diff --git a/2021/47xxx/CVE-2021-47115.json b/2021/47xxx/CVE-2021-47115.json index a8d4cd65255..2063b881a55 100644 --- a/2021/47xxx/CVE-2021-47115.json +++ b/2021/47xxx/CVE-2021-47115.json @@ -5,164 +5,14 @@ "CVE_data_meta": { "ID": "CVE-2021-47115", "ASSIGNER": "cve@kernel.org", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect\n\nIt's possible to trigger NULL pointer dereference by local unprivileged\nuser, when calling getsockname() after failed bind() (e.g. the bind\nfails because LLCP_SAP_MAX used as SAP):\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n CPU: 1 PID: 426 Comm: llcp_sock_getna Not tainted 5.13.0-rc2-next-20210521+ #9\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1 04/01/2014\n Call Trace:\n llcp_sock_getname+0xb1/0xe0\n __sys_getpeername+0x95/0xc0\n ? lockdep_hardirqs_on_prepare+0xd5/0x180\n ? syscall_enter_from_user_mode+0x1c/0x40\n __x64_sys_getpeername+0x11/0x20\n do_syscall_64+0x36/0x70\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThis can be reproduced with Syzkaller C repro (bind followed by\ngetpeername):\nhttps://syzkaller.appspot.com/x/repro.c?x=14def446e00000" + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Linux", - "product": { - "product_data": [ - { - "product_name": "Linux", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "d646960f7986", - "version_value": "eb6875d48590" - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "3.3", - "status": "affected" - }, - { - "version": "0", - "lessThan": "3.3", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "4.4.272", - "lessThanOrEqual": "4.4.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "4.9.272", - "lessThanOrEqual": "4.9.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "4.14.236", - "lessThanOrEqual": "4.14.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "4.19.194", - "lessThanOrEqual": "4.19.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "5.4.125", - "lessThanOrEqual": "5.4.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "5.10.43", - "lessThanOrEqual": "5.10.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "5.12.10", - "lessThanOrEqual": "5.12.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "5.13", - "lessThanOrEqual": "*", - "status": "unaffected", - "versionType": "original_commit_for_fix" - } - ], - "defaultStatus": "affected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://git.kernel.org/stable/c/eb6875d48590d8e564092e831ff07fa384d7e477", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/eb6875d48590d8e564092e831ff07fa384d7e477" - }, - { - "url": "https://git.kernel.org/stable/c/39c15bd2e5d11bcf7f4c3dba2aad9e1e110a5d94", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/39c15bd2e5d11bcf7f4c3dba2aad9e1e110a5d94" - }, - { - "url": "https://git.kernel.org/stable/c/ffff05b9ee5c74c04bba2801c1f99b31975d74d9", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/ffff05b9ee5c74c04bba2801c1f99b31975d74d9" - }, - { - "url": "https://git.kernel.org/stable/c/93e4ac2a9979a9a4ecc158409ed9c3044dc0ae1f", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/93e4ac2a9979a9a4ecc158409ed9c3044dc0ae1f" - }, - { - "url": "https://git.kernel.org/stable/c/5d4c4b06ed9fb7a69d0b2e2a73fc73226d25ab70", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/5d4c4b06ed9fb7a69d0b2e2a73fc73226d25ab70" - }, - { - "url": "https://git.kernel.org/stable/c/48ee0db61c8299022ec88c79ad137f290196cac2", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/48ee0db61c8299022ec88c79ad137f290196cac2" - }, - { - "url": "https://git.kernel.org/stable/c/0c4559736d9a4ec1ca58ba98ca34e7c4da4c422b", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/0c4559736d9a4ec1ca58ba98ca34e7c4da4c422b" - }, - { - "url": "https://git.kernel.org/stable/c/4ac06a1e013cf5fdd963317ffd3b968560f33bba", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/4ac06a1e013cf5fdd963317ffd3b968560f33bba" - } - ] - }, - "generator": { - "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28855.json b/2024/28xxx/CVE-2024-28855.json index 3d7d3dabea2..fd01e228bd1 100644 --- a/2024/28xxx/CVE-2024-28855.json +++ b/2024/28xxx/CVE-2024-28855.json @@ -1,17 +1,144 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28855", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ZITADEL, open source authentication management software, uses Go templates to render the login UI. Due to a improper use of the `text/template` instead of the `html/template` package, the Login UI did not sanitize input parameters prior to versions 2.47.3, 2.46.1, 2.45.1, 2.44.3, 2.43.9, 2.42.15, and 2.41.15. An attacker could create a malicious link, where he injected code which would be rendered as part of the login screen. While it was possible to inject HTML including JavaScript, the execution of such scripts would be prevented by the Content Security Policy. Versions 2.47.3, 2.46.1, 2.45.1, 2.44.3, 2.43.9, 2.42.15, and 2.41.15 contain a patch for this issue. No known workarounds are available." