From 64eadd14ce149914e7170198c56d9c364b0e9821 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 10 Apr 2024 19:07:42 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/0xxx/CVE-2022-0001.json | 5 ++ 2023/48xxx/CVE-2023-48724.json | 5 ++ 2023/49xxx/CVE-2023-49074.json | 5 ++ 2023/49xxx/CVE-2023-49133.json | 5 ++ 2023/49xxx/CVE-2023-49134.json | 5 ++ 2023/49xxx/CVE-2023-49906.json | 5 ++ 2023/49xxx/CVE-2023-49907.json | 5 ++ 2023/49xxx/CVE-2023-49908.json | 5 ++ 2023/49xxx/CVE-2023-49909.json | 5 ++ 2023/49xxx/CVE-2023-49910.json | 5 ++ 2023/49xxx/CVE-2023-49911.json | 5 ++ 2023/49xxx/CVE-2023-49912.json | 5 ++ 2023/49xxx/CVE-2023-49913.json | 5 ++ 2023/50xxx/CVE-2023-50347.json | 77 +++++++++++++++++++-- 2023/5xxx/CVE-2023-5685.json | 14 ++-- 2023/6xxx/CVE-2023-6486.json | 85 +++++++++++++++++++++-- 2023/6xxx/CVE-2023-6777.json | 79 ++++++++++++++++++++-- 2023/6xxx/CVE-2023-6799.json | 75 +++++++++++++++++++-- 2023/6xxx/CVE-2023-6964.json | 75 +++++++++++++++++++-- 2023/6xxx/CVE-2023-6965.json | 90 +++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6967.json | 90 +++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6993.json | 75 +++++++++++++++++++-- 2023/6xxx/CVE-2023-6999.json | 90 +++++++++++++++++++++++-- 2023/7xxx/CVE-2023-7046.json | 75 +++++++++++++++++++-- 2024/0xxx/CVE-2024-0376.json | 75 +++++++++++++++++++-- 2024/0xxx/CVE-2024-0588.json | 75 +++++++++++++++++++-- 2024/0xxx/CVE-2024-0598.json | 80 ++++++++++++++++++++-- 2024/0xxx/CVE-2024-0626.json | 80 ++++++++++++++++++++-- 2024/0xxx/CVE-2024-0662.json | 75 +++++++++++++++++++-- 2024/22xxx/CVE-2024-22423.json | 101 +++++++++++++++++++++++++-- 2024/24xxx/CVE-2024-24245.json | 56 +++++++++++++-- 2024/24xxx/CVE-2024-24576.json | 120 +++++++++++++++++++++++++++++++-- 2024/25xxx/CVE-2024-25115.json | 94 ++++++++++++++++++++++++-- 2024/25xxx/CVE-2024-25116.json | 85 +++++++++++++++++++++-- 2024/26xxx/CVE-2024-26234.json | 2 +- 2024/2xxx/CVE-2024-2918.json | 60 +++++++++++++++-- 2024/30xxx/CVE-2024-30702.json | 56 +++++++++++++-- 2024/30xxx/CVE-2024-30703.json | 56 +++++++++++++-- 2024/30xxx/CVE-2024-30704.json | 56 +++++++++++++-- 2024/30xxx/CVE-2024-30706.json | 56 +++++++++++++-- 2024/30xxx/CVE-2024-30712.json | 56 +++++++++++++-- 2024/30xxx/CVE-2024-30713.json | 56 +++++++++++++-- 2024/30xxx/CVE-2024-30715.json | 56 +++++++++++++-- 2024/30xxx/CVE-2024-30716.json | 56 +++++++++++++-- 2024/30xxx/CVE-2024-30718.json | 56 +++++++++++++-- 2024/30xxx/CVE-2024-30719.json | 56 +++++++++++++-- 2024/30xxx/CVE-2024-30721.json | 56 +++++++++++++-- 2024/30xxx/CVE-2024-30722.json | 56 +++++++++++++-- 2024/30xxx/CVE-2024-30723.json | 56 +++++++++++++-- 2024/31xxx/CVE-2024-31230.json | 113 +++++++++++++++++++++++++++++-- 2024/31xxx/CVE-2024-31242.json | 113 +++++++++++++++++++++++++++++-- 2024/31xxx/CVE-2024-31457.json | 86 +++++++++++++++++++++-- 2024/31xxx/CVE-2024-31943.json | 113 +++++++++++++++++++++++++++++-- 2024/31xxx/CVE-2024-31944.json | 113 +++++++++++++++++++++++++++++-- 2024/32xxx/CVE-2024-32017.json | 18 +++++ 2024/32xxx/CVE-2024-32018.json | 18 +++++ 2024/32xxx/CVE-2024-32019.json | 18 +++++ 2024/32xxx/CVE-2024-32020.json | 18 +++++ 2024/32xxx/CVE-2024-32021.json | 18 +++++ 2024/32xxx/CVE-2024-32022.json | 18 +++++ 2024/32xxx/CVE-2024-32023.json | 18 +++++ 2024/32xxx/CVE-2024-32024.json | 18 +++++ 2024/32xxx/CVE-2024-32025.json | 18 +++++ 2024/32xxx/CVE-2024-32026.json | 18 +++++ 2024/32xxx/CVE-2024-32027.json | 18 +++++ 2024/32xxx/CVE-2024-32028.json | 18 +++++ 2024/32xxx/CVE-2024-32029.json | 18 +++++ 2024/32xxx/CVE-2024-32030.json | 18 +++++ 2024/3xxx/CVE-2024-3281.json | 56 +++++++++++++-- 2024/3xxx/CVE-2024-3313.json | 111 ++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3517.json | 18 +++++ 2024/3xxx/CVE-2024-3521.json | 100 +++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3522.json | 100 +++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3523.json | 100 +++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3524.json | 100 +++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3531.json | 100 +++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3532.json | 100 +++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3533.json | 100 +++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3534.json | 100 +++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3543.json | 18 +++++ 2024/3xxx/CVE-2024-3544.json | 18 +++++ 2024/3xxx/CVE-2024-3545.json | 72 ++------------------ 2024/3xxx/CVE-2024-3556.json | 8 +-- 2024/3xxx/CVE-2024-3557.json | 18 +++++ 2024/3xxx/CVE-2024-3558.json | 18 +++++ 2024/3xxx/CVE-2024-3559.json | 18 +++++ 2024/3xxx/CVE-2024-3560.json | 18 +++++ 2024/3xxx/CVE-2024-3561.json | 18 +++++ 2024/3xxx/CVE-2024-3562.json | 18 +++++ 2024/3xxx/CVE-2024-3563.json | 18 +++++ 2024/3xxx/CVE-2024-3564.json | 18 +++++ 2024/3xxx/CVE-2024-3610.json | 18 +++++ 2024/3xxx/CVE-2024-3611.json | 18 +++++ 2024/3xxx/CVE-2024-3612.json | 18 +++++ 2024/3xxx/CVE-2024-3613.json | 18 +++++ 2024/3xxx/CVE-2024-3614.json | 18 +++++ 2024/3xxx/CVE-2024-3615.json | 18 +++++ 2024/3xxx/CVE-2024-3616.json | 18 +++++ 2024/3xxx/CVE-2024-3617.json | 18 +++++ 2024/3xxx/CVE-2024-3618.json | 18 +++++ 100 files changed, 4414 insertions(+), 304 deletions(-) create mode 100644 2024/32xxx/CVE-2024-32017.json create mode 100644 2024/32xxx/CVE-2024-32018.json create mode 100644 2024/32xxx/CVE-2024-32019.json create mode 100644 2024/32xxx/CVE-2024-32020.json create mode 100644 2024/32xxx/CVE-2024-32021.json create mode 100644 2024/32xxx/CVE-2024-32022.json create mode 100644 2024/32xxx/CVE-2024-32023.json create mode 100644 2024/32xxx/CVE-2024-32024.json create mode 100644 2024/32xxx/CVE-2024-32025.json create mode 100644 2024/32xxx/CVE-2024-32026.json create mode 100644 2024/32xxx/CVE-2024-32027.json create mode 100644 2024/32xxx/CVE-2024-32028.json create mode 100644 2024/32xxx/CVE-2024-32029.json create mode 100644 2024/32xxx/CVE-2024-32030.json create mode 100644 2024/3xxx/CVE-2024-3517.json create mode 100644 2024/3xxx/CVE-2024-3543.json create mode 100644 2024/3xxx/CVE-2024-3544.json create mode 100644 2024/3xxx/CVE-2024-3557.json