admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-12 15:00:36 +00:00
parent 00fa74ec92
commit 3b6ce3d500
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
19 changed files with 1020 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
2024/29xxx/CVE-2024-29181.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29181",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create. They should see nothing but their own items they created not all items ever created. Users should upgrade @strapi/plugin-content-manager to version 4.19.1 to receive a patch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639: Authorization Bypass Through User-Controlled Key",
"cweId": "CWE-639"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "strapi",
"product": {
"product_data": [
{
"product_name": "strapi",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4.19.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/strapi/strapi/security/advisories/GHSA-6j89-frxc-q26m",
"refsource": "MISC",
"name": "https://github.com/strapi/strapi/security/advisories/GHSA-6j89-frxc-q26m"
},
{
"url": "https://github.com/strapi/strapi/commit/e1dfd4d9f1cab25cf6da3614c1975e4e508e01c6",
"refsource": "MISC",
"name": "https://github.com/strapi/strapi/commit/e1dfd4d9f1cab25cf6da3614c1975e4e508e01c6"
}
]
},
"source": {
"advisory": "GHSA-6j89-frxc-q26m",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

81
2024/31xxx/CVE-2024-31217.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-31217",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in contrast, stops the server execution, making it unavailable for any clients until it's manually restarted. Any user with access to the file upload functionality is able to exploit this vulnerability, affecting applications running in both development mode and production mode as well. Users should upgrade @strapi/plugin-upload to version 4.22.0 to receive a patch.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception",
"cweId": "CWE-248"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "strapi",
"product": {
"product_data": [
{
"product_name": "strapi",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4.22.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/strapi/strapi/security/advisories/GHSA-pm9q-xj9p-96pm",
"refsource": "MISC",
"name": "https://github.com/strapi/strapi/security/advisories/GHSA-pm9q-xj9p-96pm"
},
{
"url": "https://github.com/strapi/strapi/commit/a0da7e73e1496d835fe71a2febb14f70170135c7",
"refsource": "MISC",
"name": "https://github.com/strapi/strapi/commit/a0da7e73e1496d835fe71a2febb14f70170135c7"
}
]
},
"source": {
"advisory": "GHSA-pm9q-xj9p-96pm",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

85
2024/34xxx/CVE-2024-34065.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34065",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. Users should upgrade @strapi/plugin-users-permissions to version 4.24.2 to receive a patch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-294: Authentication Bypass by Capture-replay",
"cweId": "CWE-294"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "strapi",
"product": {
"product_data": [
{
"product_name": "strapi",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4.24.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc",
"refsource": "MISC",
"name": "https://github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc"
}
]
},
"source": {
"advisory": "GHSA-wrvh-rcmr-9qfc",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
]
}

2
2024/34xxx/CVE-2024-34467.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "ThinkPHP 8.0.3 allows remote attackers to discover the PHPSESSION cookie because think_exception.tpl (aka the debug error output source code) provides this in an error message for a crafted URI in a GET request."
"value": "ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.tpl."
}
]
},

78
2024/36xxx/CVE-2024-36263.json
View File

@ -1,18 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36263",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core.\n\nThis issue affects Apache Submarine Server Core: all versions.\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Submarine Server Core",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/apache/submarine/pull/1121",
"refsource": "MISC",
"name": "https://github.com/apache/submarine/pull/1121"
},
{
"url": "https://lists.apache.org/thread/8q9kbdg9gk9kpz5p8x6t7q8709l3vrmt",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/8q9kbdg9gk9kpz5p8x6t7q8709l3vrmt"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "BaoChengZhang of LengJingQiCaiSecurityLab"
},
{
"lang": "en",
"value": "L0ne1y"
}
]
}

81
2024/36xxx/CVE-2024-36264.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36264",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils.\n\nThis issue affects Apache Submarine Commons Utils: from 0.8.0.\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Submarine Commons Utils",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.8.0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/apache/submarine/pull/1125",
"refsource": "MISC",
"name": "https://github.com/apache/submarine/pull/1125"
},
{
"url": "https://lists.apache.org/thread/7mo0c7vbhpo8thvybl8wwvb0bccrg7r4",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/7mo0c7vbhpo8thvybl8wwvb0bccrg7r4"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"SUBMARINE-1417"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Jonathan Leitschuh"
},
{
"lang": "en",
"value": "L0ne1y"
}
]
}

69
2024/36xxx/CVE-2024-36265.json
View File

@ -1,18 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36265",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core.\n\nThis issue affects Apache Submarine Server Core: from 0.8.0.\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Submarine Server Core",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.8.0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/prckhhst19qxof064hsm8cccxtofvflz",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/prckhhst19qxof064hsm8cccxtofvflz"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "L0ne1y"
}
]
}

