From 498915ccd9a4c8f86d6449e42150959f3d0a402a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2024 15:21:12 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/38xxx/CVE-2022-38223.json | 10 +++ 2023/38xxx/CVE-2023-38252.json | 10 +++ 2023/38xxx/CVE-2023-38253.json | 10 +++ 2023/4xxx/CVE-2023-4255.json | 10 +++ 2024/0xxx/CVE-2024-0400.json | 7 +- 2024/0xxx/CVE-2024-0980.json | 8 +-- 2024/22xxx/CVE-2024-22025.json | 5 ++ 2024/29xxx/CVE-2024-29819.json | 113 +++++++++++++++++++++++++++++++-- 2024/29xxx/CVE-2024-29934.json | 113 +++++++++++++++++++++++++++++++-- 2024/29xxx/CVE-2024-29935.json | 113 +++++++++++++++++++++++++++++++-- 2024/29xxx/CVE-2024-29936.json | 113 +++++++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2943.json | 100 +++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2944.json | 100 +++++++++++++++++++++++++++-- 2024/30xxx/CVE-2024-30177.json | 113 +++++++++++++++++++++++++++++++-- 2024/30xxx/CVE-2024-30178.json | 113 +++++++++++++++++++++++++++++++-- 2024/30xxx/CVE-2024-30179.json | 113 +++++++++++++++++++++++++++++++-- 2024/30xxx/CVE-2024-30180.json | 113 +++++++++++++++++++++++++++++++-- 2024/30xxx/CVE-2024-30181.json | 113 +++++++++++++++++++++++++++++++-- 2024/30xxx/CVE-2024-30182.json | 113 +++++++++++++++++++++++++++++++-- 2024/30xxx/CVE-2024-30183.json | 113 +++++++++++++++++++++++++++++++-- 2024/30xxx/CVE-2024-30487.json | 113 ++------------------------------- 2024/30xxx/CVE-2024-30488.json | 113 ++------------------------------- 2024/30xxx/CVE-2024-30489.json | 113 ++------------------------------- 2024/30xxx/CVE-2024-30490.json | 113 ++------------------------------- 2024/30xxx/CVE-2024-30491.json | 113 ++------------------------------- 2024/30xxx/CVE-2024-30492.json | 113 ++------------------------------- 2024/30xxx/CVE-2024-30493.json | 113 ++------------------------------- 2024/30xxx/CVE-2024-30494.json | 113 ++------------------------------- 2024/30xxx/CVE-2024-30495.json | 113 ++------------------------------- 2024/30xxx/CVE-2024-30496.json | 113 ++------------------------------- 2024/30xxx/CVE-2024-30620.json | 58 ++--------------- 2024/30xxx/CVE-2024-30621.json | 58 ++--------------- 2024/30xxx/CVE-2024-30622.json | 58 ++--------------- 2024/30xxx/CVE-2024-30623.json | 58 ++--------------- 2024/30xxx/CVE-2024-30624.json | 58 ++--------------- 2024/30xxx/CVE-2024-30625.json | 58 ++--------------- 2024/30xxx/CVE-2024-30626.json | 58 ++--------------- 2024/30xxx/CVE-2024-30627.json | 58 ++--------------- 2024/30xxx/CVE-2024-30628.json | 58 ++--------------- 2024/30xxx/CVE-2024-30629.json | 58 ++--------------- 2024/30xxx/CVE-2024-30630.json | 58 ++--------------- 2024/30xxx/CVE-2024-30631.json | 58 ++--------------- 2024/30xxx/CVE-2024-30632.json | 58 ++--------------- 2024/30xxx/CVE-2024-30633.json | 58 ++--------------- 2024/30xxx/CVE-2024-30634.json | 58 ++--------------- 2024/30xxx/CVE-2024-30635.json | 58 ++--------------- 2024/30xxx/CVE-2024-30636.json | 58 ++--------------- 2024/30xxx/CVE-2024-30637.json | 58 ++--------------- 2024/30xxx/CVE-2024-30638.json | 58 ++--------------- 2024/30xxx/CVE-2024-30639.json | 58 ++--------------- 2024/30xxx/CVE-2024-30870.json | 58 ++--------------- 2024/30xxx/CVE-2024-30871.json | 58 ++--------------- 2024/30xxx/CVE-2024-30872.json | 58 ++--------------- 2024/3xxx/CVE-2024-3002.json | 100 +++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3003.json | 100 +++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3004.json | 100 +++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3006.json | 100 +++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3007.json | 100 +++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3008.json | 100 +++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3009.json | 100 +++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3010.json | 100 +++++++++++++++++++++++++++-- 61 files changed, 2410 insertions(+), 2357 deletions(-) diff --git a/2022/38xxx/CVE-2022-38223.json b/2022/38xxx/CVE-2022-38223.json index 7b9846b9782..595bf805af4 100644 --- a/2022/38xxx/CVE-2022-38223.json +++ b/2022/38xxx/CVE-2022-38223.json @@ -76,6 +76,16 @@ "refsource": "FEDORA", "name": "FEDORA-2024-aeb75f8b5b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-3fc66f8bf3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-38c2261ca0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/" } ] } diff --git a/2023/38xxx/CVE-2023-38252.json b/2023/38xxx/CVE-2023-38252.json index de9b4a328ea..c3dce68dd45 100644 --- a/2023/38xxx/CVE-2023-38252.json +++ b/2023/38xxx/CVE-2023-38252.json @@ -128,6 +128,16 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/" } ] }, diff --git a/2023/38xxx/CVE-2023-38253.json b/2023/38xxx/CVE-2023-38253.json index 59c4a052e9d..317ff74fb25 100644 --- a/2023/38xxx/CVE-2023-38253.json +++ b/2023/38xxx/CVE-2023-38253.json @@ -128,6 +128,16 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/" } ] }, diff --git a/2023/4xxx/CVE-2023-4255.json b/2023/4xxx/CVE-2023-4255.json index 840005b0a62..869234531c1 100644 --- a/2023/4xxx/CVE-2023-4255.json +++ b/2023/4xxx/CVE-2023-4255.json @@ -113,6 +113,16 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/" } ] }, diff --git a/2024/0xxx/CVE-2024-0400.json b/2024/0xxx/CVE-2024-0400.json index 3a7176ca0bb..fb030f4c613 100644 --- a/2024/0xxx/CVE-2024-0400.json +++ b/2024/0xxx/CVE-2024-0400.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" } ] } @@ -55,9 +56,9 @@ "references": { "reference_data": [ { - "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000190&languageCode=en&Preview=true", + "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true", "refsource": "MISC", - "name": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000190&languageCode=en&Preview=true" + "name": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true" } ] }, diff --git a/2024/0xxx/CVE-2024-0980.json b/2024/0xxx/CVE-2024-0980.json index 74ee4d3cba0..32f4c13a6cf 100644 --- a/2024/0xxx/CVE-2024-0980.json +++ b/2024/0xxx/CVE-2024-0980.json @@ -66,11 +66,5 @@ "name": "https://trust.okta.com/security-advisories/okta-verify-windows-auto-update-arbitrary-code-execution-cve-2024-0980" } ] - }, - "credits": [ - { - "lang": "en", - "value": "Okta would like to thank Ryan Wincey of Securifera, Inc. for providing information in addressing this vulnerability." - } - ] + } } \ No newline at end of file diff --git a/2024/22xxx/CVE-2024-22025.json b/2024/22xxx/CVE-2024-22025.json index 132857bcbf5..58557203a47 100644 --- a/2024/22xxx/CVE-2024-22025.json +++ b/2024/22xxx/CVE-2024-22025.json @@ -68,6 +68,11 @@ "url": "https://hackerone.com/reports/2284065", "refsource": "MISC", "name": "https://hackerone.com/reports/2284065" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html" } ] }, diff --git a/2024/29xxx/CVE-2024-29819.json b/2024/29xxx/CVE-2024-29819.json index 3108c0f6d23..8958832b603 100644 --- a/2024/29xxx/CVE-2024-29819.json +++ b/2024/29xxx/CVE-2024-29819.