create mode 100644 2024/3xxx/CVE-2024-3558.json create mode 100644 2024/3xxx/CVE-2024-3559.json create mode 100644 2024/3xxx/CVE-2024-3560.json create mode 100644 2024/3xxx/CVE-2024-3561.json create mode 100644 2024/3xxx/CVE-2024-3562.json create mode 100644 2024/3xxx/CVE-2024-3563.json create mode 100644 2024/3xxx/CVE-2024-3564.json create mode 100644 2024/3xxx/CVE-2024-3610.json create mode 100644 2024/3xxx/CVE-2024-3611.json create mode 100644 2024/3xxx/CVE-2024-3612.json create mode 100644 2024/3xxx/CVE-2024-3613.json create mode 100644 2024/3xxx/CVE-2024-3614.json create mode 100644 2024/3xxx/CVE-2024-3615.json create mode 100644 2024/3xxx/CVE-2024-3616.json create mode 100644 2024/3xxx/CVE-2024-3617.json create mode 100644 2024/3xxx/CVE-2024-3618.json diff --git a/2022/0xxx/CVE-2022-0001.json b/2022/0xxx/CVE-2022-0001.json index 91cf26ae474..d4f8faee358 100644 --- a/2022/0xxx/CVE-2022-0001.json +++ b/2022/0xxx/CVE-2022-0001.json @@ -63,6 +63,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220818-0004/", "url": "https://security.netapp.com/advisory/ntap-20220818-0004/" + }, + { + "refsource": "CERT-VN", + "name": "VU#155143", + "url": "https://www.kb.cert.org/vuls/id/155143" } ] }, diff --git a/2023/48xxx/CVE-2023-48724.json b/2023/48xxx/CVE-2023-48724.json index 317be2901d4..bd647635624 100644 --- a/2023/48xxx/CVE-2023-48724.json +++ b/2023/48xxx/CVE-2023-48724.json @@ -58,6 +58,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1864" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1864", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1864" } ] }, diff --git a/2023/49xxx/CVE-2023-49074.json b/2023/49xxx/CVE-2023-49074.json index 619f34acf2c..ecd5009eeba 100644 --- a/2023/49xxx/CVE-2023-49074.json +++ b/2023/49xxx/CVE-2023-49074.json @@ -58,6 +58,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1861", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1861" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1861", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1861" } ] }, diff --git a/2023/49xxx/CVE-2023-49133.json b/2023/49xxx/CVE-2023-49133.json index e13862474a0..63a74672bce 100644 --- a/2023/49xxx/CVE-2023-49133.json +++ b/2023/49xxx/CVE-2023-49133.json @@ -69,6 +69,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1862", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1862" } ] }, diff --git a/2023/49xxx/CVE-2023-49134.json b/2023/49xxx/CVE-2023-49134.json index 75406d3b9b4..7703a73d246 100644 --- a/2023/49xxx/CVE-2023-49134.json +++ b/2023/49xxx/CVE-2023-49134.json @@ -69,6 +69,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1862" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1862", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1862" } ] }, diff --git a/2023/49xxx/CVE-2023-49906.json b/2023/49xxx/CVE-2023-49906.json index cd72e16ea57..60502acd52c 100644 --- a/2023/49xxx/CVE-2023-49906.json +++ b/2023/49xxx/CVE-2023-49906.json @@ -69,6 +69,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888" } ] }, diff --git a/2023/49xxx/CVE-2023-49907.json b/2023/49xxx/CVE-2023-49907.json index 7b22b135223..62a031f3a98 100644 --- a/2023/49xxx/CVE-2023-49907.json +++ b/2023/49xxx/CVE-2023-49907.json @@ -69,6 +69,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888" } ] }, diff --git a/2023/49xxx/CVE-2023-49908.json b/2023/49xxx/CVE-2023-49908.json index d1dee04e732..834a625ba03 100644 --- a/2023/49xxx/CVE-2023-49908.json +++ b/2023/49xxx/CVE-2023-49908.json @@ -69,6 +69,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888" } ] }, diff --git a/2023/49xxx/CVE-2023-49909.json b/2023/49xxx/CVE-2023-49909.json index d56147a7b1e..05cc2042ad6 100644 --- a/2023/49xxx/CVE-2023-49909.json +++ b/2023/49xxx/CVE-2023-49909.json @@ -69,6 +69,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888" } ] }, diff --git a/2023/49xxx/CVE-2023-49910.json b/2023/49xxx/CVE-2023-49910.json index 9c0ec4d8c73..6478e9f6f72 100644 --- a/2023/49xxx/CVE-2023-49910.json +++ b/2023/49xxx/CVE-2023-49910.json @@ -69,6 +69,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888" } ] }, diff --git a/2023/49xxx/CVE-2023-49911.json b/2023/49xxx/CVE-2023-49911.json index b2eb61ef4d6..73a24bf22cb 100644 --- a/2023/49xxx/CVE-2023-49911.json +++ b/2023/49xxx/CVE-2023-49911.json @@ -69,6 +69,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888" } ] }, diff --git a/2023/49xxx/CVE-2023-49912.json b/2023/49xxx/CVE-2023-49912.json index 3bf6a5bdd94..dbdce679e04 100644 --- a/2023/49xxx/CVE-2023-49912.json +++ b/2023/49xxx/CVE-2023-49912.json @@ -69,6 +69,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888" } ] }, diff --git a/2023/49xxx/CVE-2023-49913.json b/2023/49xxx/CVE-2023-49913.json index 25d5d4422b1..b08338e7b91 100644 --- a/2023/49xxx/CVE-2023-49913.json +++ b/2023/49xxx/CVE-2023-49913.json @@ -69,6 +69,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1888" } ] }, diff --git a/2023/50xxx/CVE-2023-50347.json b/2023/50xxx/CVE-2023-50347.json index 9995962001b..f2bc74d14b5 100644 --- a/2023/50xxx/CVE-2023-50347.json +++ b/2023/50xxx/CVE-2023-50347.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50347", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "DRYiCE MyXalytics", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.9, 6.0, 6.1, 6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112318", + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112318" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/5xxx/CVE-2023-5685.json b/2023/5xxx/CVE-2023-5685.json index e11b1aa78b7..a56bfc36152 100644 --- a/2023/5xxx/CVE-2023-5685.json +++ b/2023/5xxx/CVE-2023-5685.json @@ -75,7 +75,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } } ] @@ -88,7 +88,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } } ] @@ -101,7 +101,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } } ] @@ -114,7 +114,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } } ] @@ -127,7 +127,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "unaffected" } } ] @@ -218,7 +218,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } } ] @@ -231,7 +231,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } } ] diff --git a/2023/6xxx/CVE-2023-6486.json b/2023/6xxx/CVE-2023-6486.json index 7de689f7e84..2401dda6b7c 100644 --- a/2023/6xxx/CVE-2023-6486.json +++ b/2023/6xxx/CVE-2023-6486.