View File

@ -1,18 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13268",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')",
"cweId": "CWE-96"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Opigno",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.x-1.0",
"version_value": "7.x-1.23"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-032",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-032"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Yurii Boichenko"
},
{
"lang": "en",
"value": "Marcin Grabias"
},
{
"lang": "en",
"value": "catch"
},
{
"lang": "en",
"value": "Yurii Boichenko"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Juraj Nemec"
}
]
}

81
2024/13xxx/CVE-2024-13269.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13269",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Advanced Varnish allows Forceful Browsing.This issue affects Advanced Varnish: from 0.0.0 before 4.0.11."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-201 Insertion of Sensitive Information Into Sent Data",
"cweId": "CWE-201"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Advanced Varnish",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "4.0.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-033",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-033"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Heine Deelstra"
},
{
"lang": "en",
"value": "Heine Deelstra"
},
{
"lang": "en",
"value": "Alexander Shumenko"
},
{
"lang": "en",
"value": "Greg Knaddison"
}
]
}

89
2024/13xxx/CVE-2024-13270.json
View File

@ -1,18 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13270",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Freelinking",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "4.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-034",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-034"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Matthew Radcliffe"
},
{
"lang": "en",
"value": "Matthew Radcliffe"
},
{
"lang": "en",
"value": "Gisle Hannemyr"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Damien McKenna"
},
{
"lang": "en",
"value": "Juraj Nemec"
}
]
}

85
2024/13xxx/CVE-2024-13271.json
View File

@ -1,18 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13271",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.This issue affects Content Entity Clone: from 0.0.0 before 1.0.4."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Content Entity Clone",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "1.0.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-035",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-035"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Vojislav Jovanovic"
},
{
"lang": "en",
"value": "orakili"
},
{
"lang": "en",
"value": "Vojislav Jovanovic"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Juraj Nemec"
}
]
}

102
2024/13xxx/CVE-2024-13272.json
View File

@ -1,18 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13272",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1220 Insufficient Granularity of Access Control",
"cweId": "CWE-1220"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Paragraphs table",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "1.23.0"
},
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-036",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-036"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "James Williams"
},
{
"lang": "en",
"value": "James Williams"
},
{
"lang": "en",
"value": "NGUYEN Bao"
},
{
"lang": "en",
"value": "Steven Jones"
},
{
"lang": "en",
"value": "Joseph Olstad"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Jess"
},
{
"lang": "en",
"value": "Juraj Nemec"
}
]
}

90
2024/13xxx/CVE-2024-13273.json
View File

@ -1,18 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13273",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Open Social",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "12.3.8"
},
{
"version_affected": "<",
"version_name": "12.4.0",
"version_value": "12.4.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-037",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-037"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Thiago R\u00e9gis"
},
{
"lang": "en",
"value": "Thiago R\u00e9gis"
},
{
"lang": "en",
"value": "Ronald te Brake"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Juraj Nemec"
}
]
}

94
2024/13xxx/CVE-2024-13274.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13274",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-799 Improper Control of Interaction Frequency",
"cweId": "CWE-799"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Open Social",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "12.3.8"
},
{
"version_affected": "<",
"version_name": "12.4.0",
"version_value": "12.4.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-038",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-038"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "vnech"
},
{
"lang": "en",
"value": "Ronald te Brake"
},
{
"lang": "en",
"value": "vnech"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "Heine Deelstra"
}
]
}

89
2024/13xxx/CVE-2024-13275.json
View File

@ -1,18 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13275",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')",
"cweId": "CWE-843"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Security Kit",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "2.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-039",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-039"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "_b0lli"
},
{
"lang": "en",
"value": "jweowu"
},
{
"lang": "en",
"value": "Drew Webber"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Drew Webber"
},
{
"lang": "en",
"value": "Heine Deelstra"
}
]
}