81
2024/36xxx/CVE-2024-36840.json
View File

@ -1,17 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36840",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-36840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://infosec-db.github.io/CyberDepot/vuln_boelter_blue/",
"refsource": "MISC",
"name": "https://infosec-db.github.io/CyberDepot/vuln_boelter_blue/"
},
{
"url": "https://play.google.com/store/apps/details?id=com.anchor5digital.anchor5adminapp&hl=en_US",
"refsource": "MISC",
"name": "https://play.google.com/store/apps/details?id=com.anchor5digital.anchor5adminapp&hl=en_US"
},
{
"refsource": "FULLDISC",
"name": "20240609 SQL Injection Vulnerability in Boelter Blue System Management (version 1.3)",
"url": "http://seclists.org/fulldisclosure/2024/Jun/0"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/178978/Boelter-Blue-System-Management-1.3-SQL-Injection.html",
"url": "https://packetstormsecurity.com/files/178978/Boelter-Blue-System-Management-1.3-SQL-Injection.html"
},
{
"refsource": "MISC",
"name": "https://sploitus.com/exploit?id=PACKETSTORM:178978",
"url": "https://sploitus.com/exploit?id=PACKETSTORM:178978"
},
{
"refsource": "MISC",
"name": "https://vuldb.com/?id.267594",
"url": "https://vuldb.com/?id.267594"
}
]
}

86
2024/37xxx/CVE-2024-37304.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37304",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight allows attackers to exploit autolinks as a vector for Cross-Site Scripting (XSS) attacks. When a user inputs a Markdown autolink such as `<javascript:alert(1)>`, the link is rendered without proper sanitization. This means that the JavaScript code within the autolink can be executed by the browser, leading to an XSS attack. Version 2024.05.28 contains a patch for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NuGet",
"product": {
"product_data": [
{
"product_name": "NuGetGallery",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2024.05.28"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-gwjh-c548-f787",
"refsource": "MISC",
"name": "https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-gwjh-c548-f787"
},
{
"url": "https://github.com/NuGet/NuGetGallery/pull/9836",
"refsource": "MISC",
"name": "https://github.com/NuGet/NuGetGallery/pull/9836"
},
{
"url": "https://github.com/NuGet/NuGetGallery/commit/c52b023659f4ad7b626874c1063f2b5e878a4fe0",
"refsource": "MISC",
"name": "https://github.com/NuGet/NuGetGallery/commit/c52b023659f4ad7b626874c1063f2b5e878a4fe0"
}
]
},
"source": {
"advisory": "GHSA-gwjh-c548-f787",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

18
2024/38xxx/CVE-2024-38273.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38273",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/38xxx/CVE-2024-38274.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38274",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/38xxx/CVE-2024-38275.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38275",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/38xxx/CVE-2024-38276.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38276",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/38xxx/CVE-2024-38277.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38277",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/38xxx/CVE-2024-38278.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38278",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

100
2024/5xxx/CVE-2024-5893.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5893",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical has been found in SourceCodester Cab Management System 1.0. This affects an unknown part of the file /cms/classes/Users.php?f=delete_client. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268137 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in SourceCodester Cab Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /cms/classes/Users.php?f=delete_client. Dank Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Cab Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.268137",
"refsource": "MISC",
"name": "https://vuldb.com/?id.268137"
},
{
"url": "https://vuldb.com/?ctiid.268137",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.268137"
},
{
"url": "https://vuldb.com/?submit.354910",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.354910"
},
{
"url": "https://github.com/Hefei-Coffee/cve/blob/main/sql9.md",
"refsource": "MISC",
"name": "https://github.com/Hefei-Coffee/cve/blob/main/sql9.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "Hefei-Coffee (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

100
2024/5xxx/CVE-2024-5894.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5894",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-268138 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In SourceCodester Online Eyewear Shop 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei manage_product.php. Mit der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Online Eyewear Shop",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.268138",
"refsource": "MISC",
"name": "https://vuldb.com/?id.268138"
},
{
"url": "https://vuldb.com/?ctiid.268138",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.268138"
},
{
"url": "https://vuldb.com/?submit.354912",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.354912"
},
{
"url": "https://github.com/Hefei-Coffee/cve/blob/main/sql10.md",
"refsource": "MISC",
"name": "https://github.com/Hefei-Coffee/cve/blob/main/sql10.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "Hefei-Coffee (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

100
2024/5xxx/CVE-2024-5895.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5895",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. This issue affects the function delete_users of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268139."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion delete_users der Datei /classes/Users.php?f=delete. Durch die Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Employee and Visitor Gate Pass Logging System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.268139",
"refsource": "MISC",
"name": "https://vuldb.com/?id.268139"
},
{
"url": "https://vuldb.com/?ctiid.268139",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.268139"
},
{
"url": "https://vuldb.com/?submit.354915",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.354915"
},
{
"url": "https://github.com/Hefei-Coffee/cve/blob/main/sql11.md",
"refsource": "MISC",
"name": "https://github.com/Hefei-Coffee/cve/blob/main/sql11.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "Hefei-Coffee (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

18
2024/5xxx/CVE-2024-5904.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5904",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}