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6486", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "brainstormforce", + "product": { + "product_data": [ + { + "product_name": "Spectra \u2013 WordPress Gutenberg Blocks", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.10.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d4933a30-974f-487d-9444-b0ea1283a09c?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d4933a30-974f-487d-9444-b0ea1283a09c?source=cve" + }, + { + "url": "https://youtu.be/t5K745dBsT0", + "refsource": "MISC", + "name": "https://youtu.be/t5K745dBsT0" + }, + { + "url": "https://advisory.abay.sh/cve-2023-6486", + "refsource": "MISC", + "name": "https://advisory.abay.sh/cve-2023-6486" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3042670%40ultimate-addons-for-gutenberg%2Ftrunk&old=3037142%40ultimate-addons-for-gutenberg%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3042670%40ultimate-addons-for-gutenberg%2Ftrunk&old=3037142%40ultimate-addons-for-gutenberg%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Akbar Kustirama" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/6xxx/CVE-2023-6777.json b/2023/6xxx/CVE-2023-6777.json index f9a96729c70..87e20201888 100644 --- a/2023/6xxx/CVE-2023-6777.json +++ b/2023/6xxx/CVE-2023-6777.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6777", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's Google API key. While this does not affect the security of sites using this plugin, it allows unauthenticated attackers to make requests using this API key with the potential of exhausting requests resulting in an inability to use the map functionality offered by the plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Exposure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpgmaps", + "product": { + "product_data": [ + { + "product_name": "WP Go Maps (formerly WP Google Maps)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "9.0.34" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/509cccbd-3aa0-45f1-84a0-387d678ebf65?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/509cccbd-3aa0-45f1-84a0-387d678ebf65?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3058300%40wp-google-maps&new=3058300%40wp-google-maps&sfp_email=&sfph_mail=#file673", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3058300%40wp-google-maps&new=3058300%40wp-google-maps&sfp_email=&sfph_mail=#file673" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Hassan Khan Yusufzai" + }, + { + "lang": "en", + "value": "Danish Tariq" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/6xxx/CVE-2023-6799.json b/2023/6xxx/CVE-2023-6799.json index 2e479fdd4df..a45886153e2 100644 --- a/2023/6xxx/CVE-2023-6799.json +++ b/2023/6xxx/CVE-2023-6799.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6799", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Reset \u2013 Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.99 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data including site backups by brute-forcing the snapshot filenames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-330 Use of Insufficiently Random Values" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "webfactory", + "product": { + "product_data": [ + { + "product_name": "WP Reset \u2013 Most Advanced WordPress Reset Tool", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.99" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68f41e88-ed36-4361-bddd-41495a540cd9?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68f41e88-ed36-4361-bddd-41495a540cd9?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?old_path=/wp-reset/tags/1.99&old=3059287&new_path=/wp-reset/tags/2.0&new=3059287&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?old_path=/wp-reset/tags/1.99&old=3059287&new_path=/wp-reset/tags/2.0&new=3059287&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Justin Kennedy" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/6xxx/CVE-2023-6964.json b/2023/6xxx/CVE-2023-6964.json index 15cb9784774..2139432e205 100644 --- a/2023/6xxx/CVE-2023-6964.json +++ b/2023/6xxx/CVE-2023-6964.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6964", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_data' AJAX action. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918 Server-Side Request Forgery (SSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "britner", + "product": { + "product_data": [ + { + "product_name": "Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.1.26" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b01ad77f-2349-48bb-b4e9-f7cbce435de9?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b01ad77f-2349-48bb-b4e9-f7cbce435de9?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3019592%40kadence-blocks&old=2996625%40kadence-blocks&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3019592%40kadence-blocks&old=2996625%40kadence-blocks&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Lucio S\u00e1" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2023/6xxx/CVE-2023-6965.json b/2023/6xxx/CVE-2023-6965.json index 119473aa017..277be9b11b5 100644 --- a/2023/6xxx/CVE-2023-6965.json +++ b/2023/6xxx/CVE-2023-6965.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6965", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Pods \u2013 Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode. This makes it possible for authenticated attackers, with contributor access or higher, to create pods and users (with default role)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "sc0ttkclark", + "product": { + "product_data": [ + { + "product_name": "Pods \u2013 Custom Content Types and Fields", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "*", + "version_value": "2.7.31" + }, + { + "version_affected": "<", + "version_name": "2.8", + "version_value": "2.8.23.2" + }, + { + "version_affected": "<", + "version_name": "3", + "version_value": "3.0.10.