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zitadel", + "product": { + "product_data": [ + { + "product_name": "zitadel", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.41.15" + }, + { + "version_affected": "=", + "version_value": ">= 2.42.0, < 2.42.15" + }, + { + "version_affected": "=", + "version_value": ">= 2.43.0, < 2.43.9" + }, + { + "version_affected": "=", + "version_value": ">= 2.44.0, < 2.44.3" + }, + { + "version_affected": "=", + "version_value": "= 2.45.0" + }, + { + "version_affected": "=", + "version_value": "= 2.46.0" + }, + { + "version_affected": "=", + "version_value": ">= 2.47.0, < 2.47.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-hfrg-4jwr-jfpj", + "refsource": "MISC", + "name": "https://github.com/zitadel/zitadel/security/advisories/GHSA-hfrg-4jwr-jfpj" + }, + { + "url": "https://github.com/zitadel/zitadel/releases/tag/v2.41.15", + "refsource": "MISC", + "name": "https://github.com/zitadel/zitadel/releases/tag/v2.41.15" + }, + { + "url": "https://github.com/zitadel/zitadel/releases/tag/v2.42.15", + "refsource": "MISC", + "name": "https://github.com/zitadel/zitadel/releases/tag/v2.42.15" + }, + { + "url": "https://github.com/zitadel/zitadel/releases/tag/v2.43.9", + "refsource": "MISC", + "name": "https://github.com/zitadel/zitadel/releases/tag/v2.43.9" + }, + { + "url": "https://github.com/zitadel/zitadel/releases/tag/v2.44.3", + "refsource": "MISC", + "name": "https://github.com/zitadel/zitadel/releases/tag/v2.44.3" + }, + { + "url": "https://github.com/zitadel/zitadel/releases/tag/v2.45.1", + "refsource": "MISC", + "name": "https://github.com/zitadel/zitadel/releases/tag/v2.45.1" + }, + { + "url": "https://github.com/zitadel/zitadel/releases/tag/v2.46.1", + "refsource": "MISC", + "name": "https://github.com/zitadel/zitadel/releases/tag/v2.46.1" + }, + { + "url": "https://github.com/zitadel/zitadel/releases/tag/v2.47.3", + "refsource": "MISC", + "name": "https://github.com/zitadel/zitadel/releases/tag/v2.47.3" + } + ] + }, + "source": { + "advisory": "GHSA-hfrg-4jwr-jfpj", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/28xxx/CVE-2024-28864.json b/2024/28xxx/CVE-2024-28864.json index dab50f5ae4a..7f9165d6f66 100644 --- a/2024/28xxx/CVE-2024-28864.json +++ b/2024/28xxx/CVE-2024-28864.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28864", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with `NullEncoder` and passed to `TagAwareCipher`, and contains special characters such as `\\n`. As a result, the decryption process is skipped since the tags are not detected. This causes the encrypted data to be returned in plain format. The vulnerability affects users who implement `TagAwareCipher` with any base cipher that has `NullEncoder` (not default). The patch for the issue has been released. Users are advised to update to version 1.2.2. As a workaround, one may use the default `Base64Encoder` with the base cipher decorated with `TagAwareCipher` to prevent special characters in the encrypted string from interfering with regex tag detection logic. This workaround is safe but may involve double encoding since `TagAwareCipher` uses `NullEncoder` by default." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333: Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IlicMiljan", + "product": { + "product_data": [ + { + "product_name": "Secure-Props", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.2.0, < 1.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/IlicMiljan/Secure-Props/security/advisories/GHSA-rj29-j2g4-77q8", + "refsource": "MISC", + "name": "https://github.com/IlicMiljan/Secure-Props/security/advisories/GHSA-rj29-j2g4-77q8" + }, + { + "url": "https://github.com/IlicMiljan/Secure-Props/issues/20", + "refsource": "MISC", + "name": "https://github.com/IlicMiljan/Secure-Props/issues/20" + }, + { + "url": "https://github.com/IlicMiljan/Secure-Props/pull/21", + "refsource": "MISC", + "name": "https://github.com/IlicMiljan/Secure-Props/pull/21" + }, + { + "url": "https://github.com/IlicMiljan/Secure-Props/commit/ab7b561040cd37fda3dbf9a6cab01fefcaa16627", + "refsource": "MISC", + "name": "https://github.com/IlicMiljan/Secure-Props/commit/ab7b561040cd37fda3dbf9a6cab01fefcaa16627" + } + ] + }, + "source": { + "advisory": "GHSA-rj29-j2g4-77q8", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 2.6, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/28xxx/CVE-2024-28865.json b/2024/28xxx/CVE-2024-28865.json index 07a90b71ec5..e65938dc055 100644 --- a/2024/28xxx/CVE-2024-28865.json +++ b/2024/28xxx/CVE-2024-28865.