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29819", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syam Mohan WPFront Notification Bar allows Stored XSS.This issue affects WPFront Notification Bar: from n/a through 3.3.2.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Syam Mohan", + "product": { + "product_data": [ + { + "product_name": "WPFront Notification Bar", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.4", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.3.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wpfront-notification-bar/wordpress-wpfront-notification-bar-plugin-3-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wpfront-notification-bar/wordpress-wpfront-notification-bar-plugin-3-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.4 or a higher version." + } + ], + "value": "Update to 3.4 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Joel Indra (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29934.json b/2024/29xxx/CVE-2024-29934.json index 26956bca56c..dda7ad9817c 100644 --- a/2024/29xxx/CVE-2024-29934.json +++ b/2024/29xxx/CVE-2024-29934.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29934", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.25.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Piotnet", + "product": { + "product_data": [ + { + "product_name": "Piotnet Addons For Elementor", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.4.26", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.4.25", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/piotnet-addons-for-elementor/wordpress-piotnet-addons-for-elementor-plugin-2-4-25-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/piotnet-addons-for-elementor/wordpress-piotnet-addons-for-elementor-plugin-2-4-25-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.4.26 or a higher version." + } + ], + "value": "Update to 2.4.26 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Abu Hurayra (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29935.json b/2024/29xxx/CVE-2024-29935.json index 36e304f30dc..8801774c19b 100644 --- a/2024/29xxx/CVE-2024-29935.json +++ b/2024/29xxx/CVE-2024-29935.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29935", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through 3.5.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SinaExtra", + "product": { + "product_data": [ + { + "product_name": "Sina Extension for Elementor", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.5.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.5.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/sina-extension-for-elementor/wordpress-sina-extension-for-elementor-plugin-3-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/sina-extension-for-elementor/wordpress-sina-extension-for-elementor-plugin-3-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.5.1 or a higher version." + } + ], + "value": "Update to 3.5.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Abu Hurayra (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29936.json b/2024/29xxx/CVE-2024-29936.json index b064d96409c..e4bd8082db0 100644 --- a/2024/29xxx/CVE-2024-29936.json +++ b/2024/29xxx/CVE-2024-29936.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29936", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksera Image Hover Effects \u2013 Elementor Addon allows Stored XSS.This issue affects Image Hover Effects \u2013 Elementor Addon: from n/a through 1.4.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Blocksera", + "product": { + "product_data": [ + { + "product_name": "Image Hover Effects \u2013 Elementor Addon", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.4.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/image-hover-effects-addon-for-elementor/wordpress-image-hover-effects-elementor-addon-plugin-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/image-hover-effects-addon-for-elementor/wordpress-image-hover-effects-elementor-addon-plugin-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.4.1 or a higher version." + } + ], + "value": "Update to 1.4.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Abu Hurayra (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2943.json b/2024/2xxx/CVE-2024-2943.json index f511ed23589..3a95fe15f96 100644 --- a/2024/2xxx/CVE-2024-2943.json +++ b/2024/2xxx/CVE-2024-2943.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2943", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Campcodes Online Examination System 1.0 and classified as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/deleteExamExe.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258034 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In Campcodes Online Examination System 1.0 wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /adminpanel/admin/query/deleteExamExe.php. Durch das Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Online Examination System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258034", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258034" + }, + { + "url": "https://vuldb.com/?ctiid.258034", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258034" + }, + { + "url": "https://vuldb.com/?submit.304759", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.304759" + }, + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%203.pdf", + "refsource": "MISC", + "name": "https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%203.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2944.json b/2024/2xxx/CVE-2024-2944.json index bbb9ae25959..8e1918db4e6 100644 --- a/2024/2xxx/CVE-2024-2944.json +++ b/2024/2xxx/CVE-2024-2944.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2944", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical. This issue affects some unknown processing of the file /adminpanel/admin/query/deleteCourseExe.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258035." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in Campcodes Online Examination System 1.0 gefunden. Davon betroffen ist unbekannter Code der Datei /adminpanel/admin/query/deleteCourseExe.php. Durch Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Online Examination System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258035", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258035" + }, + { + "url": "https://vuldb.com/?ctiid.258035", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258035" + }, + { + "url": "https://vuldb.com/?submit.304760", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.304760" + }, + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%204.pdf", + "refsource": "MISC", + "name": "https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%204.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/30xxx/CVE-2024-30177.json b/2024/30xxx/CVE-2024-30177.json index b1dd982624a..28754c4a608 100644 --- a/2024/30xxx/CVE-2024-30177.json +++ b/2024/30xxx/CVE-2024-30177.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30177", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.8.