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c5d330cd-ad1f-451e-bf41-39cfeb296cf0?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c5d330cd-ad1f-451e-bf41-39cfeb296cf0?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/pods/trunk/classes/PodsView.php#L750", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/pods/trunk/classes/PodsView.php#L750" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3039486%40pods%2Ftrunk&old=3039467%40pods%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3039486%40pods%2Ftrunk&old=3039467%40pods%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Nex Team" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/6xxx/CVE-2023-6967.json b/2023/6xxx/CVE-2023-6967.json index 20d5c6d195c..1860f5afea0 100644 --- a/2023/6xxx/CVE-2023-6967.json +++ b/2023/6xxx/CVE-2023-6967.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6967", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Pods \u2013 Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor level access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "sc0ttkclark", + "product": { + "product_data": [ + { + "product_name": "Pods \u2013 Custom Content Types and Fields", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "*", + "version_value": "2.7.31" + }, + { + "version_affected": "<", + "version_name": "2.8", + "version_value": "2.8.23.2" + }, + { + "version_affected": "<", + "version_name": "3", + "version_value": "3.0.10.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1aa7d0c2-27ec-47ad-8baa-c281c273078e?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1aa7d0c2-27ec-47ad-8baa-c281c273078e?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/pods/trunk/classes/PodsView.php#L750", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/pods/trunk/classes/PodsView.php#L750" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3039486%40pods%2Ftrunk&old=3039467%40pods%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3039486%40pods%2Ftrunk&old=3039467%40pods%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Nex Team" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2023/6xxx/CVE-2023-6993.json b/2023/6xxx/CVE-2023-6993.json index a4e0e907697..9b8756afc8f 100644 --- a/2023/6xxx/CVE-2023-6993.json +++ b/2023/6xxx/CVE-2023-6993.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6993", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping on user supplied post meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "totalpressorg", + "product": { + "product_data": [ + { + "product_name": "Custom post types, Custom Fields & more", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2b1449a9-6c89-4dec-8107-86cf8a295025?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2b1449a9-6c89-4dec-8107-86cf8a295025?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3063871%40custom-post-types&new=3063871%40custom-post-types&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3063871%40custom-post-types&new=3063871%40custom-post-types&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/6xxx/CVE-2023-6999.json b/2023/6xxx/CVE-2023-6999.json index 07f9c611ccf..9437e9498b5 100644 --- a/2023/6xxx/CVE-2023-6999.json +++ b/2023/6xxx/CVE-2023-6999.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6999", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Pods \u2013 Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This makes it possible for authenticated attackers, with contributor level access or higher, to execute code on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "sc0ttkclark", + "product": { + "product_data": [ + { + "product_name": "Pods \u2013 Custom Content Types and Fields", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "*", + "version_value": "2.7.31" + }, + { + "version_affected": "<", + "version_name": "2.8", + "version_value": "2.8.23.2" + }, + { + "version_affected": "<", + "version_name": "3", + "version_value": "3.0.10.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d9108d5f-7b8b-478d-ba9d-f895bdb7dbf2?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d9108d5f-7b8b-478d-ba9d-f895bdb7dbf2?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/pods/trunk/classes/PodsView.php#L750", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/pods/trunk/classes/PodsView.php#L750" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3039486%40pods%2Ftrunk&old=3039467%40pods%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3039486%40pods%2Ftrunk&old=3039467%40pods%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Nex Team" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2023/7xxx/CVE-2023-7046.json b/2023/7xxx/CVE-2023-7046.json index a0344d2aef2..843f1fd65fa 100644 --- a/2023/7xxx/CVE-2023-7046.json +++ b/2023/7xxx/CVE-2023-7046.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-7046", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Encryption \u2013 One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to extract sensitive data including TLS Certificate Private Keys" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Exposure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "gowebsmarty", + "product": { + "product_data": [ + { + "product_name": "WP Encryption \u2013 One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, Security+", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ab99751-24b7-41db-8a27-d86eda3eeee5?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ab99751-24b7-41db-8a27-d86eda3eeee5?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3066915%40wp-letsencrypt-ssl&new=3066915%40wp-letsencrypt-ssl&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3066915%40wp-letsencrypt-ssl&new=3066915%40wp-letsencrypt-ssl&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2024/0xxx/CVE-2024-0376.json b/2024/0xxx/CVE-2024-0376.json index f880690427a..e0426259265 100644 --- a/2024/0xxx/CVE-2024-0376.json +++ b/2024/0xxx/CVE-2024-0376.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0376", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "leap13", + "product": { + "product_data": [ + { + "product_name": "Premium Addons for Elementor", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.10.16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f9eb9cb-ead9-4ddf-b40b-a0ce2f4910f6?