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28865", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333: Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "django-wiki", + "product": { + "product_data": [ + { + "product_name": "django-wiki", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 0.10.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h", + "refsource": "MISC", + "name": "https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h" + }, + { + "url": "https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c", + "refsource": "MISC", + "name": "https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c" + } + ] + }, + "source": { + "advisory": "GHSA-wj85-w4f4-xh8h", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2584.json b/2024/2xxx/CVE-2024-2584.json index 73cecfc577a..79062686800 100644 --- a/2024/2xxx/CVE-2024-2584.json +++ b/2024/2xxx/CVE-2024-2584.json @@ -1,93 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2584", - "ASSIGNER": "cve-coordination@incibe.es", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Amssplus", - "product": { - "product_data": [ - { - "product_name": "AMSS++", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "4.31" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", - "refsource": "MISC", - "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "credits": [ - { - "lang": "en", - "value": "Rafael Pedrero" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.2, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2585.json b/2024/2xxx/CVE-2024-2585.json index f6a60e4afc6..623cfd24ee5 100644 --- a/2024/2xxx/CVE-2024-2585.json +++ b/2024/2xxx/CVE-2024-2585.json @@ -1,93 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2585", - "ASSIGNER": "cve-coordination@incibe.es", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send_2.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Amssplus", - "product": { - "product_data": [ - { - "product_name": "AMSS++", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "4.31" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", - "refsource": "MISC", - "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "credits": [ - { - "lang": "en", - "value": "Rafael Pedrero" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.2, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2586.json b/2024/2xxx/CVE-2024-2586.json index 1dbd0844aad..4ec237804ce 100644 --- a/2024/2xxx/CVE-2024-2586.json +++ b/2024/2xxx/CVE-2024-2586.json @@ -1,93 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2586", - "ASSIGNER": "cve-coordination@incibe.es", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Amssplus", - "product": { - "product_data": [ - { - "product_name": "AMSS++", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "4.31" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", - "refsource": "MISC", - "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "credits": [ - { - "lang": "en", - "value": "Rafael Pedrero" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.2, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2587.json b/2024/2xxx/CVE-2024-2587.json index 7823791302c..37347243e62 100644 --- a/2024/2xxx/CVE-2024-2587.json +++ b/2024/2xxx/CVE-2024-2587.json @@ -1,93 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2587", - "ASSIGNER": "cve-coordination@incibe.es", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_khet_person.php, in multiple\u00a0parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Amssplus", - "product": { - "product_data": [ - { - "product_name": "AMSS++", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "4.31" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", - "refsource": "MISC", - "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "credits": [ - { - "lang": "en", - "value": "Rafael Pedrero" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.2, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2588.json b/2024/2xxx/CVE-2024-2588.json index aa5410c4f87..7c0942bcdad 100644 --- a/2024/2xxx/CVE-2024-2588.json +++ b/2024/2xxx/CVE-2024-2588.json @@ -1,93 