diff --git a/2021/22xxx/CVE-2021-22501.json b/2021/22xxx/CVE-2021-22501.json
index 3386db3a615..5d56de03a9c 100644
--- a/2021/22xxx/CVE-2021-22501.json
+++ b/2021/22xxx/CVE-2021-22501.json
@@ -1,18 +1,111 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22501",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@opentext.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Improper Restriction of XML External Entity Reference vulnerability in OpenText\u2122 Operations Bridge Manager allows Input Data Manipulation.\u00a0\n\nThe vulnerability could be exploited to confidential information\n\nThis issue affects Operations Bridge Manager: 2017.05, 2017.11, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-611 Improper Restriction of XML External Entity Reference",
+ "cweId": "CWE-611"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "OpenText\u2122",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Operations Bridge Manager",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2017.05"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "2017.11"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "2018.05"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "2018.11"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "2019.05"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "2019.11"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "2020.05"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "2020.10"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://portal.microfocus.com/s/article/KM000037407?language=en_US",
+ "refsource": "MISC",
+ "name": "https://portal.microfocus.com/s/article/KM000037407?language=en_US"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "CVE-2021-22501: A potential vulnerability has been identified in Opentext Operations Bridge Manager.\n\n
"
+ }
+ ],
+ "value": "CVE-2021-22501: A potential vulnerability has been identified in Opentext Operations Bridge Manager. https://portal.microfocus.com/s/article/KM000037407"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2021/32xxx/CVE-2021-32589.json b/2021/32xxx/CVE-2021-32589.json
index a296f139b3b..0d3223bd45c 100644
--- a/2021/32xxx/CVE-2021-32589.json
+++ b/2021/32xxx/CVE-2021-32589.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A use after free in Fortinet FortiManager, FortiAnalyzer allows attacker to execute unauthorized code or commands via "
+ "value": "A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device."
}
]
},
diff --git a/2024/12xxx/CVE-2024-12788.json b/2024/12xxx/CVE-2024-12788.json
index c5ff68df8c6..1da7e9379c6 100644
--- a/2024/12xxx/CVE-2024-12788.json
+++ b/2024/12xxx/CVE-2024-12788.json
@@ -1,17 +1,118 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12788",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was found in Codezips Technical Discussion Forum 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file signinpost.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
+ },
+ {
+ "lang": "deu",
+ "value": "Eine Schwachstelle wurde in Codezips Technical Discussion Forum 1.0 gefunden. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei signinpost.php. Durch das Beeinflussen des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "SQL Injection",
+ "cweId": "CWE-89"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Injection",
+ "cweId": "CWE-74"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Codezips",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Technical Discussion Forum",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.288968",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.288968"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.288968",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.288968"
+ },
+ {
+ "url": "https://vuldb.com/?submit.465094",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.465094"
+ },
+ {
+ "url": "https://github.com/laowuzi/cve/tree/main/Technical_Discussion_Forum",
+ "refsource": "MISC",
+ "name": "https://github.com/laowuzi/cve/tree/main/Technical_Discussion_Forum"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "laowuzi (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 7.5,
+ "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}
diff --git a/2024/12xxx/CVE-2024-12789.json b/2024/12xxx/CVE-2024-12789.json
index 82a6de140fe..56fd073fbd8 100644
--- a/2024/12xxx/CVE-2024-12789.json
+++ b/2024/12xxx/CVE-2024-12789.json
@@ -1,17 +1,130 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12789",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.4 is able to address this issue. It is recommended to upgrade the affected component."
+ },
+ {
+ "lang": "deu",
+ "value": "Es wurde eine Schwachstelle in PbootCMS bis 3.2.3 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei apps/home/controller/IndexController.php. Durch Beeinflussen des Arguments tag mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 3.2.4 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Code Injection",
+ "cweId": "CWE-94"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Injection",
+ "cweId": "CWE-74"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PbootCMS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.2.0"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "3.2.1"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "3.2.2"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "3.2.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.288969",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.288969"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.288969",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.288969"
+ },
+ {
+ "url": "https://vuldb.com/?submit.465122",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.465122"
+ },
+ {
+ "url": "https://gist.github.com/J1rrY-learn/8e52bf055fd1806ada81ae1ff25dd817",
+ "refsource": "MISC",
+ "name": "https://gist.github.com/J1rrY-learn/8e52bf055fd1806ada81ae1ff25dd817"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "J1rrY (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 6.5,
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2024/12xxx/CVE-2024-12801.json b/2024/12xxx/CVE-2024-12801.json
new file mode 100644
index 00000000000..2737630f613
--- /dev/null
+++ b/2024/12xxx/CVE-2024-12801.json
@@ -0,0 +1,129 @@
+{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-12801",
+ "ASSIGNER": "vulnerability@ncsc.ch",
+ "STATE": "PUBLIC"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to \nforge requests by compromising logback configuration files in XML.\n\n\n\nThe attacks involves the modification of DOCTYPE declaration in\u00a0 XML configuration files."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-918 Server-Side Request Forgery (SSRF)",
+ "cweId": "CWE-918"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QOS.CH Sarl",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "logback",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "1.5.12",
+ "status": "affected",
+ "version": "0",
+ "versionType": "maven"
+ },
+ {
+ "status": "unaffected",
+ "version": "1.5.13"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://logback.qos.ch/news.html#1.5.13",
+ "refsource": "MISC",
+ "name": "https://logback.qos.ch/news.html#1.5.13"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "configuration": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "The attacker needs to access and write to logback configuration files. Alternatively, the attacker needs to be able to force the use of a malicious logback configuration file at application start.
