diff --git a/2024/22xxx/CVE-2024-22005.json b/2024/22xxx/CVE-2024-22005.json index 23c91992b86..afbe25bb566 100644 --- a/2024/22xxx/CVE-2024-22005.json +++ b/2024/22xxx/CVE-2024-22005.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In TBD of TBD, there is a possible Authentication Bypass due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + "value": "there is a possible Authentication Bypass due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] }, @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/22xxx/CVE-2024-22006.json b/2024/22xxx/CVE-2024-22006.json index 3067f0b262c..bcfae548697 100644 --- a/2024/22xxx/CVE-2024-22006.json +++ b/2024/22xxx/CVE-2024-22006.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Android kernel allows Information disclosure." + "value": "OOB read in the TMU plugin that allows for memory disclosure in the power management subsystem of the device." } ] }, @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/22xxx/CVE-2024-22007.json b/2024/22xxx/CVE-2024-22007.json index 775a65284e1..b1e710e191d 100644 --- a/2024/22xxx/CVE-2024-22007.json +++ b/2024/22xxx/CVE-2024-22007.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/22xxx/CVE-2024-22008.json b/2024/22xxx/CVE-2024-22008.json index a44fef5e78c..b175424d44c 100644 --- a/2024/22xxx/CVE-2024-22008.json +++ b/2024/22xxx/CVE-2024-22008.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/22xxx/CVE-2024-22009.json b/2024/22xxx/CVE-2024-22009.json index e5b4e8fcc23..6ef3b2de590 100644 --- a/2024/22xxx/CVE-2024-22009.json +++ b/2024/22xxx/CVE-2024-22009.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In init_data of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + "value": "In init_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] }, @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/22xxx/CVE-2024-22010.json b/2024/22xxx/CVE-2024-22010.json index 4298d4cfbaa..1e7490d2ac4 100644 --- a/2024/22xxx/CVE-2024-22010.json +++ b/2024/22xxx/CVE-2024-22010.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/22xxx/CVE-2024-22011.json b/2024/22xxx/CVE-2024-22011.json index ba8e9dbe784..7a915d7e7d7 100644 --- a/2024/22xxx/CVE-2024-22011.json +++ b/2024/22xxx/CVE-2024-22011.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/25xxx/CVE-2024-25984.json b/2024/25xxx/CVE-2024-25984.json index e43a7ce8cf0..c755ff5b13c 100644 --- a/2024/25xxx/CVE-2024-25984.json +++ b/2024/25xxx/CVE-2024-25984.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/25xxx/CVE-2024-25985.json b/2024/25xxx/CVE-2024-25985.json index 12b9675a0cc..6cf14df7696 100644 --- a/2024/25xxx/CVE-2024-25985.json +++ b/2024/25xxx/CVE-2024-25985.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/25xxx/CVE-2024-25986.json b/2024/25xxx/CVE-2024-25986.json index 7034db375f6..e15e87222a5 100644 --- a/2024/25xxx/CVE-2024-25986.json +++ b/2024/25xxx/CVE-2024-25986.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/25xxx/CVE-2024-25987.json b/2024/25xxx/CVE-2024-25987.json index 8fc7d558bcd..3c098bcc5d1 100644 --- a/2024/25xxx/CVE-2024-25987.json +++ b/2024/25xxx/CVE-2024-25987.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/25xxx/CVE-2024-25988.json b/2024/25xxx/CVE-2024-25988.json index 7cd30273eb3..bff9e1bba48 100644 --- a/2024/25xxx/CVE-2024-25988.json +++ b/2024/25xxx/CVE-2024-25988.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/25xxx/CVE-2024-25989.json b/2024/25xxx/CVE-2024-25989.json index 49331ba53e1..2cd0c748d77 100644 --- a/2024/25xxx/CVE-2024-25989.json +++ b/2024/25xxx/CVE-2024-25989.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/25xxx/CVE-2024-25990.json b/2024/25xxx/CVE-2024-25990.json index 1c4e673c0e6..5a10a32474c 100644 --- a/2024/25xxx/CVE-2024-25990.json +++ b/2024/25xxx/CVE-2024-25990.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/25xxx/CVE-2024-25991.json b/2024/25xxx/CVE-2024-25991.json index 0f8e89e2b77..886635a6202 100644 --- a/2024/25xxx/CVE-2024-25991.json +++ b/2024/25xxx/CVE-2024-25991.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/25xxx/CVE-2024-25992.json b/2024/25xxx/CVE-2024-25992.json index e8689ddf2aa..5a0707d5c68 100644 --- a/2024/25xxx/CVE-2024-25992.json +++ b/2024/25xxx/CVE-2024-25992.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/25xxx/CVE-2024-25993.json b/2024/25xxx/CVE-2024-25993.json index 97a35000e24..a097887bc5f 100644 --- a/2024/25xxx/CVE-2024-25993.json +++ b/2024/25xxx/CVE-2024-25993.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In tmu_reset_tmu_trip_counter of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + "value": "In tmu_reset_tmu_trip_counter of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] }, @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/26xxx/CVE-2024-26163.json b/2024/26xxx/CVE-2024-26163.json index 184ce4a107f..c74c0309509 100644 --- a/2024/26xxx/CVE-2024-26163.json +++ b/2024/26xxx/CVE-2024-26163.json @@ -45,6 +45,18 @@ } ] } + }, + { + "product_name": "Microsoft Edge (Chromium-based) Extended Stable", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "122.0.2365.92" + } + ] + } } ] } diff --git a/2024/27xxx/CVE-2024-27195.json b/2024/27xxx/CVE-2024-27195.json index db1f82d97ab..d1b59373ca2 100644 --- a/2024/27xxx/CVE-2024-27195.json +++ b/2024/27xxx/CVE-2024-27195.