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2588", - "ASSIGNER": "cve-coordination@incibe.es", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id'\u00a0parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Amssplus", - "product": { - "product_data": [ - { - "product_name": "AMSS++", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "4.31" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", - "refsource": "MISC", - "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "credits": [ - { - "lang": "en", - "value": "Rafael Pedrero" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.2, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2589.json b/2024/2xxx/CVE-2024-2589.json index 66c04b4b492..d925ec30c73 100644 --- a/2024/2xxx/CVE-2024-2589.json +++ b/2024/2xxx/CVE-2024-2589.json @@ -1,93 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2589", - "ASSIGNER": "cve-coordination@incibe.es", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_school_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Amssplus", - "product": { - "product_data": [ - { - "product_name": "AMSS++", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "4.31" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", - "refsource": "MISC", - "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "credits": [ - { - "lang": "en", - "value": "Rafael Pedrero" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.2, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2590.json b/2024/2xxx/CVE-2024-2590.json index de389a2e31a..2f911fe27c3 100644 --- a/2024/2xxx/CVE-2024-2590.json +++ b/2024/2xxx/CVE-2024-2590.json @@ -1,93 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2590", - "ASSIGNER": "cve-coordination@incibe.es", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/select_send.php, in the\u00a0'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Amssplus", - "product": { - "product_data": [ - { - "product_name": "AMSS++", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "4.31" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", - "refsource": "MISC", - "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "credits": [ - { - "lang": "en", - "value": "Rafael Pedrero" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.2, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2591.json b/2024/2xxx/CVE-2024-2591.json index a7e34f53cca..1ab0c3225b7 100644 --- a/2024/2xxx/CVE-2024-2591.json +++ b/2024/2xxx/CVE-2024-2591.json @@ -1,93 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2591", - "ASSIGNER": "cve-coordination@incibe.es", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple\u00a0parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Amssplus", - "product": { - "product_data": [ - { - "product_name": "AMSS++", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "4.31" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", - "refsource": "MISC", - "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "credits": [ - { - "lang": "en", - "value": "Rafael Pedrero" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.2, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2592.json b/2024/2xxx/CVE-2024-2592.json index af5d4e3e207..956dc8a383e 100644 --- a/2024/2xxx/CVE-2024-2592.json +++ b/2024/2xxx/CVE-2024-2592.json @@ -1,93 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2592", - "ASSIGNER": "cve-coordination@incibe.es", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/pic_show.php, in the 'person_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Amssplus", - "product": { - "product_data": [ - { - "product_name": "AMSS++", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "4.31" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", - "refsource": "MISC", - "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "credits": [ - { - "lang": "en", - "value": "Rafael Pedrero" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.2, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2593.json b/2024/2xxx/CVE-2024-2593.json index 21fbaf3aa21..74ba61bfad6 100644 --- a/2024/2xxx/CVE-2024-2593.json +++ b/2024/2xxx/CVE-2024-2593.json @@ -1,93 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2593", - "ASSIGNER": "cve-coordination@incibe.es", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability\u00a0through /amssplus/modules/book/main/bookdetail_group.