89
2024/13xxx/CVE-2024-13276.json
View File

@ -1,18 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13276",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-201 Insertion of Sensitive Information Into Sent Data",
"cweId": "CWE-201"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "File Entity (fieldable files)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.x-*",
"version_value": "7.x-2.39"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-040",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-040"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Devin Zuczek"
},
{
"lang": "en",
"value": "Devin Zuczek"
},
{
"lang": "en",
"value": "Joseph Olstad"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Damien McKenna"
},
{
"lang": "en",
"value": "Juraj Nemec"
}
]
}

85
2024/13xxx/CVE-2024-13277.json
View File

@ -1,18 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13277",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Smart IP Ban",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.x-1.0",
"version_value": "7.x-1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-041",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-041"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Shawn Gants"
},
{
"lang": "en",
"value": "Sivaji Ganesh Jojodae"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Damien McKenna"
},
{
"lang": "en",
"value": "Juraj Nemec"
}
]
}

89
2024/13xxx/CVE-2024-13278.json
View File

@ -1,18 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13278",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Diff",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "1.8.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-042",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-042"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Matthias Vogel"
},
{
"lang": "en",
"value": "Matthias Vogel"
},
{
"lang": "en",
"value": "Lucas Hedding"
},
{
"lang": "en",
"value": "Adam Bramley"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Juraj Nemec"
}
]
}

89
2024/13xxx/CVE-2024-13279.json
View File

@ -1,18 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13279",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384 Session Fixation",
"cweId": "CWE-384"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Two-factor Authentication (TFA)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "1.8.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-043",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-043"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Francesco Placella"
},
{
"lang": "en",
"value": "Francesco Placella"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "Conrad Lara"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Juraj Nemec"
}
]
}

90
2024/13xxx/CVE-2024-13280.json
View File

@ -1,18 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13280",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0.* before 2.2.2."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-613 Insufficient Session Expiration",
"cweId": "CWE-613"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Persistent Login",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "1.8.0"
},
{
"version_affected": "<",
"version_name": "2.0.*",
"version_value": "2.2.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-044",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-044"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Geoff Appleby"
},
{
"lang": "en",
"value": "Geoff Appleby"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "Drew Webber"
}
]
}

89
2024/13xxx/CVE-2024-13281.json
View File

@ -1,18 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13281",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Monster Menus",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "9.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-045",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-045"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Dan Wilga"
},
{
"lang": "en",
"value": "Dan Wilga"
},
{
"lang": "en",
"value": "Ian McBride"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Juraj Nemec"
},
{
"lang": "en",
"value": "Damien McKenna"
}
]
}

85
2024/13xxx/CVE-2024-13282.json
View File

@ -1,18 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13282",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect Authorization vulnerability in Drupal Block permissions allows Forceful Browsing.This issue affects Block permissions: from 1.0.0 before 1.2.0."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Block permissions",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.0",
"version_value": "1.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-046",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-046"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Francesco Sardara"
},
{
"lang": "en",
"value": "Francesco Sardara"
},
{
"lang": "en",
"value": "Evgenii Nikitin"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Juraj Nemec"
}
]
}

93
2024/13xxx/CVE-2024-13283.json
View File

@ -1,18 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13283",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.9."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Facets",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "2.0.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-047",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-047"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Andrea Racco"
},
{
"lang": "en",
"value": "Andrea Racco"
},
{
"lang": "en",
"value": "Markus Kalkbrenner"
},
{
"lang": "en",
"value": "Joris Vercammen"
},
{
"lang": "en",
"value": "Jimmy Henderickx"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Juraj Nemec"
}
]
}

110
2024/13xxx/CVE-2024-13284.json
View File

@ -1,18 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13284",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@drupal.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Gutenberg",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "2.13.0"
},
{
"version_affected": "<",
"version_name": "3.0.0",
"version_value": "3.0.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.drupal.org/sa-contrib-2024-048",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2024-048"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Mingsong"
},
{
"lang": "en",
"value": "Mingsong"
},
{
"lang": "en",
"value": "Lee Rowlands"
},
{
"lang": "en",
"value": "Eirik Morland"
},
{
"lang": "en",
"value": "Stephan Zeidler"
},
{
"lang": "en",
"value": "Cathy Theys"
},
{
"lang": "en",
"value": "codebymikey"
},
{
"lang": "en",
"value": "Marco Fernandes"
},
{
"lang": "en",
"value": "Greg Knaddison"
},
{
"lang": "en",
"value": "Juraj Nemec"
}
]
}

