From 4263544dfb4dbf148910928d6db901abbc4a63bf Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2024 02:10:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/52xxx/CVE-2023-52605.json | 144 +------------------------- 2023/7xxx/CVE-2023-7250.json | 150 ++++++++++++++++++++++++++- 2024/2xxx/CVE-2024-2182.json | 14 +-- 2024/2xxx/CVE-2024-2390.json | 129 ++++++++++++++++++++++- 2024/2xxx/CVE-2024-2496.json | 182 ++++++++++++++++++++++++++++++++- 2024/2xxx/CVE-2024-2584.json | 84 ++++++++++++++- 2024/2xxx/CVE-2024-2585.json | 84 ++++++++++++++- 2024/2xxx/CVE-2024-2586.json | 84 ++++++++++++++- 2024/2xxx/CVE-2024-2587.json | 84 ++++++++++++++- 2024/2xxx/CVE-2024-2588.json | 84 ++++++++++++++- 2024/2xxx/CVE-2024-2589.json | 84 ++++++++++++++- 2024/2xxx/CVE-2024-2590.json | 84 ++++++++++++++- 2024/2xxx/CVE-2024-2591.json | 84 ++++++++++++++- 2024/2xxx/CVE-2024-2592.json | 84 ++++++++++++++- 2024/2xxx/CVE-2024-2593.json | 84 ++++++++++++++- 2024/2xxx/CVE-2024-2594.json | 84 ++++++++++++++- 2024/2xxx/CVE-2024-2595.json | 84 ++++++++++++++- 2024/2xxx/CVE-2024-2596.json | 84 ++++++++++++++- 2024/2xxx/CVE-2024-2597.json | 84 ++++++++++++++- 2024/2xxx/CVE-2024-2598.json | 84 ++++++++++++++- 2024/2xxx/CVE-2024-2604.json | 95 +---------------- 21 files changed, 1662 insertions(+), 312 deletions(-) diff --git a/2023/52xxx/CVE-2023-52605.json b/2023/52xxx/CVE-2023-52605.json index c5058121d9e..b0c2a78fea8 100644 --- a/2023/52xxx/CVE-2023-52605.json +++ b/2023/52xxx/CVE-2023-52605.json @@ -5,154 +5,14 @@ "CVE_data_meta": { "ID": "CVE-2023-52605", "ASSIGNER": "cve@kernel.org", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: extlog: fix NULL pointer dereference check\n\nThe gcc plugin -fanalyzer [1] tries to detect various\npatterns of incorrect behaviour. The tool reports:\n\ndrivers/acpi/acpi_extlog.c: In function \u2018extlog_exit\u2019:\ndrivers/acpi/acpi_extlog.c:307:12: warning: check of \u2018extlog_l1_addr\u2019 for NULL after already dereferencing it [-Wanalyzer-deref-before-check]\n |\n | 306 | ((struct extlog_l1_head *)extlog_l1_addr)->flags &= ~FLAG_OS_OPTIN;\n | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~\n | | |\n | | (1) pointer \u2018extlog_l1_addr\u2019 is dereferenced here\n | 307 | if (extlog_l1_addr)\n | | ~\n | | |\n | | (2) pointer \u2018extlog_l1_addr\u2019 is checked for NULL here but it was already dereferenced at (1)\n |\n\nFix the NULL pointer dereference check in extlog_exit()." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Linux", - "product": { - "product_data": [ - { - "product_name": "Linux", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1da177e4c3f4", - "version_value": "b7b33627be06" - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "4.19.307", - "lessThanOrEqual": "4.19.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "5.4.269", - "lessThanOrEqual": "5.4.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "5.10.210", - "lessThanOrEqual": "5.10.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "5.15.149", - "lessThanOrEqual": "5.15.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "6.1.77", - "lessThanOrEqual": "6.1.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "6.6.16", - "lessThanOrEqual": "6.6.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "6.7.4", - "lessThanOrEqual": "6.7.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "6.8", - "lessThanOrEqual": "*", - "status": "unaffected", - "versionType": "original_commit_for_fix" - } - ], - "defaultStatus": "affected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://git.kernel.org/stable/c/b7b33627be0626b16ca321b982d6a2261ef7f703", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/b7b33627be0626b16ca321b982d6a2261ef7f703" - }, - { - "url": "https://git.kernel.org/stable/c/d2049af7ddbc361702c3e1f09bd6c5e9488454ca", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/d2049af7ddbc361702c3e1f09bd6c5e9488454ca" - }, - { - "url": "https://git.kernel.org/stable/c/b17a71435e7e153e949df018244a98b4ede04069", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/b17a71435e7e153e949df018244a98b4ede04069" - }, - { - "url": "https://git.kernel.org/stable/c/5457b0cbaa0238fc56b855c4ef2c0b9cc9c559ab", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/5457b0cbaa0238fc56b855c4ef2c0b9cc9c559ab" - }, - { - "url": "https://git.kernel.org/stable/c/33650372e3ead97c5ab3b84d9ad97737bc5e00c0", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/33650372e3ead97c5ab3b84d9ad97737bc5e00c0" - }, - { - "url": "https://git.kernel.org/stable/c/f066171de33d71ff0f7c46bd17636a5a26db3fb6", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/f066171de33d71ff0f7c46bd17636a5a26db3fb6" - }, - { - "url": "https://git.kernel.org/stable/c/77846571b3ba6a6125a20ad109bb8514ba884cf9", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/77846571b3ba6a6125a20ad109bb8514ba884cf9" - }, - { - "url": "https://git.kernel.org/stable/c/72d9b9747e78979510e9aafdd32eb99c7aa30dd1", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/72d9b9747e78979510e9aafdd32eb99c7aa30dd1" - } - ] - }, - "generator": { - "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2023/7xxx/CVE-2023-7250.json b/2023/7xxx/CVE-2023-7250.json index 70ebcaa7121..0a51887dde5 100644 --- a/2023/7xxx/CVE-2023-7250.json +++ b/2023/7xxx/CVE-2023-7250.json @@ -1,17 +1,159 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-7250", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Permissive List of Allowed