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Amssplus", - "product": { - "product_data": [ - { - "product_name": "AMSS++", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "4.31" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", - "refsource": "MISC", - "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "credits": [ - { - "lang": "en", - "value": "Rafael Pedrero" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2594.json b/2024/2xxx/CVE-2024-2594.json index 9a2cdf84438..876bc440012 100644 --- a/2024/2xxx/CVE-2024-2594.json +++ b/2024/2xxx/CVE-2024-2594.json @@ -1,93 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2594", - "ASSIGNER": "cve-coordination@incibe.es", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability\u00a0through /amssplus/admin/index.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Amssplus", - "product": { - "product_data": [ - { - "product_name": "AMSS++", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "4.31" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", - "refsource": "MISC", - "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "credits": [ - { - "lang": "en", - "value": "Rafael Pedrero" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2595.json b/2024/2xxx/CVE-2024-2595.json index 94712b1a833..1456a850c9f 100644 --- a/2024/2xxx/CVE-2024-2595.json +++ b/2024/2xxx/CVE-2024-2595.json @@ -1,93 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2595", - "ASSIGNER": "cve-coordination@incibe.es", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability\u00a0through /amssplus/modules/book/main/bookdetail_khet_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Amssplus", - "product": { - "product_data": [ - { - "product_name": "AMSS++", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "4.31" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", - "refsource": "MISC", - "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "credits": [ - { - "lang": "en", - "value": "Rafael Pedrero" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2596.json b/2024/2xxx/CVE-2024-2596.json index 85e032d2104..1bcfc3084e3 100644 --- a/2024/2xxx/CVE-2024-2596.json +++ b/2024/2xxx/CVE-2024-2596.json @@ -1,93 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2596", - "ASSIGNER": "cve-coordination@incibe.es", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability\u00a0through /amssplus/modules/mail/main/select_send.php, in multiple\u00a0parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Amssplus", - "product": { - "product_data": [ - { - "product_name": "AMSS++", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "4.31" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", - "refsource": "MISC", - "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "credits": [ - { - "lang": "en", - "value": "Rafael Pedrero" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2597.json b/2024/2xxx/CVE-2024-2597.json index e7eb5a8c752..c6077f2a28c 100644 --- a/2024/2xxx/CVE-2024-2597.json +++ b/2024/2xxx/CVE-2024-2597.json @@ -1,93 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2597", - "ASSIGNER": "cve-coordination@incibe.es", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability\u00a0through /amssplus/modules/book/main/bookdetail_school_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Amssplus", - "product": { - "product_data": [ - { - "product_name": "AMSS++", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "4.31" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", - "refsource": "MISC", - "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "credits": [ - { - "lang": "en", - "value": "Rafael Pedrero" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2598.json b/2024/2xxx/CVE-2024-2598.json index 001650f5e9a..e533d46b3f2 100644 --- a/2024/2xxx/CVE-2024-2598.json +++ b/2024/2xxx/CVE-2024-2598.json @@ -1,93 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2598", - "ASSIGNER": "cve-coordination@incibe.es", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability\u00a0through /amssplus/modules/book/main/select_send_2.php, in multiple\u00a0parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Amssplus", - "product": { - "product_data": [ - { - "product_name": "AMSS++", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "4.31" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss", - "refsource": "MISC", - "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "credits": [ - { - "lang": "en", - "value": "Rafael Pedrero" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2604.json b/2024/2xxx/CVE-2024-2604.json index ee27c20134f..bf2f8b5e207 100644 --- a/2024/2xxx/CVE-2024-2604.json +++ b/2024/2xxx/CVE-2024-2604.json @@ -76,14 +76,6 @@ ] }, "credits": [ - { - "lang": "en", - "value": "Joshua Lictan" - }, - { - "lang": "en", - "value": "nochizplz (VulDB User)" - }, { "lang": "en", "value": "nochizplz (VulDB User)"