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Watermark RELOADED allows Stored XSS.This issue affects Watermark RELOADED: from n/a through 1.3.5.\n\n" + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Watermark RELOADED.This issue affects Watermark RELOADED: from n/a through 1.3.5.\n\n" } ] }, diff --git a/2024/27xxx/CVE-2024-27204.json b/2024/27xxx/CVE-2024-27204.json index 2b5dd69bd3e..eba2fc40ee2 100644 --- a/2024/27xxx/CVE-2024-27204.json +++ b/2024/27xxx/CVE-2024-27204.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27205.json b/2024/27xxx/CVE-2024-27205.json index ca4419f1715..5514e139d03 100644 --- a/2024/27xxx/CVE-2024-27205.json +++ b/2024/27xxx/CVE-2024-27205.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In tbd of tbd, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + "value": "there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] }, @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27206.json b/2024/27xxx/CVE-2024-27206.json index 39af85d1ff7..9bd07dfe248 100644 --- a/2024/27xxx/CVE-2024-27206.json +++ b/2024/27xxx/CVE-2024-27206.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In tbd of tbd, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + "value": "there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ] }, @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27207.json b/2024/27xxx/CVE-2024-27207.json index 1b55783d378..b95291ceb41 100644 --- a/2024/27xxx/CVE-2024-27207.json +++ b/2024/27xxx/CVE-2024-27207.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Android kernel allows Elevation of privilege." + "value": "Exported broadcast receivers allowing malicious apps to bypass broadcast protection." } ] }, @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27208.json b/2024/27xxx/CVE-2024-27208.json index 0eed2504e92..2eedfa0d107 100644 --- a/2024/27xxx/CVE-2024-27208.json +++ b/2024/27xxx/CVE-2024-27208.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In TBD of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + "value": "there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] }, @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27209.json b/2024/27xxx/CVE-2024-27209.json index 6b749762ec0..13133751613 100644 --- a/2024/27xxx/CVE-2024-27209.json +++ b/2024/27xxx/CVE-2024-27209.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In TBD of TBD, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + "value": "there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] }, @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27210.json b/2024/27xxx/CVE-2024-27210.json index 8617b92399e..d3f2c9c59ad 100644 --- a/2024/27xxx/CVE-2024-27210.json +++ b/2024/27xxx/CVE-2024-27210.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27211.json b/2024/27xxx/CVE-2024-27211.json index fa3effb1225..a1df1416aae 100644 --- a/2024/27xxx/CVE-2024-27211.json +++ b/2024/27xxx/CVE-2024-27211.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27212.json b/2024/27xxx/CVE-2024-27212.json index 64cf26b6252..a1f9dcfadab 100644 --- a/2024/27xxx/CVE-2024-27212.json +++ b/2024/27xxx/CVE-2024-27212.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In init_data of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + "value": "In init_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] }, @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27213.json b/2024/27xxx/CVE-2024-27213.json index 37cf8c95f4f..da6159594c8 100644 --- a/2024/27xxx/CVE-2024-27213.json +++ b/2024/27xxx/CVE-2024-27213.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27218.json b/2024/27xxx/CVE-2024-27218.json index 688721a06d0..530028ce1aa 100644 --- a/2024/27xxx/CVE-2024-27218.json +++ b/2024/27xxx/CVE-2024-27218.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In update_freq_data of TBD, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + "value": "In update_freq_data of , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ] }, @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27219.json b/2024/27xxx/CVE-2024-27219.json index 8396b24e00d..c67d232269c 100644 --- a/2024/27xxx/CVE-2024-27219.json +++ b/2024/27xxx/CVE-2024-27219.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27220.json b/2024/27xxx/CVE-2024-27220.json index 8c22cef46be..689e77705aa 100644 --- a/2024/27xxx/CVE-2024-27220.json +++ b/2024/27xxx/CVE-2024-27220.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In lpm_req_handler of TBD, there is a possible out of bounds memory access due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + "value": "In lpm_req_handler of , there is a possible out of bounds memory access due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] }, @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27221.json b/2024/27xxx/CVE-2024-27221.json index 844108ef20d..cd019374428 100644 --- a/2024/27xxx/CVE-2024-27221.json +++ b/2024/27xxx/CVE-2024-27221.