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Exclusive Addons", + "product": { + "product_data": [ + { + "product_name": "Exclusive Addons Elementor", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.6.9", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.6.8", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/exclusive-addons-for-elementor/wordpress-exclusive-addons-for-elementor-plugin-2-6-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/exclusive-addons-for-elementor/wordpress-exclusive-addons-for-elementor-plugin-2-6-8-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.6.9 or a higher version." + } + ], + "value": "Update to 2.6.9 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Abu Hurayra (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/30xxx/CVE-2024-30178.json b/2024/30xxx/CVE-2024-30178.json index 179577a6b95..97c1c9353b7 100644 --- a/2024/30xxx/CVE-2024-30178.json +++ b/2024/30xxx/CVE-2024-30178.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30178", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Patrick Posner Simply Static allows Stored XSS.This issue affects Simply Static: from n/a through 3.1.3.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Patrick Posner", + "product": { + "product_data": [ + { + "product_name": "Simply Static", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.1.4", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.1.3", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/simply-static/wordpress-simply-static-plugin-3-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/simply-static/wordpress-simply-static-plugin-3-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.1.4 or a higher version." + } + ], + "value": "Update to 3.1.4 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "CatFather (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/30xxx/CVE-2024-30179.json b/2024/30xxx/CVE-2024-30179.json index 62468df746d..03a15e6c12d 100644 --- a/2024/30xxx/CVE-2024-30179.json +++ b/2024/30xxx/CVE-2024-30179.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30179", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.7.6.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "BoldThemes", + "product": { + "product_data": [ + { + "product_name": "Bold Page Builder", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "4.7.7", + "status": "unaffected" + } + ], + "lessThanOrEqual": "4.7.6", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/bold-page-builder/wordpress-bold-page-builder-plugin-4-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/bold-page-builder/wordpress-bold-page-builder-plugin-4-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 4.7.7 or a higher version." + } + ], + "value": "Update to 4.7.7 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "LVT-tholv2k (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/30xxx/CVE-2024-30180.json b/2024/30xxx/CVE-2024-30180.json index 1f549af390d..bfabaeb3805 100644 --- a/2024/30xxx/CVE-2024-30180.json +++ b/2024/30xxx/CVE-2024-30180.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30180", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Social Feed allows Stored XSS.This issue affects Easy Social Feed: from n/a through 6.5.3.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Easy Social Feed", + "product": { + "product_data": [ + { + "product_name": "Easy Social Feed", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "6.5.4", + "status": "unaffected" + } + ], + "lessThanOrEqual": "6.5.3", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/easy-facebook-likebox/wordpress-easy-social-feed-plugin-6-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/easy-facebook-likebox/wordpress-easy-social-feed-plugin-6-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 6.5.4 or a higher version." + } + ], + "value": "Update to 6.5.4 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "LVT-tholv2k (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/30xxx/CVE-2024-30181.json b/2024/30xxx/CVE-2024-30181.json index 88e6b67d398..747e50cbc22 100644 --- a/2024/30xxx/CVE-2024-30181.json +++ b/2024/30xxx/CVE-2024-30181.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30181", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through 3.9.30.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Plainware", + "product": { + "product_data": [ + { + "product_name": "Locatoraid Store Locator", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.9.31", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.9.30", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/locatoraid/wordpress-locatoraid-store-locator-plugin-3-9-30-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/locatoraid/wordpress-locatoraid-store-locator-plugin-3-9-30-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.9.31 or a higher version." + } + ], + "value": "Update to 3.9.31 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Joshua Chan (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/30xxx/CVE-2024-30182.json b/2024/30xxx/CVE-2024-30182.json index 7fd33554b6e..fa49b28d038 100644 --- a/2024/30xxx/CVE-2024-30182.json +++ b/2024/30xxx/CVE-2024-30182.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30182", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega allows Stored XSS.This issue affects HT Mega: from n/a through 2.4.3.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HasThemes", + "product": { + "product_data": [ + { + "product_name": "HT Mega", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.4.4", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.4.3", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.4.4 or a higher version." + } + ], + "value": "Update to 2.4.4 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Abu Hurayra (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/30xxx/CVE-2024-30183.json b/2024/30xxx/CVE-2024-30183.json index da4d54585db..b97efdfa087 100644 --- a/2024/30xxx/CVE-2024-30183.json +++ b/2024/30xxx/CVE-2024-30183.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30183", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through 3.7.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Livemesh", + "product": { + "product_data": [ + { + "product_name": "Livemesh Addons for WPBakery Page Builder", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.8", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.7", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/addons-for-visual-composer/wordpress-wpbakery-page-builder-addons-by-livemesh-plugin-3-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/addons-for-visual-composer/wordpress-wpbakery-page-builder-addons-by-livemesh-plugin-3-7-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.8 or a higher version." + } + ], + "value": "Update to 3.8 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Abu Hurayra (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/30xxx/CVE-2024-30487.json b/2024/30xxx/CVE-2024-30487.json index 0eecc987540..dfc7c0a2db4 100644 --- a/2024/30xxx/CVE-2024-30487.json +++ b/2024/30xxx/CVE-2024-30487.