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f9eb9cb-ead9-4ddf-b40b-a0ce2f4910f6?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3022824/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3022824/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Craig Smith" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0588.json b/2024/0xxx/CVE-2024-0588.json index a438f89814b..bfa94a28e20 100644 --- a/2024/0xxx/CVE-2024-0588.json +++ b/2024/0xxx/CVE-2024-0588.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0588", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This makes it possible for unauthenticated attackers to enable the streamline setting with Lifter LMS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "strangerstudios", + "product": { + "product_data": [ + { + "product_name": "Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.12.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd87d34-2e7f-4c75-8816-b39820309077?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd87d34-2e7f-4c75-8816-b39820309077?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3058329/paid-memberships-pro/tags/3.0/includes/compatibility/lifterlms.php?old=2952976&old_path=paid-memberships-pro/trunk/includes/compatibility/lifterlms.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3058329/paid-memberships-pro/tags/3.0/includes/compatibility/lifterlms.php?old=2952976&old_path=paid-memberships-pro/trunk/includes/compatibility/lifterlms.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Kodai Kubono" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0598.json b/2024/0xxx/CVE-2024-0598.json index 34652183f8f..343d57b8bcc 100644 --- a/2024/0xxx/CVE-2024-0598.json +++ b/2024/0xxx/CVE-2024-0598.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0598", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "britner", + "product": { + "product_data": [ + { + "product_name": "Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.2.17" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/989bd778-c7b2-41c5-ac4a-2f1a4e594f0d?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/989bd778-c7b2-41c5-ac4a-2f1a4e594f0d?source=cve" + }, + { + "url": "https://advisory.abay.sh/cve-2024-0598", + "refsource": "MISC", + "name": "https://advisory.abay.sh/cve-2024-0598" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3023068%40kadence-blocks&new=3023068%40kadence-blocks&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3023068%40kadence-blocks&new=3023068%40kadence-blocks&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Akbar Kustirama" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0626.json b/2024/0xxx/CVE-2024-0626.json index 252e6fa80ca..ec1f9354cca 100644 --- a/2024/0xxx/CVE-2024-0626.json +++ b/2024/0xxx/CVE-2024-0626.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0626", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callback_handler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark orders as paid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "elbanyaoui", + "product": { + "product_data": [ + { + "product_name": "WooCommerce Clover Payment Gateway", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/57aacffa-0f49-4a33-ae40-d1c151363284?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/57aacffa-0f49-4a33-ae40-d1c151363284?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woo-clover-gateway-by-zaytech/trunk/zaytech-woo-commerce-clover-integration.php?rev=2998654#L218", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/woo-clover-gateway-by-zaytech/trunk/zaytech-woo-commerce-clover-integration.php?rev=2998654#L218" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3055678%40woo-clover-gateway-by-zaytech%2Ftrunk&old=2998658%40woo-clover-gateway-by-zaytech%2Ftrunk&sfp_email=&sfph_mail=#file3", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3055678%40woo-clover-gateway-by-zaytech%2Ftrunk&old=2998658%40woo-clover-gateway-by-zaytech%2Ftrunk&sfp_email=&sfph_mail=#file3" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0662.json b/2024/0xxx/CVE-2024-0662.json index 9892785eff8..81798131499 100644 --- a/2024/0xxx/CVE-2024-0662.json +++ b/2024/0xxx/CVE-2024-0662.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0662", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "colorlibplugins", + "product": { + "product_data": [ + { + "product_name": "FancyBox for WordPress", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "3.0.2", + "version_value": "3.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/55f8d7e6-7bcd-4556-932b-7bf422db0b39?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/55f8d7e6-7bcd-4556-932b-7bf422db0b39?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3058912%40fancybox-for-wordpress&new=3058912%40fancybox-for-wordpress&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3058912%40fancybox-for-wordpress&new=3058912%40fancybox-for-wordpress&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Sh" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/22xxx/CVE-2024-22423.json b/2024/22xxx/CVE-2024-22423.json index 7714d351aeb..5a94a93e01a 100644 --- a/2024/22xxx/CVE-2024-22423.json +++ b/2024/22xxx/CVE-2024-22423.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22423", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2024.04.09 fixes this issue by properly escaping `%`. It replaces them with `%%cd:~,%`, a variable that expands to nothing, leaving only the leading percent. It is recommended to upgrade yt-dlp to version 2024.04.09 as soon as possible. Also, always be careful when using `--exec`, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade, avoid using any output template expansion in `--exec` other than `{}` (filepath); if expansion in `--exec` is needed, verify the fields you are using do not contain `\"`, `|` or `&`; and/or instead of using `--exec`, write the info json and load the fields from it instead." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "yt-dlp", + "product": { + "product_data": [ + { + "product_name": "yt-dlp", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 2021.04.11, < 2024.04.09" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p", + "refsource": "MISC", + "name": "https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p" + }, + { + "url": "https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg", + "refsource": "MISC", + "name": "https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg" + }, + { + "url": "https://github.com/yt-dlp/yt-dlp/commit/de015e930747165dbb8fcd360f8775fd973b7d6e", + "refsource": "MISC", + "name": "https://github.com/yt-dlp/yt-dlp/commit/de015e930747165dbb8fcd360f8775fd973b7d6e" + }, + { + "url": "https://github.com/yt-dlp/yt-dlp/commit/ff07792676f404ffff6ee61b5638c9dc1a33a37a", + "refsource": "MISC", + "name": "https://github.com/yt-dlp/yt-dlp/commit/ff07792676f404ffff6ee61b5638c9dc1a33a37a" + }, + { + "url": "https://github.com/yt-dlp/yt-dlp/releases/tag/2021.04.11", + "refsource": "MISC", + "name": "https://github.com/yt-dlp/yt-dlp/releases/tag/2021.04.11" + }, + { + "url": "https://github.com/yt-dlp/yt-dlp/releases/tag/2024.04.09", + "refsource": "MISC", + "name": "https://github.com/yt-dlp/yt-dlp/releases/tag/2024.04.09" + } + ] + }, + "source": { + "advisory": "GHSA-hjq6-52gw-2g7p", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/24xxx/CVE-2024-24245.json b/2024/24xxx/CVE-2024-24245.json index 997d83b24b7..c6c78c0cd59 100644 --- a/2024/24xxx/CVE-2024-24245.json +++ b/2024/24xxx/CVE-2024-24245.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24245", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24245", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.clamxav.com/version-history/", + "url": "https://www.clamxav.com/version-history/" } ] } diff --git a/2024/24xxx/CVE-2024-24576.json b/2024/24xxx/CVE-2024-24576.json index dc712db93c2..e5ffbf55118 100644 --- a/2024/24xxx/CVE-2024-24576.json +++ b/2024/24xxx/CVE-2024-24576.json @@ -1,17 +1,129 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24576", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected.\n\nThe `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument.\n\nOn Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it's up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted.\n\nOne exception though is `cmd.exe` (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution.\n\nDue to the complexity of `cmd.exe`, we didn't identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the `Command` API to return an [`InvalidInput`][4] error when it cannot safely escape an argument. This error will be emitted when spawning the process.\n\nThe fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the `CommandExt::raw_arg` method to bypass the standard library's escaping logic. " + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + "cweId": "CWE-88" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rust-lang", + "product": { + "product_data": [ + { + "product_name": "rust", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.77.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh", + "refsource": "MISC", + "name": "https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh" + }, + { + "url": "https://doc.rust-lang.org/std/io/enum.ErrorKind.html#variant.InvalidInput", + "refsource": "MISC", + "name": "https://doc.rust-lang.org/std/io/enum.ErrorKind.html#variant.InvalidInput" + }, + { + "url": "https://doc.rust-lang.org/std/os/windows/process/trait.CommandExt.html#tymethod.raw_arg", + "refsource": "MISC", + "name": "https://doc.rust-lang.org/std/os/windows/process/trait.CommandExt.html#tymethod.raw_arg" + }, + { + "url": "https://doc.rust-lang.org/std/process/struct.Command.html", + "refsource": "MISC", + "name": "https://doc.rust-lang.org/std/process/struct.Command.html" + }, + { + "url": "https://doc.rust-lang.org/std/process/struct.Command.html#method.arg", + "refsource": "MISC", + "name": "https://doc.rust-lang.org/std/process/struct.Command.html#method.arg" + }, + { + "url": "https://doc.rust-lang.org/std/process/struct.Command.html#method.args", + "refsource": "MISC", + "name": "https://doc.rust-lang.org/std/process/struct.Command.html#method.args" + }, + { + "url": "https://github.com/rust-lang/rust/issues", + "refsource": "MISC", + "name": "https://github.com/rust-lang/rust/issues" + }, + { + "url": "https://www.rust-lang.org/policies/security", + "refsource": "MISC", + "name": "https://www.rust-lang.org/policies/security" + } + ] + }, + "source": { + "advisory": "GHSA-q455-m56c-85mh", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/25xxx/CVE-2024-25115.json b/2024/25xxx/CVE-2024-25115.json index 65dc0aa3501..bab4f4cb5d3 100644 --- a/2024/25xxx/CVE-2024-25115.json +++ b/2024/25xxx/CVE-2024-25115.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25115", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "RedisBloom", + "product": { + "product_data": [ + { + "product_name": "RedisBloom", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 2.0.0, < 2.4.7" + }, + { + "version_affected": "=", + "version_value": ">= 2.5.0, < 2.6.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-w583-p2wh-4vj5", + "refsource": "MISC", + "name": "https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-w583-p2wh-4vj5" + }, + { + "url": "https://github.com/RedisBloom/RedisBloom/commit/2f3b38394515fc6c9b130679bcd2435a796a49ad", + "refsource": "MISC", + "name": "https://github.com/RedisBloom/RedisBloom/commit/2f3b38394515fc6c9b130679bcd2435a796a49ad" + } + ] + }, + "source": { + "advisory": "GHSA-w583-p2wh-4vj5", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/25xxx/CVE-2024-25116.json b/2024/25xxx/CVE-2024-25116.json index 09fc28e45cb..e63c6ec3b95 100644 --- a/2024/25xxx/CVE-2024-25116.json +++ b/2024/25xxx/CVE-2024-25116.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25116", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7 and 2.6.10." