From 521b53eebbad8e8569e23d2c1a6d6a3ba5b07088 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 2 May 2024 16:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/35xxx/CVE-2022-35503.json | 5 -- 2023/50xxx/CVE-2023-50685.json | 56 +++++++++++++++++--- 2024/29xxx/CVE-2024-29309.json | 56 +++++++++++++++++--- 2024/30xxx/CVE-2024-30251.json | 5 ++ 2024/31xxx/CVE-2024-31963.json | 56 +++++++++++++++++--- 2024/31xxx/CVE-2024-31964.json | 56 +++++++++++++++++--- 2024/31xxx/CVE-2024-31965.json | 56 +++++++++++++++++--- 2024/31xxx/CVE-2024-31966.json | 56 +++++++++++++++++--- 2024/31xxx/CVE-2024-31967.json | 56 +++++++++++++++++--- 2024/33xxx/CVE-2024-33530.json | 56 +++++++++++++++++--- 2024/33xxx/CVE-2024-33775.json | 5 ++ 2024/4xxx/CVE-2024-4405.json | 68 ++++++++++++++++++++++-- 2024/4xxx/CVE-2024-4406.json | 68 ++++++++++++++++++++++-- 2024/4xxx/CVE-2024-4432.json | 18 +++++++ 2024/4xxx/CVE-2024-4433.json | 95 ++++++++++++++++++++++++++++++++++ 15 files changed, 651 insertions(+), 61 deletions(-) create mode 100644 2024/4xxx/CVE-2024-4432.json create mode 100644 2024/4xxx/CVE-2024-4433.json diff --git a/2022/35xxx/CVE-2022-35503.json b/2022/35xxx/CVE-2022-35503.json index 3c6a7fbf9cb..363cc2806bb 100644 --- a/2022/35xxx/CVE-2022-35503.json +++ b/2022/35xxx/CVE-2022-35503.json @@ -52,11 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "http://osm.com", - "refsource": "MISC", - "name": "http://osm.com" - }, { "refsource": "MISC", "name": "https://osm.etsi.org/news-events/blog/83-cve-2022-35503-disclosure", diff --git a/2023/50xxx/CVE-2023-50685.json b/2023/50xxx/CVE-2023-50685.json index a7d2d52a4a4..1df95abe1fe 100644 --- a/2023/50xxx/CVE-2023-50685.json +++ b/2023/50xxx/CVE-2023-50685.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-50685", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-50685", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Hipcam Cameras RealServer v.1.0 allows a remote attacker to cause a denial of service via a crafted script to the client_port parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/UnderwaterCoder/Hipcam-RTSP-Format-Validation-Vulnerability", + "url": "https://github.com/UnderwaterCoder/Hipcam-RTSP-Format-Validation-Vulnerability" } ] } diff --git a/2024/29xxx/CVE-2024-29309.json b/2024/29xxx/CVE-2024-29309.json index 3cca882e286..ece953cf71f 100644 --- a/2024/29xxx/CVE-2024-29309.json +++ b/2024/29xxx/CVE-2024-29309.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-29309", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-29309", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://gist.github.com/Siebene/c22e1a4a4a8b61067180475895e60858", + "url": "https://gist.github.com/Siebene/c22e1a4a4a8b61067180475895e60858" } ] } diff --git a/2024/30xxx/CVE-2024-30251.json b/2024/30xxx/CVE-2024-30251.json index 244114b57bd..bc8cc16bc42 100644 --- a/2024/30xxx/CVE-2024-30251.json +++ b/2024/30xxx/CVE-2024-30251.json @@ -73,6 +73,11 @@ "url": "https://github.com/aio-libs/aiohttp/commit/f21c6f2ca512a026ce7f0f6c6311f62d6a638866", "refsource": "MISC", "name": "https://github.com/aio-libs/aiohttp/commit/f21c6f2ca512a026ce7f0f6c6311f62d6a638866" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/05/02/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/05/02/4" } ] }, diff --git a/2024/31xxx/CVE-2024-31963.json b/2024/31xxx/CVE-2024-31963.json index 79789e520bf..f1523383f50 100644 --- a/2024/31xxx/CVE-2024-31963.json +++ b/2024/31xxx/CVE-2024-31963.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-31963", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-31963", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit, through 6.3 SP3 HF4 allows an authenticated attacker to conduct a buffer overflow attack due to insufficient bounds checking and input sanitization. A successful exploit could allow an attacker to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0006", + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0006" } ] } diff --git a/2024/31xxx/CVE-2024-31964.json b/2024/31xxx/CVE-2024-31964.json index 88d26214c6d..af43fd0d497 100644 --- a/2024/31xxx/CVE-2024-31964.json +++ b/2024/31xxx/CVE-2024-31964.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-31964", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-31964", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit, through 6.3 SP3 HF4 allows an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication control. A successful exploit could allow an attacker to modify system configuration settings and potentially cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0007", + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0007" } ] } diff --git a/2024/31xxx/CVE-2024-31965.json b/2024/31xxx/CVE-2024-31965.json index 93ce0e6cbaf..5085f7c1359 100644 --- a/2024/31xxx/CVE-2024-31965.json +++ b/2024/31xxx/CVE-2024-31965.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-31965", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-31965", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit, through 6.3 SP3 HF4 allows an authenticated attacker with administrative privilege to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0008", + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0008" } ] } diff --git a/2024/31xxx/CVE-2024-31966.json b/2024/31xxx/CVE-2024-31966.json index 68a366f241b..4662c73fe13 100644 --- a/2024/31xxx/CVE-2024-31966.json +++ b/2024/31xxx/CVE-2024-31966.