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30487", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-862 Missing Authorization", - "cweId": "CWE-862" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Sonaar Music", - "product": { - "product_data": [ - { - "product_name": "MP3 Audio Player for Music, Radio & Podcast by Sonaar", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "5.1.1", - "status": "unaffected" - } - ], - "lessThanOrEqual": "5.1", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/mp3-music-player-by-sonaar/wordpress-mp3-audio-player-for-music-radio-podcast-by-sonaar-plugin-5-1-broken-access-control-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/mp3-music-player-by-sonaar/wordpress-mp3-audio-player-for-music-radio-podcast-by-sonaar-plugin-5-1-broken-access-control-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 5.1.1 or a higher version." - } - ], - "value": "Update to 5.1.1 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "Steven Julian (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.6, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30488.json b/2024/30xxx/CVE-2024-30488.json index e8f1ab68dcd..17fe100cacc 100644 --- a/2024/30xxx/CVE-2024-30488.json +++ b/2024/30xxx/CVE-2024-30488.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30488", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Katie Seaborn Zotpress.This issue affects Zotpress: from n/a through 7.3.7.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Katie Seaborn", - "product": { - "product_data": [ - { - "product_name": "Zotpress", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "7.3.8", - "status": "unaffected" - } - ], - "lessThanOrEqual": "7.3.7", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/zotpress/wordpress-zotpress-plugin-7-3-7-sql-injection-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/zotpress/wordpress-zotpress-plugin-7-3-7-sql-injection-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 7.3.8 or a higher version." - } - ], - "value": "Update to 7.3.8 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "LVT-tholv2k (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 8.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30489.json b/2024/30xxx/CVE-2024-30489.json index 1335e48becb..4979eaa0be1 100644 --- a/2024/30xxx/CVE-2024-30489.json +++ b/2024/30xxx/CVE-2024-30489.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30489", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "loopus", - "product": { - "product_data": [ - { - "product_name": "WP Cost Estimation & Payment Forms Builder", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "10.1.76", - "status": "unaffected" - } - ], - "lessThanOrEqual": "10.1.75", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/wp-estimation-form/wordpress-wp-cost-estimation-payment-forms-builder-plugin-10-1-75-sql-injection-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/wp-estimation-form/wordpress-wp-cost-estimation-payment-forms-builder-plugin-10-1-75-sql-injection-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 10.1.76 or a higher version." - } - ], - "value": "Update to 10.1.76 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "Rafie Muhammad (Patchstack)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 8.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30490.json b/2024/30xxx/CVE-2024-30490.json index 0e967bcf6a1..2b3bc15aebf 100644 --- a/2024/30xxx/CVE-2024-30490.json +++ b/2024/30xxx/CVE-2024-30490.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30490", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Metagauss", - "product": { - "product_data": [ - { - "product_name": "ProfileGrid ", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "5.7.9", - "status": "unaffected" - } - ], - "lessThanOrEqual": "5.7.8", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-7-8-sql-injection-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-7-8-sql-injection-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 5.7.9 or a higher version." - } - ], - "value": "Update to 5.7.9 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "LVT-tholv2k (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 9.3, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30491.json b/2024/30xxx/CVE-2024-30491.json index 060ff80dcda..f6b1ccc60ca 100644 --- a/2024/30xxx/CVE-2024-30491.json +++ b/2024/30xxx/CVE-2024-30491.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30491", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Metagauss", - "product": { - "product_data": [ - { - "product_name": "ProfileGrid ", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "5.7.9", - "status": "unaffected" - } - ], - "lessThanOrEqual": "5.7.8", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-user-profiles-memberships-groups-and-communities-plugin-5-7-8-sql-injection-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-user-profiles-memberships-groups-and-communities-plugin-5-7-8-sql-injection-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 5.7.9 or a higher version." - } - ], - "value": "Update to 5.7.9 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "LVT-tholv2k (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 8.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30492.json b/2024/30xxx/CVE-2024-30492.json index f1f191cef3b..79a590f8711 100644 --- a/2024/30xxx/CVE-2024-30492.json +++ b/2024/30xxx/CVE-2024-30492.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30492", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.2.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - "cweId": "CWE-22" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "WebToffee", - "product": { - "product_data": [ - { - "product_name": "Import Export WordPress Users", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "2.5.3", - "status": "unaffected" - } - ], - "lessThanOrEqual": "2.5.2", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/users-customers-import-export-for-wp-woocommerce/wordpress-export-and-import-users-and-customers-plugin-2-5-2-path-traversal-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/users-customers-import-export-for-wp-woocommerce/wordpress-export-and-import-users-and-customers-plugin-2-5-2-path-traversal-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 2.5.3 or a higher version." - } - ], - "value": "Update to 2.5.3 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "Ananda Dhakal (Patchstack)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 4.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30493.json b/2024/30xxx/CVE-2024-30493.json index 58d7bb6ee73..b939846de73 100644 --- a/2024/30xxx/CVE-2024-30493.json +++ b/2024/30xxx/CVE-2024-30493.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30493", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.7.