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "RedisBloom", + "product": { + "product_data": [ + { + "product_name": "RedisBloom", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 2.0.0, < 2.4.7" + }, + { + "version_affected": "=", + "version_value": ">= 2.5.0, < 2.6.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-wrwq-cfrx-pmg4", + "refsource": "MISC", + "name": "https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-wrwq-cfrx-pmg4" + }, + { + "url": "https://github.com/RedisBloom/RedisBloom/commit/61d980a429050637f1af9fe919a880800a824f2a", + "refsource": "MISC", + "name": "https://github.com/RedisBloom/RedisBloom/commit/61d980a429050637f1af9fe919a880800a824f2a" + } + ] + }, + "source": { + "advisory": "GHSA-wrwq-cfrx-pmg4", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/26xxx/CVE-2024-26234.json b/2024/26xxx/CVE-2024-26234.json index c52f5acc862..7ee435ab8ec 100644 --- a/2024/26xxx/CVE-2024-26234.json +++ b/2024/26xxx/CVE-2024-26234.json @@ -344,7 +344,7 @@ "version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 6.7, - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C" } ] } diff --git a/2024/2xxx/CVE-2024-2918.json b/2024/2xxx/CVE-2024-2918.json index 3549154263d..c3a20a3568a 100644 --- a/2024/2xxx/CVE-2024-2918.json +++ b/2024/2xxx/CVE-2024-2918.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2918", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@devolutions.net", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a specially crafted request.\n\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Devolutions", + "product": { + "product_data": [ + { + "product_name": "Server", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.1.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://devolutions.net/security/advisories/DEVO-2024-0006", + "refsource": "MISC", + "name": "https://devolutions.net/security/advisories/DEVO-2024-0006" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30702.json b/2024/30xxx/CVE-2024-30702.json index 93b35317cbe..128498e9bc0 100644 --- a/2024/30xxx/CVE-2024-30702.json +++ b/2024/30xxx/CVE-2024-30702.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30702", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30702", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS2 system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/yashpatelphd/CVE-2024-30702", + "url": "https://github.com/yashpatelphd/CVE-2024-30702" } ] } diff --git a/2024/30xxx/CVE-2024-30703.json b/2024/30xxx/CVE-2024-30703.json index c5c5bcf710b..17f4a3bb050 100644 --- a/2024/30xxx/CVE-2024-30703.json +++ b/2024/30xxx/CVE-2024-30703.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30703", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30703", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file upload vulnerability has been discovered in ROS2 (Robot Operating System 2) Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via a crafted payload to the file upload mechanism of the ROS2 system, including the server\u2019s functionality for handling file uploads and the associated validation processes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/yashpatelphd/CVE-2024-30703", + "url": "https://github.com/yashpatelphd/CVE-2024-30703" } ] } diff --git a/2024/30xxx/CVE-2024-30704.json b/2024/30xxx/CVE-2024-30704.json index 0d21ee48789..6db59a0d458 100644 --- a/2024/30xxx/CVE-2024-30704.json +++ b/2024/30xxx/CVE-2024-30704.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30704", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30704", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An insecure deserialization vulnerability has been identified in ROS2 Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code and obtain sensitive information via crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/yashpatelphd/CVE-2024-30704", + "url": "https://github.com/yashpatelphd/CVE-2024-30704" } ] } diff --git a/2024/30xxx/CVE-2024-30706.json b/2024/30xxx/CVE-2024-30706.json index ab0827fc993..498439c56c3 100644 --- a/2024/30xxx/CVE-2024-30706.json +++ b/2024/30xxx/CVE-2024-30706.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30706", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30706", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in ROS2 Dashing Diademata versions ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3, allows remote attackers to execute arbitrary code, escalate privileges, obtain sensitive information, and gain unauthorized access to multiple ROS2 nodes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/yashpatelphd/CVE-2024-30706", + "url": "https://github.com/yashpatelphd/CVE-2024-30706" } ] } diff --git a/2024/30xxx/CVE-2024-30712.json b/2024/30xxx/CVE-2024-30712.json index ed9e52cd4ca..775b5c05878 100644 --- a/2024/30xxx/CVE-2024-30712.json +++ b/2024/30xxx/CVE-2024-30712.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30712", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30712", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/yashpatelphd/CVE-2024-30712", + "url": "https://github.com/yashpatelphd/CVE-2024-30712" } ] } diff --git a/2024/30xxx/CVE-2024-30713.json b/2024/30xxx/CVE-2024-30713.json index 9e2db3e40b5..08cf5904121 100644 --- a/2024/30xxx/CVE-2024-30713.json +++ b/2024/30xxx/CVE-2024-30713.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30713", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30713", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An OS command injection vulnerability has been discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the External Command Execution Modules, System Call Handlers, and Interface Scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/yashpatelphd/CVE-2024-30713", + "url": "https://github.com/yashpatelphd/CVE-2024-30713" } ] } diff --git a/2024/30xxx/CVE-2024-30715.json b/2024/30xxx/CVE-2024-30715.json index 1da891f1de9..15ffb123e04 100644 --- a/2024/30xxx/CVE-2024-30715.json +++ b/2024/30xxx/CVE-2024-30715.