"
+ }
+ ],
+ "value": "The attacker needs to access and write to logback configuration files. Alternatively, the attacker needs to be able to force the use of a malicious logback configuration file at application start."
+ }
+ ],
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to logback version 1.5.13 or later.
"
+ }
+ ],
+ "value": "Update to logback version 1.5.13 or later."
+ }
+ ],
+ "exploit": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "No known existing exploitation.
"
+ }
+ ],
+ "value": "No known existing exploitation."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "7asecurity"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/2024/12xxx/CVE-2024-12802.json b/2024/12xxx/CVE-2024-12802.json
new file mode 100644
index 00000000000..7ca3bdbc132
--- /dev/null
+++ b/2024/12xxx/CVE-2024-12802.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-12802",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/12xxx/CVE-2024-12803.json b/2024/12xxx/CVE-2024-12803.json
new file mode 100644
index 00000000000..59c4239dcb0
--- /dev/null
+++ b/2024/12xxx/CVE-2024-12803.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-12803",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/12xxx/CVE-2024-12804.json b/2024/12xxx/CVE-2024-12804.json
new file mode 100644
index 00000000000..fbfa6cc729d
--- /dev/null
+++ b/2024/12xxx/CVE-2024-12804.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-12804",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/12xxx/CVE-2024-12805.json b/2024/12xxx/CVE-2024-12805.json
new file mode 100644
index 00000000000..ca2ea527b63
--- /dev/null
+++ b/2024/12xxx/CVE-2024-12805.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-12805",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/12xxx/CVE-2024-12806.json b/2024/12xxx/CVE-2024-12806.json
new file mode 100644
index 00000000000..4d3b572c85a
--- /dev/null
+++ b/2024/12xxx/CVE-2024-12806.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-12806",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/38xxx/CVE-2024-38864.json b/2024/38xxx/CVE-2024-38864.json
index e88e50616eb..59ae852a63a 100644
--- a/2024/38xxx/CVE-2024-38864.json
+++ b/2024/38xxx/CVE-2024-38864.json
@@ -1,17 +1,74 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38864",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@checkmk.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-732: Incorrect Permission Assignment for Critical Resource",
+ "cweId": "CWE-732"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Checkmk GmbH",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Checkmk",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "2.3.0",
+ "version_value": "2.3.0p23"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "2.2.0",
+ "version_value": "2.2.0p38"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "2.1.0",
+ "version_value": "2.1.0p50"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://checkmk.com/werk/17098",
+ "refsource": "MISC",
+ "name": "https://checkmk.com/werk/17098"
}
]
}
diff --git a/2024/55xxx/CVE-2024-55081.json b/2024/55xxx/CVE-2024-55081.json
index 38c63df5c9b..9825f3743e5 100644
--- a/2024/55xxx/CVE-2024-55081.json
+++ b/2024/55xxx/CVE-2024-55081.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-55081",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-55081",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB v0.3.5 allows attackers to execute arbitrary code via supplying a crafted XML input."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/summerxxoo/VulnPoc/blob/main/chat2DB_XXE.md",
+ "refsource": "MISC",
+ "name": "https://github.com/summerxxoo/VulnPoc/blob/main/chat2DB_XXE.md"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://gist.github.com/summerxxoo/18b3ccc91aacd606aa4d48a02029e9e7",
+ "url": "https://gist.github.com/summerxxoo/18b3ccc91aacd606aa4d48a02029e9e7"
}
]
}
diff --git a/2024/55xxx/CVE-2024-55082.json b/2024/55xxx/CVE-2024-55082.json
index 4c8bf6439d9..1b08359bf7f 100644
--- a/2024/55xxx/CVE-2024-55082.json
+++ b/2024/55xxx/CVE-2024-55082.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-55082",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-55082",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/summerxxoo/VulnPoc/blob/main/Stirling-PDF-%20Server-Side%20Request%20Forgery(SSRF)%20vulnerability.md",
+ "refsource": "MISC",
+ "name": "https://github.com/summerxxoo/VulnPoc/blob/main/Stirling-PDF-%20Server-Side%20Request%20Forgery(SSRF)%20vulnerability.md"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://gist.github.com/summerxxoo/f98033dbf1ab81a045c1196c3a1ab3ef",
+ "url": "https://gist.github.com/summerxxoo/f98033dbf1ab81a045c1196c3a1ab3ef"
}
]
}