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Andy Moyle", - "product": { - "product_data": [ - { - "product_name": "Church Admin", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "4.1.8", - "status": "unaffected" - } - ], - "lessThanOrEqual": "4.1.7", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 4.1.8 or a higher version." - } - ], - "value": "Update to 4.1.8 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "Peng Zhou (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 4.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30494.json b/2024/30xxx/CVE-2024-30494.json index cc9568448d3..6dadeb5e422 100644 --- a/2024/30xxx/CVE-2024-30494.json +++ b/2024/30xxx/CVE-2024-30494.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30494", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in \u6c88\u5501 OSS Aliyun.This issue affects OSS Aliyun: from n/a through 1.4.10.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "\u6c88\u5501", - "product": { - "product_data": [ - { - "product_name": "OSS Aliyun", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "1.4.11", - "status": "unaffected" - } - ], - "lessThanOrEqual": "1.4.10", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/oss-aliyun/wordpress-oss-aliyun-plugin-1-4-10-sql-injection-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/oss-aliyun/wordpress-oss-aliyun-plugin-1-4-10-sql-injection-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 1.4.11 or a higher version." - } - ], - "value": "Update to 1.4.11 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "Majed Refaea (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.6, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30495.json b/2024/30xxx/CVE-2024-30495.json index f397c3ea22d..479b53ab240 100644 --- a/2024/30xxx/CVE-2024-30495.json +++ b/2024/30xxx/CVE-2024-30495.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30495", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faboba Falang multilanguage.This issue affects Falang multilanguage: from n/a through 1.3.47.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Faboba", - "product": { - "product_data": [ - { - "product_name": "Falang multilanguage", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "1.3.48", - "status": "unaffected" - } - ], - "lessThanOrEqual": "1.3.47", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/falang/wordpress-falang-multilanguage-for-wordpress-plugin-1-3-47-sql-injection-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/falang/wordpress-falang-multilanguage-for-wordpress-plugin-1-3-47-sql-injection-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 1.3.48 or a higher version." - } - ], - "value": "Update to 1.3.48 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "Jean Tirstan T (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.6, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30496.json b/2024/30xxx/CVE-2024-30496.json index 765ca9e17a4..64524e97dad 100644 --- a/2024/30xxx/CVE-2024-30496.json +++ b/2024/30xxx/CVE-2024-30496.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30496", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "BdThemes", - "product": { - "product_data": [ - { - "product_name": "Element Pack Elementor Addons", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "5.5.4", - "status": "unaffected" - } - ], - "lessThanOrEqual": "5.5.3", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/bdthemes-element-pack-lite/wordpress-element-pack-lite-plugin-5-5-3-sql-injection-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/bdthemes-element-pack-lite/wordpress-element-pack-lite-plugin-5-5-3-sql-injection-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 5.5.4 or a higher version." - } - ], - "value": "Update to 5.5.4 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "Rafie Muhammad (Patchstack)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 8.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30620.json b/2024/30xxx/CVE-2024-30620.json index 5cb1cafdccb..2cc528248c4 100644 --- a/2024/30xxx/CVE-2024-30620.json +++ b/2024/30xxx/CVE-2024-30620.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30620", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30620", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/re1wn/IoT_vuln/blob/main/Tenda_AX1803_v1.0.0.1_contains_a_stack_overflow_via_the_serviceName_parameter_in_the_function_fromAdvSetMacMtuWan.md", - "refsource": "MISC", - "name": "https://github.com/re1wn/IoT_vuln/blob/main/Tenda_AX1803_v1.0.0.1_contains_a_stack_overflow_via_the_serviceName_parameter_in_the_function_fromAdvSetMacMtuWan.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30621.json b/2024/30xxx/CVE-2024-30621.json index 1a97b4a566b..513d8fe36ea 100644 --- a/2024/30xxx/CVE-2024-30621.json +++ b/2024/30xxx/CVE-2024-30621.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30621", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30621", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/re1wn/IoT_vuln/blob/main/Tenda_AX1803_v1.0.0.1_contains_a_stack_overflow_via_the_serverName_parameter_in_the_function_fromAdvSetMacMtuWan.md", - "refsource": "MISC", - "name": "https://github.com/re1wn/IoT_vuln/blob/main/Tenda_AX1803_v1.0.0.1_contains_a_stack_overflow_via_the_serverName_parameter_in_the_function_fromAdvSetMacMtuWan.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30622.json b/2024/30xxx/CVE-2024-30622.json index 0cc4ab24977..bb91a3d04d6 100644 --- a/2024/30xxx/CVE-2024-30622.json +++ b/2024/30xxx/CVE-2024-30622.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30622", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30622", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the mitInterface parameter from fromAddressNat function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromAddressNat_mitInterface.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromAddressNat_mitInterface.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30623.json b/2024/30xxx/CVE-2024-30623.json index 6eb0b4aeb0b..16fe92f2160 100644 --- a/2024/30xxx/CVE-2024-30623.json +++ b/2024/30xxx/CVE-2024-30623.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30623", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30623", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromDhcpListClient function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromDhcpListClient_page.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromDhcpListClient_page.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30624.json b/2024/30xxx/CVE-2024-30624.json index 8166922e38a..acf61251b8c 100644 --- a/2024/30xxx/CVE-2024-30624.json +++ b/2024/30xxx/CVE-2024-30624.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30624", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30624", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the urls parameter from saveParentControlInfo function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/saveParentControlInfo_urls.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/saveParentControlInfo_urls.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30625.json b/2024/30xxx/CVE-2024-30625.json index c348d1166cd..d8d6cf45c53 100644 --- a/2024/30xxx/CVE-2024-30625.json +++ b/2024/30xxx/CVE-2024-30625.