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In update_policy_data of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + "value": "In update_policy_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] }, @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27222.json b/2024/27xxx/CVE-2024-27222.json index f10edd94bfd..a17315b6dde 100644 --- a/2024/27xxx/CVE-2024-27222.json +++ b/2024/27xxx/CVE-2024-27222.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27223.json b/2024/27xxx/CVE-2024-27223.json index 9102c92756c..e64e3012f18 100644 --- a/2024/27xxx/CVE-2024-27223.json +++ b/2024/27xxx/CVE-2024-27223.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/28xxx/CVE-2024-28851.json b/2024/28xxx/CVE-2024-28851.json index af4bafd1e00..5c0c5a8582f 100644 --- a/2024/28xxx/CVE-2024-28851.json +++ b/2024/28xxx/CVE-2024-28851.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28851", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a `helper script` for the Hive MetaStore Connector. A malicious insider without admin privileges could, in theory, use the script to download content from a Microsoft domain to the local system and replace the valid content with malicious code. If the attacker then also had local access to the same system where the maliciously modified script is run, they could attempt to manipulate users into executing the attacker-controlled helper script, potentially gaining elevated privileges to the local system. The vulnerability in the script was patched on February 09, 2024, without a version bump to the Connector. User who use the helper script are strongly advised to use the latest version as soon as possible. Users unable to upgrade should avoid using the helper script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "snowflakedb", + "product": { + "product_data": [ + { + "product_name": "snowflake-hive-metastore-connector", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< dfbf87dff4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/snowflakedb/snowflake-hive-metastore-connector/security/advisories/GHSA-r68p-g2x9-mq7x", + "refsource": "MISC", + "name": "https://github.com/snowflakedb/snowflake-hive-metastore-connector/security/advisories/GHSA-r68p-g2x9-mq7x" + }, + { + "url": "https://github.com/snowflakedb/snowflake-hive-metastore-connector/commit/dfbf87dff456f6bb62c927711d97316f0c71d8ca", + "refsource": "MISC", + "name": "https://github.com/snowflakedb/snowflake-hive-metastore-connector/commit/dfbf87dff456f6bb62c927711d97316f0c71d8ca" + }, + { + "url": "https://github.com/snowflakedb/snowflake-hive-metastore-connector/blob/master/scripts/add_snowflake_hive_metastore_connector_script_action.sh", + "refsource": "MISC", + "name": "https://github.com/snowflakedb/snowflake-hive-metastore-connector/blob/master/scripts/add_snowflake_hive_metastore_connector_script_action.sh" + } + ] + }, + "source": { + "advisory": "GHSA-r68p-g2x9-mq7x", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/28xxx/CVE-2024-28854.json b/2024/28xxx/CVE-2024-28854.json index 12cd2714df6..485f287bbf1 100644 --- a/2024/28xxx/CVE-2024-28854.json +++ b/2024/28xxx/CVE-2024-28854.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28854", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 `TcpStream`s a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using `TlsListener::new()` vulnerable to a slow-loris DoS attack. This impacts any publicly accessible service using the default configuration of tls-listener in versions prior to 0.10.0. Users are advised to upgrade. Users unable to upgrade may mitigate this by passing a large value, such as `usize::MAX` as the parameter to `Builder::max_handshakes`.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "tmccombs", + "product": { + "product_data": [ + { + "product_name": "tls-listener", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 0.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tmccombs/tls-listener/security/advisories/GHSA-2qph-qpvm-2qf7", + "refsource": "MISC", + "name": "https://github.com/tmccombs/tls-listener/security/advisories/GHSA-2qph-qpvm-2qf7" + }, + { + "url": "https://github.com/tmccombs/tls-listener/commit/d5a7655d6ea9e53ab57c3013092c5576da964bc4", + "refsource": "MISC", + "name": "https://github.com/tmccombs/tls-listener/commit/d5a7655d6ea9e53ab57c3013092c5576da964bc4" + }, + { + "url": "https://en.wikipedia.org/wiki/Slowloris_(computer_security)", + "refsource": "MISC", + "name": "https://en.wikipedia.org/wiki/Slowloris_(computer_security)" + } + ] + }, + "source": { + "advisory": "GHSA-2qph-qpvm-2qf7", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2478.json b/2024/2xxx/CVE-2024-2478.json index f3f2b4e7e9f..7fc64fc6ab2 100644 --- a/2024/2xxx/CVE-2024-2478.json +++ b/2024/2xxx/CVE-2024-2478.json @@ -1,104 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2478", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in BradWenqiang HR 2.0. It has been rated as critical. Affected by this issue is the function selectAll of the file /bishe/register of the component Background Management. The manipulation of the argument userName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256886 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine kritische Schwachstelle wurde in BradWenqiang HR 2.0 ausgemacht. Es geht hierbei um die Funktion selectAll der Datei /bishe/register der Komponente Background Management. Durch die Manipulation des Arguments userName mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "BradWenqiang", - "product": { - "product_data": [ - { - "product_name": "HR", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "2.