diff --git a/2020/14xxx/CVE-2020-14016.json b/2020/14xxx/CVE-2020-14016.json index 97056fcde2a..f0539f8bd4d 100644 --- a/2020/14xxx/CVE-2020-14016.json +++ b/2020/14xxx/CVE-2020-14016.json @@ -56,6 +56,11 @@ "url": "https://blog.sean-wright.com/navigate-cms/", "refsource": "MISC", "name": "https://blog.sean-wright.com/navigate-cms/" + }, + { + "refsource": "MISC", + "name": "https://cwe.mitre.org/data/definitions/204.html", + "url": "https://cwe.mitre.org/data/definitions/204.html" } ] } diff --git a/2022/30xxx/CVE-2022-30332.json b/2022/30xxx/CVE-2022-30332.json index db2cb11bb4b..819c6ab1dc5 100644 --- a/2022/30xxx/CVE-2022-30332.json +++ b/2022/30xxx/CVE-2022-30332.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://cwe.mitre.org/data/definitions/204.html", + "url": "https://cwe.mitre.org/data/definitions/204.html" + }, { "url": "https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmw", "refsource": "MISC", diff --git a/2024/34xxx/CVE-2024-34055.json b/2024/34xxx/CVE-2024-34055.json index 701f84f42ef..57241b48062 100644 --- a/2024/34xxx/CVE-2024-34055.json +++ b/2024/34xxx/CVE-2024-34055.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-34055", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-34055", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/cyrusimap/cyrus-imapd/commit/ef9e4e8314d6a06f2269af0ccf606894cc3fe489", + "url": "https://github.com/cyrusimap/cyrus-imapd/commit/ef9e4e8314d6a06f2269af0ccf606894cc3fe489" + }, + { + "refsource": "MISC", + "name": "https://www.cyrusimap.org/imap/download/release-notes/3.8/x/3.8.3.html", + "url": "https://www.cyrusimap.org/imap/download/release-notes/3.8/x/3.8.3.html" + }, + { + "refsource": "MISC", + "name": "https://www.cyrusimap.org/dev/imap/download/release-notes/3.10/x/3.10.0-rc1.html", + "url": "https://www.cyrusimap.org/dev/imap/download/release-notes/3.10/x/3.10.0-rc1.html" } ] } diff --git a/2024/5xxx/CVE-2024-5149.json b/2024/5xxx/CVE-2024-5149.json index a41790a4a7d..e0ae1078cae 100644 --- a/2024/5xxx/CVE-2024-5149.json +++ b/2024/5xxx/CVE-2024-5149.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5149", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-330 Use of Insufficiently Random Values" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "svenl77", + "product": { + "product_data": [ + { + "product_name": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.8.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5c8d361-698b-4abd-bcdd-0361d3fd10c5?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5c8d361-698b-4abd-bcdd-0361d3fd10c5?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/buddyforms/tags/2.8.9/includes/wp-insert-user.php#L334", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/buddyforms/tags/2.8.9/includes/wp-insert-user.php#L334" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Istv\u00e1n M\u00e1rton" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/5xxx/CVE-2024-5262.json b/2024/5xxx/CVE-2024-5262.json index c27bdd83596..71f6d76ff2e 100644 --- a/2024/5xxx/CVE-2024-5262.json +++ b/2024/5xxx/CVE-2024-5262.json @@ -1,18 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5262", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ART@zuso.ai", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-552 Files or Directories Accessible to External Parties", + "cweId": "CWE-552" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ProjectDiscovery", + "product": { + "product_data": [ + { + "product_name": "Interactsh", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "v1.1.9", + "status": "affected", + "version": "v0.0.6", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://zuso.ai/advisory/za-2024-01", + "refsource": "MISC", + "name": "https://zuso.ai/advisory/za-2024-01" + }, + { + "url": "https://github.com/projectdiscovery/interactsh/pull/874", + "refsource": "MISC", + "name": "https://github.com/projectdiscovery/interactsh/pull/874" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "defect": [ + "ZA-2024-01" + ], + "discovery": "UNKNOWN" } } \ No newline at end of file