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30625", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30625", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the entrys parameter from fromAddressNat function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromAddressNat_entrys.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromAddressNat_entrys.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30626.json b/2024/30xxx/CVE-2024-30626.json index 3ffcf6e55a0..6b55e73dfdc 100644 --- a/2024/30xxx/CVE-2024-30626.json +++ b/2024/30xxx/CVE-2024-30626.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30626", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30626", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedEndTime parameter from setSchedWifi function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/setSchedWifi_end.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/setSchedWifi_end.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30627.json b/2024/30xxx/CVE-2024-30627.json index 020d274b9db..45ead72bc1b 100644 --- a/2024/30xxx/CVE-2024-30627.json +++ b/2024/30xxx/CVE-2024-30627.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30627", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30627", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the deviceId parameter from saveParentControlInfo function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/saveParentControlInfo_deviceId.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/saveParentControlInfo_deviceId.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30628.json b/2024/30xxx/CVE-2024-30628.json index 4994524d809..f3b4ef26638 100644 --- a/2024/30xxx/CVE-2024-30628.json +++ b/2024/30xxx/CVE-2024-30628.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30628", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30628", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromAddressNat function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromAddressNat_page.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromAddressNat_page.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30629.json b/2024/30xxx/CVE-2024-30629.json index cb68420caa4..c92c18be583 100644 --- a/2024/30xxx/CVE-2024-30629.json +++ b/2024/30xxx/CVE-2024-30629.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30629", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30629", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the list1 parameter from fromDhcpListClient function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromDhcpListClient_list1.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromDhcpListClient_list1.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30630.json b/2024/30xxx/CVE-2024-30630.json index 4e523049d6a..cab61d0674d 100644 --- a/2024/30xxx/CVE-2024-30630.json +++ b/2024/30xxx/CVE-2024-30630.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30630", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30630", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the time parameter from saveParentControlInfo function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/saveParentControlInfo_time.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/saveParentControlInfo_time.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30631.json b/2024/30xxx/CVE-2024-30631.json index 6d39e3ddccc..3f0e780653b 100644 --- a/2024/30xxx/CVE-2024-30631.json +++ b/2024/30xxx/CVE-2024-30631.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30631", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30631", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedStartTime parameter from setSchedWifi function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/setSchedWifi_start.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/setSchedWifi_start.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30632.json b/2024/30xxx/CVE-2024-30632.json index 8bca1e2e9aa..82a3495c2d9 100644 --- a/2024/30xxx/CVE-2024-30632.json +++ b/2024/30xxx/CVE-2024-30632.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30632", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30632", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security_5g parameter from formWifiBasicSet function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formWifiBasicSet_security_5g.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formWifiBasicSet_security_5g.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30633.json b/2024/30xxx/CVE-2024-30633.json index 3219935b0ec..2dc049f8d22 100644 --- a/2024/30xxx/CVE-2024-30633.json +++ b/2024/30xxx/CVE-2024-30633.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30633", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30633", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security parameter from the formWifiBasicSet function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formWifiBasicSet_security.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formWifiBasicSet_security.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30634.json b/2024/30xxx/CVE-2024-30634.json index 3f44b40b92a..4d065557555 100644 --- a/2024/30xxx/CVE-2024-30634.json +++ b/2024/30xxx/CVE-2024-30634.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30634", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30634", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the mitInterface parameter in the fromAddressNat function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromAddressNat_mitInterface.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromAddressNat_mitInterface.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30635.json b/2024/30xxx/CVE-2024-30635.json index 2e1b48a3c7f..03223e85886 100644 --- a/2024/30xxx/CVE-2024-30635.json +++ b/2024/30xxx/CVE-2024-30635.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30635", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30635", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located in the funcpara1 parameter in the formSetCfm function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/formSetCfm.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/formSetCfm.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30636.json b/2024/30xxx/CVE-2024-30636.json index a8d641f8364..7a53412d865 100644 --- a/2024/30xxx/CVE-2024-30636.json +++ b/2024/30xxx/CVE-2024-30636.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30636", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30636", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the PPPOEPassword parameter in the formQuickIndex function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/formQuickIndex.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/formQuickIndex.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30637.json b/2024/30xxx/CVE-2024-30637.json index 25f07e3fa9d..f95adab26ce 100644 --- a/2024/30xxx/CVE-2024-30637.json +++ b/2024/30xxx/CVE-2024-30637.