Inputs", + "cweId": "CWE-183" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "iperf", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "3.15", + "status": "unaffected" + } + ] + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-7250", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-7250" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244707", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2244707" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2182.json b/2024/2xxx/CVE-2024-2182.json index 856151b6898..01ec0546168 100644 --- a/2024/2xxx/CVE-2024-2182.json +++ b/2024/2xxx/CVE-2024-2182.json @@ -175,7 +175,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } }, { @@ -230,37 +230,37 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } } ] diff --git a/2024/2xxx/CVE-2024-2390.json b/2024/2xxx/CVE-2024-2390.json index a2b6cd5a047..eb7691d9117 100644 --- a/2024/2xxx/CVE-2024-2390.json +++ b/2024/2xxx/CVE-2024-2390.json @@ -1,17 +1,138 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2390", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nAs a part of Tenable\u2019s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenable", + "product": { + "product_data": [ + { + "product_name": "Nessus Agent", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "#202403142053", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Nessus", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "#202403142053", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.tenable.com/security/tns-2024-05", + "refsource": "MISC", + "name": "https://www.tenable.com/security/tns-2024-05" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TNS-2024-05", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nTenable has released updates to plugins to resolve the issue. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202403142053.\n\n
" + } + ], + "value": "\nTenable has released updates to plugins to resolve the issue. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202403142053.\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Rich Sprigg (RythmStick)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2496.json b/2024/2xxx/CVE-2024-2496.json index fb05e0cde78..013347c11b7 100644 --- a/2024/2xxx/CVE-2024-2496.json +++ b/2024/2xxx/CVE-2024-2496.json @@ -1,17 +1,191 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2496", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "libvirt", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "9.8.0", + "status": "unaffected" + } + ] + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora 39", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-2496", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2024-2496" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269672", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2269672" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2584.json b/2024/2xxx/CVE-2024-2584.json index 79062686800..73cecfc577a 100644 --- a/2024/2xxx/CVE-2024-2584.json +++ b/2024/2xxx/CVE-2024-2584.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2584", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Amssplus", + "product": { + "product_data": [ + { + "product_name": "AMSS++", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2585.json b/2024/2xxx/CVE-2024-2585.json index 623cfd24ee5..f6a60e4afc6 100644 --- a/2024/2xxx/CVE-2024-2585.json +++ b/2024/2xxx/CVE-2024-2585.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2585", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send_2.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Amssplus", + "product": { + "product_data": [ + { + "product_name": "AMSS++", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2586.json b/2024/2xxx/CVE-2024-2586.json index 4ec237804ce..1dbd0844aad 100644 --- a/2024/2xxx/CVE-2024-2586.json +++ b/2024/2xxx/CVE-2024-2586.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2586", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Amssplus", + "product": { + "product_data": [ + { + "product_name": "AMSS++", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2587.json b/2024/2xxx/CVE-2024-2587.json index 37347243e62..7823791302c 100644 --- a/2024/2xxx/CVE-2024-2587.json +++ b/2024/2xxx/CVE-2024-2587.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2587", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_khet_person.php, in multiple\u00a0parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Amssplus", + "product": { + "product_data": [ + { + "product_name": "AMSS++", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2588.json b/2024/2xxx/CVE-2024-2588.json index 7c0942bcdad..aa5410c4f87 100644 --- a/2024/2xxx/CVE-2024-2588.json +++ b/2024/2xxx/CVE-2024-2588.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2588", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id'\u00a0parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Amssplus", + "product": { + "product_data": [ + { + "product_name": "AMSS++", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2589.json b/2024/2xxx/CVE-2024-2589.json index d925ec30c73..66c04b4b492 100644 --- a/2024/2xxx/CVE-2024-2589.json +++ b/2024/2xxx/CVE-2024-2589.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2589", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_school_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Amssplus", + "product": { + "product_data": [ + { + "product_name": "AMSS++", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2590.json b/2024/2xxx/CVE-2024-2590.json index 2f911fe27c3..de389a2e31a 100644 --- a/2024/2xxx/CVE-2024-2590.json +++ b/2024/2xxx/CVE-2024-2590.