diff --git a/2024/27xxx/CVE-2024-27298.json b/2024/27xxx/CVE-2024-27298.json index bf85e65a3a7..cdcb2492893 100644 --- a/2024/27xxx/CVE-2024-27298.json +++ b/2024/27xxx/CVE-2024-27298.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27298", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "parse-community", + "product": { + "product_data": [ + { + "product_name": "parse-server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 6.5.0" + }, + { + "version_affected": "=", + "version_value": ">= 7.0.0-alpha.1, < 7.0.0-alpha.20" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2", + "refsource": "MISC", + "name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2" + }, + { + "url": "https://github.com/parse-community/parse-server/commit/a6e654943536932904a69b51e513507fcf90a504", + "refsource": "MISC", + "name": "https://github.com/parse-community/parse-server/commit/a6e654943536932904a69b51e513507fcf90a504" + }, + { + "url": "https://github.com/parse-community/parse-server/commit/cbefe770a7260b54748a058b8a7389937dc35833", + "refsource": "MISC", + "name": "https://github.com/parse-community/parse-server/commit/cbefe770a7260b54748a058b8a7389937dc35833" + }, + { + "url": "https://github.com/parse-community/parse-server/releases/tag/6.5.0", + "refsource": "MISC", + "name": "https://github.com/parse-community/parse-server/releases/tag/6.5.0" + }, + { + "url": "https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20", + "refsource": "MISC", + "name": "https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20" + } + ] + }, + "source": { + "advisory": "GHSA-6927-3vr9-fxf2", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2073.json b/2024/2xxx/CVE-2024-2073.json index 52fffb3661b..a4e084d6d1d 100644 --- a/2024/2xxx/CVE-2024-2073.json +++ b/2024/2xxx/CVE-2024-2073.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2073", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in SourceCodester Block Inserter for Dynamic Content 1.0 and classified as critical. This vulnerability affects unknown code of the file view_post.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255388." + }, + { + "lang": "deu", + "value": "In SourceCodester Block Inserter for Dynamic Content 1.0 wurde eine kritische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei view_post.php. Dank Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Block Inserter for Dynamic Content", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.255388", + "refsource": "MISC", + "name": "https://vuldb.com/?id.255388" + }, + { + "url": "https://vuldb.com/?ctiid.255388", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.255388" + }, + { + "url": "https://github.com/vanitashtml/CVE-Dumps/blob/main/Block%20Inserter%20for%20Dynamic%20Content%20-%20Sql%20Injection.md", + "refsource": "MISC", + "name": "https://github.com/vanitashtml/CVE-Dumps/blob/main/Block%20Inserter%20for%20Dynamic%20Content%20-%20Sql%20Injection.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "rjavenido22 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2074.json b/2024/2xxx/CVE-2024-2074.json index 1bcd40283fc..73a0206d9c7 100644 --- a/2024/2xxx/CVE-2024-2074.json +++ b/2024/2xxx/CVE-2024-2074.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2074", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Mini-Tmall up to 20231017 and classified as critical. This issue affects some unknown processing of the file ?r=tmall/admin/user/1/1. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255389 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in Mini-Tmall bis 20231017 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei ?r=tmall/admin/user/1/1. Mit der Manipulation des Arguments orderBy mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Mini-Tmall", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20231017" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.255389", + "refsource": "MISC", + "name": "https://vuldb.com/?id.255389" + }, + { + "url": "https://vuldb.com/?ctiid.255389", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.255389" + }, + { + "url": "https://github.com/yuziiiiiiiiii/CVE-SQL/blob/main/cve.md", + "refsource": "MISC", + "name": "https://github.com/yuziiiiiiiiii/CVE-SQL/blob/main/cve.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yuzi (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2106.json b/2024/2xxx/CVE-2024-2106.json new file mode 100644 index 00000000000..6198c9d07e0 --- /dev/null +++ b/2024/2xxx/CVE-2024-2106.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2106", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file