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30637", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30637", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in the formWriteFacMac function in the mac parameter." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/formWriteFacMac.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/formWriteFacMac.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30638.json b/2024/30xxx/CVE-2024-30638.json index 39e65c63b81..4a3d13453e5 100644 --- a/2024/30xxx/CVE-2024-30638.json +++ b/2024/30xxx/CVE-2024-30638.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30638", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30638", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the entrys parameter in the fromAddressNat function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromAddressNat_entrys.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromAddressNat_entrys.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30639.json b/2024/30xxx/CVE-2024-30639.json index 24777cbfae6..1ed5a93b6e5 100644 --- a/2024/30xxx/CVE-2024-30639.json +++ b/2024/30xxx/CVE-2024-30639.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30639", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30639", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the page parameter of fromAddressNat function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromAddressNat_page.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromAddressNat_page.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30870.json b/2024/30xxx/CVE-2024-30870.json index 2b3196e9718..facb3e7cd86 100644 --- a/2024/30xxx/CVE-2024-30870.json +++ b/2024/30xxx/CVE-2024-30870.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30870", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30870", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/address_interpret.php." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-address_interpret.md", - "refsource": "MISC", - "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-address_interpret.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30871.json b/2024/30xxx/CVE-2024-30871.json index f716e91a713..5565448e88b 100644 --- a/2024/30xxx/CVE-2024-30871.json +++ b/2024/30xxx/CVE-2024-30871.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30871", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30871", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/applyhardware.php." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-applyhardware.md", - "refsource": "MISC", - "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-applyhardware.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30872.json b/2024/30xxx/CVE-2024-30872.json index 78fada70ff6..580e50e3a13 100644 --- a/2024/30xxx/CVE-2024-30872.json +++ b/2024/30xxx/CVE-2024-30872.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30872", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30872", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /include/authrp.php." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-authrp.md", - "refsource": "MISC", - "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-authrp.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3002.json b/2024/3xxx/CVE-2024-3002.json index 72543c6247e..d7bdaec69e0 100644 --- a/2024/3xxx/CVE-2024-3002.json +++ b/2024/3xxx/CVE-2024-3002.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3002", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in code-projects Online Book System 1.0. Affected is an unknown function of the file /description.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258204." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in code-projects Online Book System 1.0 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /description.php. Dank Manipulation des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Online Book System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258204", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258204" + }, + { + "url": "https://vuldb.com/?ctiid.258204", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258204" + }, + { + "url": "https://vuldb.com/?submit.305056", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.305056" + }, + { + "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System-%20SQL%20Injection%20-%204.md", + "refsource": "MISC", + "name": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System-%20SQL%20Injection%20-%204.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Burak (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/3xxx/CVE-2024-3003.json b/2024/3xxx/CVE-2024-3003.json index 654b7dc6891..18026d633fe 100644 --- a/2024/3xxx/CVE-2024-3003.json +++ b/2024/3xxx/CVE-2024-3003.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3003", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in code-projects Online Book System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cart.php. The manipulation of the argument quantity/remove leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258205 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In code-projects Online Book System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /cart.php. Mit der Manipulation des Arguments quantity/remove mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Online Book System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258205", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258205" + }, + { + "url": "https://vuldb.com/?ctiid.258205", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258205" + }, + { + "url": "https://vuldb.com/?submit.305057", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.305057" + }, + { + "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System-%20SQL%20Injection%20-%205.md", + "refsource": "MISC", + "name": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System-%20SQL%20Injection%20-%205.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Burak (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/3xxx/CVE-2024-3004.json b/2024/3xxx/CVE-2024-3004.json index 87e94ccbc52..c818217d02e 100644 --- a/2024/3xxx/CVE-2024-3004.json +++ b/2024/3xxx/CVE-2024-3004.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3004", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in code-projects Online Book System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Product.php. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258206 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in code-projects Online Book System 1.0 gefunden. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /Product.php. Durch die Manipulation des Arguments value mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Online Book System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258206", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258206" + }, + { + "url": "https://vuldb.com/?ctiid.258206", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258206" + }, + { + "url": "https://vuldb.com/?submit.305059", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.305059" + }, + { + "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System%20-%20Cross-Site-Scripting.md", + "refsource": "MISC", + "name": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System%20-%20Cross-Site-Scripting.