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2590", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/select_send.php, in the\u00a0'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Amssplus", + "product": { + "product_data": [ + { + "product_name": "AMSS++", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2591.json b/2024/2xxx/CVE-2024-2591.json index 1ab0c3225b7..a7e34f53cca 100644 --- a/2024/2xxx/CVE-2024-2591.json +++ b/2024/2xxx/CVE-2024-2591.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2591", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple\u00a0parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Amssplus", + "product": { + "product_data": [ + { + "product_name": "AMSS++", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2592.json b/2024/2xxx/CVE-2024-2592.json index 956dc8a383e..af5d4e3e207 100644 --- a/2024/2xxx/CVE-2024-2592.json +++ b/2024/2xxx/CVE-2024-2592.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2592", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/pic_show.php, in the 'person_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Amssplus", + "product": { + "product_data": [ + { + "product_name": "AMSS++", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2593.json b/2024/2xxx/CVE-2024-2593.json index 74ba61bfad6..21fbaf3aa21 100644 --- a/2024/2xxx/CVE-2024-2593.json +++ b/2024/2xxx/CVE-2024-2593.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2593", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability\u00a0through /amssplus/modules/book/main/bookdetail_group.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Amssplus", + "product": { + "product_data": [ + { + "product_name": "AMSS++", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2594.json b/2024/2xxx/CVE-2024-2594.json index 876bc440012..9a2cdf84438 100644 --- a/2024/2xxx/CVE-2024-2594.json +++ b/2024/2xxx/CVE-2024-2594.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2594", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability\u00a0through /amssplus/admin/index.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Amssplus", + "product": { + "product_data": [ + { + "product_name": "AMSS++", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2595.json b/2024/2xxx/CVE-2024-2595.json index 1456a850c9f..94712b1a833 100644 --- a/2024/2xxx/CVE-2024-2595.json +++ b/2024/2xxx/CVE-2024-2595.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2595", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability\u00a0through /amssplus/modules/book/main/bookdetail_khet_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Amssplus", + "product": { + "product_data": [ + { + "product_name": "AMSS++", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2596.json b/2024/2xxx/CVE-2024-2596.json index 1bcfc3084e3..85e032d2104 100644 --- a/2024/2xxx/CVE-2024-2596.json +++ b/2024/2xxx/CVE-2024-2596.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2596", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability\u00a0through /amssplus/modules/mail/main/select_send.php, in multiple\u00a0parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Amssplus", + "product": { + "product_data": [ + { + "product_name": "AMSS++", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2597.json b/2024/2xxx/CVE-2024-2597.json index c6077f2a28c..e7eb5a8c752 100644 --- a/2024/2xxx/CVE-2024-2597.json +++ b/2024/2xxx/CVE-2024-2597.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2597", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability\u00a0through /amssplus/modules/book/main/bookdetail_school_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Amssplus", + "product": { + "product_data": [ + { + "product_name": "AMSS++", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2598.json b/2024/2xxx/CVE-2024-2598.json index e533d46b3f2..001650f5e9a 100644 --- a/2024/2xxx/CVE-2024-2598.json +++ b/2024/2xxx/CVE-2024-2598.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2598", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability\u00a0through /amssplus/modules/book/main/select_send_2.php, in multiple\u00a0parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Amssplus", + "product": { + "product_data": [ + { + "product_name": "AMSS++", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2604.json b/2024/2xxx/CVE-2024-2604.json index bf2f8b5e207..b3e829d19d5 100644 --- a/2024/2xxx/CVE-2024-2604.json +++ b/2024/2xxx/CVE-2024-2604.json @@ -1,104 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2604", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in SourceCodester File Manager App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update-file.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257182 is the identifier assigned to this vulnerability." - }, - { - "lang": "deu", - "value": "In SourceCodester File Manager App 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /endpoint/update-file.php. Mit der Manipulation des Arguments file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-434 Unrestricted Upload", - "cweId": "CWE-434" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "SourceCodester", - "product": { - "product_data": [ - { - "product_name": "File Manager App", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.257182", - "refsource": "MISC", - "name": "https://vuldb.com/?id.257182" - }, - { - "url": "https://vuldb.com/?ctiid.257182", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.257182" - }, - { - "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20File%20Manager%20App/Arbitrary%20File%20Upload%20-%20update-file.php.md", - "refsource": "MISC", - "name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20File%20Manager%20App/Arbitrary%20File%20Upload%20-%20update-file.php.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "nochizplz (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] }