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-31966", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-31966", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit, through 6.3 SP3 HF4 allows an authenticated attacker with administrative privilege to conduct an argument injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to access sensitive information, modify the system configuration, or execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0009", + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0009" } ] } diff --git a/2024/31xxx/CVE-2024-31967.json b/2024/31xxx/CVE-2024-31967.json index 9017564a5b7..4f2135b2a63 100644 --- a/2024/31xxx/CVE-2024-31967.json +++ b/2024/31xxx/CVE-2024-31967.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-31967", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-31967", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit, through 6.3 SP3 HF4 allows an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A successful exploit could allow an attacker to gain unauthorized access to user information or the system configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0010", + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0010" } ] } diff --git a/2024/33xxx/CVE-2024-33530.json b/2024/33xxx/CVE-2024-33530.json index fb63b53c4a5..8cd863efefb 100644 --- a/2024/33xxx/CVE-2024-33530.json +++ b/2024/33xxx/CVE-2024-33530.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-33530", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-33530", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings (that make use of a lobby) leads to the disclosure of the meeting password when a user is invited to a call after waiting in the lobby." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://insinuator.net/2024/05/vulnerability-in-jitsi-meet-meeting-password-disclosure-affecting-meetings-with-lobbies/", + "url": "https://insinuator.net/2024/05/vulnerability-in-jitsi-meet-meeting-password-disclosure-affecting-meetings-with-lobbies/" } ] } diff --git a/2024/33xxx/CVE-2024-33775.json b/2024/33xxx/CVE-2024-33775.json index ff6b5219779..2aa040f15b8 100644 --- a/2024/33xxx/CVE-2024-33775.json +++ b/2024/33xxx/CVE-2024-33775.json @@ -56,6 +56,11 @@ "url": "https://www.nagios.com/changelog/#nagios-xi", "refsource": "MISC", "name": "https://www.nagios.com/changelog/#nagios-xi" + }, + { + "refsource": "MISC", + "name": "https://github.com/Neo-XeD/CVE-2024-33775", + "url": "https://github.com/Neo-XeD/CVE-2024-33775" } ] } diff --git a/2024/4xxx/CVE-2024-4405.json b/2024/4xxx/CVE-2024-4405.json index 2909be3b056..1a956293aa7 100644 --- a/2024/4xxx/CVE-2024-4405.json +++ b/2024/4xxx/CVE-2024-4405.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-4405", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the manual-upgrade.html file. When parsing the manualUpgradeInfo parameter, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22379." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Xiaomi", + "product": { + "product_data": [ + { + "product_name": "Pro 13", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "14.0.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-418/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-418/" + } + ] + }, + "source": { + "lang": "en", + "value": "@hoangnx99, @vudq16, @biennd279, @_q5ca from @vcslab" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/4xxx/CVE-2024-4406.json b/2024/4xxx/CVE-2024-4406.json index 42d417def95..4986269e393 100644 --- a/2024/4xxx/CVE-2024-4406.json +++ b/2024/4xxx/CVE-2024-4406.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-4406", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the integral-dialog-page.html file. When parsing the integralInfo parameter, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22332." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Xiaomi", + "product": { + "product_data": [ + { + "product_name": "Pro 13", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "14.0.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-419/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-419/" + } + ] + }, + "source": { + "lang": "en", + "value": "Ken Gannon and Ilyes Beghdadi of NCC Group" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/4xxx/CVE-2024-4432.json b/2024/4xxx/CVE-2024-4432.json new file mode 100644 index 00000000000..765e53ec496 --- /dev/null +++ b/2024/4xxx/CVE-2024-4432.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-4432", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/4xxx/CVE-2024-4433.json b/2024/4xxx/CVE-2024-4433.json new file mode 100644 index 00000000000..54983f5aa73 --- /dev/null +++ b/2024/4xxx/CVE-2024-4433.json @@ -0,0 +1,95 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-4433", + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr Digital Simple Image Popup allows Stored XSS.This issue affects Simple Image Popup: from n/a through 2.4.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mr Digital", + "product": { + "product_data": [ + { + "product_name": "Simple Image Popup", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/simple-image-popup/wordpress-simple-image-popup-plugin-2-4-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/simple-image-popup/wordpress-simple-image-popup-plugin-2-4-0-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Cronus (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + ] + } +} \ No newline at end of file