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Burak (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2024/3xxx/CVE-2024-3006.json b/2024/3xxx/CVE-2024-3006.json index 1cf6b791a8c..11dc21cf844 100644 --- a/2024/3xxx/CVE-2024-3006.json +++ b/2024/3xxx/CVE-2024-3006.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3006", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in Tenda FH1205 2.0.0.7(775). This vulnerability affects the function fromSetRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument entrys leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258292. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Tenda FH1205 2.0.0.7(775) wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion fromSetRouteStatic der Datei /goform/fromRouteStatic. Dank Manipulation des Arguments entrys mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "FH1205", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.0.7(775)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258292", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258292" + }, + { + "url": "https://vuldb.com/?ctiid.258292", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258292" + }, + { + "url": "https://vuldb.com/?submit.301485", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.301485" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromRouteStatic.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromRouteStatic.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_mie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/3xxx/CVE-2024-3007.json b/2024/3xxx/CVE-2024-3007.json index f9acd0e44b0..dd87916dd3d 100644 --- a/2024/3xxx/CVE-2024-3007.json +++ b/2024/3xxx/CVE-2024-3007.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3007", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in Tenda FH1205 2.0.0.7(775). This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258293 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Tenda FH1205 2.0.0.7(775) entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion fromNatStaticSetting der Datei /goform/NatStaticSetting. Mit der Manipulation des Arguments page mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "FH1205", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.0.7(775)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258293", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258293" + }, + { + "url": "https://vuldb.com/?ctiid.258293", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258293" + }, + { + "url": "https://vuldb.com/?submit.301486", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.301486" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromNatStaticSetting.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromNatStaticSetting.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_mie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/3xxx/CVE-2024-3008.json b/2024/3xxx/CVE-2024-3008.json index 176a99a2351..5c5784f8f2c 100644 --- a/2024/3xxx/CVE-2024-3008.json +++ b/2024/3xxx/CVE-2024-3008.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3008", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in Tenda FH1205 2.0.0.7(775). Affected is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258294 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Tenda FH1205 2.0.0.7(775) gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion formexeCommand der Datei /goform/execCommand. Durch die Manipulation des Arguments cmdinput mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "FH1205", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.0.7(775)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258294", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258294" + }, + { + "url": "https://vuldb.com/?ctiid.258294", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258294" + }, + { + "url": "https://vuldb.com/?submit.301487", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.301487" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formexeCommand.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formexeCommand.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_mie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/3xxx/CVE-2024-3009.json b/2024/3xxx/CVE-2024-3009.json index 72684ef50e2..77c84fd8f78 100644 --- a/2024/3xxx/CVE-2024-3009.json +++ b/2024/3xxx/CVE-2024-3009.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3009", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Tenda FH1205 2.0.0.7(775) wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um die Funktion formWriteFacMac der Datei /goform/WriteFacMac. Durch Manipulation des Arguments mac mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Command Injection", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "FH1205", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.0.7(775)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258295", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258295" + }, + { + "url": "https://vuldb.com/?ctiid.258295", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258295" + }, + { + "url": "https://vuldb.com/?submit.301488", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.301488" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formWriteFacMac.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formWriteFacMac.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_mie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/3xxx/CVE-2024-3010.json b/2024/3xxx/CVE-2024-3010.json index 66d3f33be14..aca0950e11e 100644 --- a/2024/3xxx/CVE-2024-3010.json +++ b/2024/3xxx/CVE-2024-3010.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3010", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this issue is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258296. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Tenda FH1205 2.0.0.7(775) gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion formSetCfm der Datei /goform/setcfm. Mittels dem Manipulieren des Arguments funcpara1 mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "FH1205", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.0.7(775)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258296", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258296" + }, + { + "url": "https://vuldb.com/?ctiid.258296", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258296" + }, + { + "url": "https://vuldb.com/?submit.301489", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.301489" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formSetCfm.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formSetCfm.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_mie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] }