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256886", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256886" - }, - { - "url": "https://vuldb.com/?ctiid.256886", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256886" - }, - { - "url": "https://github.com/zuizui35/cve/blob/main/cve.md", - "refsource": "MISC", - "name": "https://github.com/zuizui35/cve/blob/main/cve.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "zuizui (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2479.json b/2024/2xxx/CVE-2024-2479.json index 9d35a9a33c2..a3d058bec1b 100644 --- a/2024/2xxx/CVE-2024-2479.json +++ b/2024/2xxx/CVE-2024-2479.json @@ -1,104 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2479", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as problematic has been found in MHA Sistemas arMHAzena 9.6.0.0. This affects an unknown part of the component Cadastro Page. The manipulation of the argument Query leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256887. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Es wurde eine Schwachstelle in MHA Sistemas arMHAzena 9.6.0.0 entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Komponente Cadastro Page. Durch Manipulation des Arguments Query mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MHA Sistemas", - "product": { - "product_data": [ - { - "product_name": "arMHAzena", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "9.6.0.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256887", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256887" - }, - { - "url": "https://vuldb.com/?ctiid.256887", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256887" - }, - { - "url": "https://johnermac.github.io/cve/xss/", - "refsource": "MISC", - "name": "https://johnermac.github.io/cve/xss/" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Johnermac (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 3.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "3.0", - "baseScore": 3.5, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "2.0", - "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2480.json b/2024/2xxx/CVE-2024-2480.json index c3324a34fd1..8f91c42c79e 100644 --- a/2024/2xxx/CVE-2024-2480.json +++ b/2024/2xxx/CVE-2024-2480.json @@ -1,104 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2480", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as critical was found in MHA Sistemas arMHAzena 9.6.0.0. This vulnerability affects unknown code of the component Executa Page. The manipulation of the argument Companhia/Planta/Agente de/Agente at\u00e9 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256888. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In MHA Sistemas arMHAzena 9.6.0.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente Executa Page. Mittels dem Manipulieren des Arguments Companhia/Planta/Agente de/Agente at\u00e9 mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MHA Sistemas", - "product": { - "product_data": [ - { - "product_name": "arMHAzena", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "9.6.0.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256888", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256888" - }, - { - "url": "https://vuldb.com/?ctiid.256888", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256888" - }, - { - "url": "https://johnermac.github.io/cve/sqli/", - "refsource": "MISC", - "name": "https://johnermac.github.io/cve/sqli/" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Johnermac (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2481.json b/2024/2xxx/CVE-2024-2481.json index bff8911e844..a484db84335 100644 --- a/2024/2xxx/CVE-2024-2481.json +++ b/2024/2xxx/CVE-2024-2481.