diff --git a/2024/40xxx/CVE-2024-40800.json b/2024/40xxx/CVE-2024-40800.json index cd65494face..3f2eae33ce6 100644 --- a/2024/40xxx/CVE-2024-40800.json +++ b/2024/40xxx/CVE-2024-40800.json @@ -83,6 +83,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Jul/19", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Jul/19" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2010", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2010" } ] } diff --git a/2024/41xxx/CVE-2024-41802.json b/2024/41xxx/CVE-2024-41802.json index 4d3875bd969..64a92425d37 100644 --- a/2024/41xxx/CVE-2024-41802.json +++ b/2024/41xxx/CVE-2024-41802.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41802", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the APIs for importing JSON and importing a Layout containing DataSet data.\nUsers should upgrade to version 3.3.12 or 4.0.14 which fix this issue" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "xibosignage", + "product": { + "product_data": [ + { + "product_name": "xibo-cms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "=> 1.8.0, < 3.3.12" + }, + { + "version_affected": "=", + "version_value": "=> 4.0.0-alpha, < 4.0.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-x4qm-vvhp-g7c2", + "refsource": "MISC", + "name": "https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-x4qm-vvhp-g7c2" + }, + { + "url": "https://github.com/xibosignage/xibo-cms/commit/b7a5899338cd841a39702e3fcaff76aa0ffe4075", + "refsource": "MISC", + "name": "https://github.com/xibosignage/xibo-cms/commit/b7a5899338cd841a39702e3fcaff76aa0ffe4075" + }, + { + "url": "https://xibosignage.com/blog/security-advisory-2024-07", + "refsource": "MISC", + "name": "https://xibosignage.com/blog/security-advisory-2024-07" + } + ] + }, + "source": { + "advisory": "GHSA-x4qm-vvhp-g7c2", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/41xxx/CVE-2024-41803.json b/2024/41xxx/CVE-2024-41803.json index 0f66b128645..46821adb9fb 100644 --- a/2024/41xxx/CVE-2024-41803.json +++ b/2024/41xxx/CVE-2024-41803.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41803", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain arbitrary data from the Xibo database by injecting specially crafted values in to the API for viewing DataSet data. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "xibosignage", + "product": { + "product_data": [ + { + "product_name": "xibo-cms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "=> 2.1.0, < 3.3.12" + }, + { + "version_affected": "=", + "version_value": "=> 4.0.0-alpha, < 4.0.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-hpc5-mxfq-44hv", + "refsource": "MISC", + "name": "https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-hpc5-mxfq-44hv" + }, + { + "url": "https://github.com/xibosignage/xibo-cms/commit/39a2fd54b3f08831b0004aa2015bd8a753bc567f.patch", + "refsource": "MISC", + "name": "https://github.com/xibosignage/xibo-cms/commit/39a2fd54b3f08831b0004aa2015bd8a753bc567f.patch" + }, + { + "url": "https://xibosignage.com/blog/security-advisory-2024-07", + "refsource": "MISC", + "name": "https://xibosignage.com/blog/security-advisory-2024-07" + } + ] + }, + "source": { + "advisory": "GHSA-hpc5-mxfq-44hv", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/41xxx/CVE-2024-41804.json b/2024/41xxx/CVE-2024-41804.json index fcfb66f62a4..a484c89ca4f 100644 --- a/2024/41xxx/CVE-2024-41804.json +++ b/2024/41xxx/CVE-2024-41804.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41804", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API route inside the CMS responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `formula` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "xibosignage", + "product": { + "product_data": [ + { + "product_name": "xibo-cms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "=> 2.1.0, < 3.3.12" + }, + { + "version_affected": "=", + "version_value": "=> 4.0.0-alpha, < 4.0.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-4pp3-4mw7-qfwr", + "refsource": "MISC", + "name": "https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-4pp3-4mw7-qfwr" + }, + { + "url": "https://github.com/xibosignage/xibo-cms/commit/39a2fd54b3f08831b0004aa2015bd8a753bc567f.patch", + "refsource": "MISC", + "name": "https://github.com/xibosignage/xibo-cms/commit/39a2fd54b3f08831b0004aa2015bd8a753bc567f.patch" + }, + { + "url": "https://xibosignage.com/blog/security-advisory-2024-07", + "refsource": "MISC", + "name": "https://xibosignage.com/blog/security-advisory-2024-07" + } + ] + }, + "source": { + "advisory": "GHSA-4pp3-4mw7-qfwr", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/7xxx/CVE-2024-7296.json b/2024/7xxx/CVE-2024-7296.json new file mode 100644 index 00000000000..b58aae6b8bc --- /dev/null +++ b/2024/7xxx/CVE-2024-7296.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7296", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7297.json b/2024/7xxx/CVE-2024-7297.json new file mode 100644 index 00000000000..72a1e61c9ea --- /dev/null +++ b/2024/7xxx/CVE-2024-7297.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7297", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7298.json b/2024/7xxx/CVE-2024-7298.json new file mode 100644 index 00000000000..af3eab2b04a --- /dev/null +++ b/2024/7xxx/CVE-2024-7298.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7298", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7299.json b/2024/7xxx/CVE-2024-7299.json new file mode 100644 index 00000000000..3a64c9f73c6 --- /dev/null +++ b/2024/7xxx/CVE-2024-7299.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7299", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7300.json b/2024/7xxx/CVE-2024-7300.json new file mode 100644 index 00000000000..8d8c0363d12 --- /dev/null +++ b/2024/7xxx/CVE-2024-7300.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7300", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file