56
2024/46xxx/CVE-2024-46505.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46505",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-46505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://jayaramyalla.medium.com/bloxone-business-logic-flaw-due-to-thick-client-vulnerabilities-cve-2024-46505-04a4f1966f4b",
"url": "https://jayaramyalla.medium.com/bloxone-business-logic-flaw-due-to-thick-client-vulnerabilities-cve-2024-46505-04a4f1966f4b"
}
]
}

5
2024/51xxx/CVE-2024-51162.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://en.web-audimex.com/ee-auditmanagement",
"url": "https://en.web-audimex.com/ee-auditmanagement"
},
{
"refsource": "MISC",
"name": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-51162",
"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-51162"
}
]
}

5
2024/51xxx/CVE-2024-51163.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://github.com/rahulkadavil/CVEs/tree/main/CVE-2024-51163",
"url": "https://github.com/rahulkadavil/CVEs/tree/main/CVE-2024-51163"
},
{
"refsource": "MISC",
"name": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-51163",
"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-51163"
}
]
}

61
2024/54xxx/CVE-2024-54724.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-54724",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-54724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://phpyun.com",
"refsource": "MISC",
"name": "http://phpyun.com"
},
{
"refsource": "MISC",
"name": "https://github.com/la12138la/detail/blob/main/1.md",
"url": "https://github.com/la12138la/detail/blob/main/1.md"
}
]
}

56
2024/54xxx/CVE-2024-54761.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-54761",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-54761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/nscan9/BigAnt-Office-Messenger-5.6.06-RCE-via-SQL-Injection/",
"refsource": "MISC",
"name": "https://github.com/nscan9/BigAnt-Office-Messenger-5.6.06-RCE-via-SQL-Injection/"
}
]
}

61
2024/54xxx/CVE-2024-54762.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-54762",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-54762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yangzongzhuan/RuoYi/",
"refsource": "MISC",
"name": "https://github.com/yangzongzhuan/RuoYi/"
},
{
"refsource": "MISC",
"name": "https://locrian-lightning-dc7.notion.site/CVE-2024-54762-1748e5e2b1a280b4a549dcce2c4823e8",
"url": "https://locrian-lightning-dc7.notion.site/CVE-2024-54762-1748e5e2b1a280b4a549dcce2c4823e8"
}
]
}

61
2024/54xxx/CVE-2024-54887.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-54887",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-54887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://tp-link.com",
"refsource": "MISC",
"name": "http://tp-link.com"
},
{
"refsource": "MISC",
"name": "https://github.com/JBince/vulnerability-research/tree/main/CVE-2024-54887",
"url": "https://github.com/JBince/vulnerability-research/tree/main/CVE-2024-54887"
}
]
}

56
2024/55xxx/CVE-2024-55494.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-55494",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-55494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the op_func parameter at /occontrolpanel/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/hassan-mohammed/security-findings/tree/main/CVEs/CVE-2024-55494",
"url": "https://github.com/hassan-mohammed/security-findings/tree/main/CVEs/CVE-2024-55494"
}
]
}

61
2024/56xxx/CVE-2024-56113.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56113",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-56113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://smarttoilet.pratt.duke.edu",
"refsource": "MISC",
"name": "https://smarttoilet.pratt.duke.edu"
},
{
"refsource": "MISC",
"name": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-56113",
"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-56113"
}
]
}

61
2024/56xxx/CVE-2024-56114.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56114",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-56114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from their account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.e-connectsolutions.com",
"refsource": "MISC",
"name": "https://www.e-connectsolutions.com"
},
{
"refsource": "MISC",
"name": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-56114",
"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-56114"
}
]
}

18
2025/0xxx/CVE-2025-0367.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0367",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}