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2481", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Affected is an unknown function of the file /admin/manage-students.php. The manipulation of the argument del leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256890 is the identifier assigned to this vulnerability." - }, - { - "lang": "deu", - "value": "Es wurde eine Schwachstelle in Surya2Developer Hostel Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /admin/manage-students.php. Durch das Manipulieren des Arguments del mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284 Improper Access Controls", - "cweId": "CWE-284" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Surya2Developer", - "product": { - "product_data": [ - { - "product_name": "Hostel Management System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256890", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256890" - }, - { - "url": "https://vuldb.com/?ctiid.256890", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256890" - }, - { - "url": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/Broken_Access_Control%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md", - "refsource": "MISC", - "name": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/Broken_Access_Control%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "C.P. Rivera" - }, - { - "lang": "en", - "value": "blackslim3 (VulDB User)" - }, - { - "lang": "en", - "value": "blackslim3 (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.5, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.4, - "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2482.json b/2024/2xxx/CVE-2024-2482.json index 455d97ffe61..7477edef9d4 100644 --- a/2024/2xxx/CVE-2024-2482.json +++ b/2024/2xxx/CVE-2024-2482.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2482", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /check_availability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword leads to observable response discrepancy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256891." - }, - { - "lang": "deu", - "value": "In Surya2Developer Hostel Management Service 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /check_availability.php der Komponente HTTP POST Request Handler. Durch Manipulieren des Arguments oldpassword mit unbekannten Daten kann eine observable response discrepancy-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-204 Observable Response Discrepancy", - "cweId": "CWE-204" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Surya2Developer", - "product": { - "product_data": [ - { - "product_name": "Hostel Management Service", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256891", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256891" - }, - { - "url": "https://vuldb.com/?ctiid.256891", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256891" - }, - { - "url": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/Username_and_Password_Enumeration%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md", - "refsource": "MISC", - "name": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/Username_and_Password_Enumeration%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "C.P. Rivera" - }, - { - "lang": "en", - "value": "blackslim3 (VulDB User)" - }, - { - "lang": "en", - "value": "blackslim3 (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 3.7, - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "baseSeverity": "LOW" - }, - { - "version": "3.0", - "baseScore": 3.7, - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "baseSeverity": "LOW" - }, - { - "version": "2.0", - "baseScore": 2.6, - "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2483.json b/2024/2xxx/CVE-2024-2483.json index f4f813db2bc..506e49c7a7c 100644 --- a/2024/2xxx/CVE-2024-2483.json +++ b/2024/2xxx/CVE-2024-2483.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2483", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0. This issue affects some unknown processing of the file /change-password.php of the component Password Change Handler. The manipulation of the argument oldpassword leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256889 was assigned to this vulnerability." - }, - { - "lang": "deu", - "value": "Eine Schwachstelle wurde in Surya2Developer Hostel Management Service 1.0 entdeckt. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /change-password.php der Komponente Password Change Handler. Mittels Manipulieren des Arguments oldpassword mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Surya2Developer", - "product": { - "product_data": [ - { - "product_name": "Hostel Management Service", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256889", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256889" - }, - { - "url": "https://vuldb.com/?ctiid.256889", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256889" - }, - { - "url": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/CSRF%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md", - "refsource": "MISC", - "name": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/CSRF%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "C.P. Rivera" - }, - { - "lang": "en", - "value": "blackslim3 (VulDB User)" - }, - { - "lang": "en", - "value": "blackslim3 (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 4.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 4.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 5, - "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2485.json b/2024/2xxx/CVE-2024-2485.json index 340ca7e5777..36fcc4d216c 100644 --- a/2024/2xxx/CVE-2024-2485.json +++ b/2024/2xxx/CVE-2024-2485.json @@ -1,104 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2485", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine Schwachstelle wurde in Tenda AC18 15.03.05.05 gefunden. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion formSetSpeedWan der Datei /goform/SetSpeedWan. Durch das Beeinflussen des Arguments speed_dir mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "AC18", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "15.03.05.05" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256892", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256892" - }, - { - "url": "https://vuldb.com/?ctiid.256892", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256892" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/SetSpeedWan.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/SetSpeedWan.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "yhryhryhr (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2486.json b/2024/2xxx/CVE-2024-2486.json index 568615e52ef..956ce2368c7 100644 --- a/2024/2xxx/CVE-2024-2486.json +++ b/2024/2xxx/CVE-2024-2486.json @@ -1,104 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2486", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Tenda AC18 15.03.05.05. It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256893 was assigned to this vulnerability." - }, - { - "lang": "deu", - "value": "Es wurde eine Schwachstelle in Tenda AC18 15.03.05.05 ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion formQuickIndex der Datei /goform/QuickIndex. Durch Beeinflussen des Arguments PPPOEPassword mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "AC18", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "15.03.05.05" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256893", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256893" - }, - { - "url": "https://vuldb.com/?ctiid.256893", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256893" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formQuickIndex.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formQuickIndex.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "yhryhryhr (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2487.json b/2024/2xxx/CVE-2024-2487.json index 06c37246923..b957587a294 100644 --- a/2024/2xxx/CVE-2024-2487.json +++ b/2024/2xxx/CVE-2024-2487.json @@ -1,104 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2487", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName/mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256894 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In Tenda AC18 15.03.05.05 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion formSetDeviceName der Datei /goform/SetOnlineDevName. Dank der Manipulation des Arguments devName/mac mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "AC18", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "15.03.05.05" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256894", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256894" - }, - { - "url": "https://vuldb.com/?ctiid.256894", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256894" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetDeviceName_devName.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetDeviceName_devName.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "yhryhryhr (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2488.json b/2024/2xxx/CVE-2024-2488.json index 348d9022bc3..632fc703a8f 100644 --- a/2024/2xxx/CVE-2024-2488.json +++ b/2024/2xxx/CVE-2024-2488.json @@ -1,104 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2488", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIP leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256895. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine Schwachstelle wurde in Tenda AC18 15.03.05.05 ausgemacht. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion formSetPPTPServer der Datei /goform/SetPptpServerCfg. Dank Manipulation des Arguments startIP mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "AC18", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "15.03.05.05" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256895", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256895" - }, - { - "url": "https://vuldb.com/?ctiid.256895", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256895" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetPPTPServer.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetPPTPServer.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "yhryhryhr (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2545.json b/2024/2xxx/CVE-2024-2545.json index 441bc22974e..de82cdf3197 100644 --- a/2024/2xxx/CVE-2024-2545.json +++ b/2024/2xxx/CVE-2024-2545.json @@ -1,17 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2545", - "ASSIGNER": "security@wordfence.com", - "STATE": "REJECT" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1730. Reason: This candidate is a duplicate of CVE-2024-1730. Notes: All CVE users should reference CVE-2024-1730 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] }