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30715", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30715", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via improper handling of arrays or strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/yashpatelphd/CVE-2024-30715", + "url": "https://github.com/yashpatelphd/CVE-2024-30715" } ] } diff --git a/2024/30xxx/CVE-2024-30716.json b/2024/30xxx/CVE-2024-30716.json index 1ad5a6bd13a..140954878fa 100644 --- a/2024/30xxx/CVE-2024-30716.json +++ b/2024/30xxx/CVE-2024-30716.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30716", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30716", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An insecure logging vulnerability in ROS2 Dashing Diademata ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attacks to obtain sensitive information via inadequate security measures implemented within the logging mechanisms of ROS2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/yashpatelphd/CVE-2024-30716", + "url": "https://github.com/yashpatelphd/CVE-2024-30716" } ] } diff --git a/2024/30xxx/CVE-2024-30718.json b/2024/30xxx/CVE-2024-30718.json index 4bad04ee5cd..7780612a569 100644 --- a/2024/30xxx/CVE-2024-30718.json +++ b/2024/30xxx/CVE-2024-30718.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30718", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30718", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION=2 and ROS_PYTHON_VERSION=3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS2 system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/yashpatelphd/CVE-2024-30718", + "url": "https://github.com/yashpatelphd/CVE-2024-30718" } ] } diff --git a/2024/30xxx/CVE-2024-30719.json b/2024/30xxx/CVE-2024-30719.json index 89bd720113d..20ba3d517ee 100644 --- a/2024/30xxx/CVE-2024-30719.json +++ b/2024/30xxx/CVE-2024-30719.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30719", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30719", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An insecure deserialization vulnerability has been identified in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code and obtain sensitive information via Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/yashpatelphd/CVE-2024-30719", + "url": "https://github.com/yashpatelphd/CVE-2024-30719" } ] } diff --git a/2024/30xxx/CVE-2024-30721.json b/2024/30xxx/CVE-2024-30721.json index 9d8bc5c17c2..759c7d3fb56 100644 --- a/2024/30xxx/CVE-2024-30721.json +++ b/2024/30xxx/CVE-2024-30721.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30721", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30721", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file upload vulnerability has been discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via a crafted payload to the file upload mechanism of the ROS2 system, including the server\u2019s functionality for handling file uploads and the associated validation processes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/yashpatelphd/CVE-2024-30721", + "url": "https://github.com/yashpatelphd/CVE-2024-30721" } ] } diff --git a/2024/30xxx/CVE-2024-30722.json b/2024/30xxx/CVE-2024-30722.json index 3495063f359..aed336ba13d 100644 --- a/2024/30xxx/CVE-2024-30722.json +++ b/2024/30xxx/CVE-2024-30722.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30722", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30722", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows remote attackers to cause a denial of service (DoS) via the ROS nodes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/yashpatelphd/CVE-2024-30722", + "url": "https://github.com/yashpatelphd/CVE-2024-30722" } ] } diff --git a/2024/30xxx/CVE-2024-30723.json b/2024/30xxx/CVE-2024-30723.json index f1a7778b91d..35a9e533062 100644 --- a/2024/30xxx/CVE-2024-30723.json +++ b/2024/30xxx/CVE-2024-30723.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30723", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30723", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unauthorized node injection vulnerability has been identified in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows remote attackers to escalate privileges and inject malicious ROS nodes into the system due to insecure permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/yashpatelphd/CVE-2024-30723", + "url": "https://github.com/yashpatelphd/CVE-2024-30723" } ] } diff --git a/2024/31xxx/CVE-2024-31230.json b/2024/31xxx/CVE-2024-31230.json index 4d6b9040ad0..fa2c092c559 100644 --- a/2024/31xxx/CVE-2024-31230.json +++ b/2024/31xxx/CVE-2024-31230.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31230", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.2.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ShortPixel", + "product": { + "product_data": [ + { + "product_name": "ShortPixel Adaptive Images", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.8.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.8.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-plugin-3-8-2-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-plugin-3-8-2-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.8.3 or a higher version." + } + ], + "value": "Update to 3.8.3 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/31xxx/CVE-2024-31242.json b/2024/31xxx/CVE-2024-31242.json index 5512d85f759..782721f0dbf 100644 --- a/2024/31xxx/CVE-2024-31242.json +++ b/2024/31xxx/CVE-2024-31242.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31242", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bricksforge", + "product": { + "product_data": [ + { + "product_name": "Bricksforge", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.1.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.0.17", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/bricksforge/wordpress-bricksforge-plugin-2-0-17-unauthenticated-arbitrary-email-sending-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/bricksforge/wordpress-bricksforge-plugin-2-0-17-unauthenticated-arbitrary-email-sending-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.1.1 or a higher version." + } + ], + "value": "Update to 2.1.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dave Jong (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/31xxx/CVE-2024-31457.json b/2024/31xxx/CVE-2024-31457.json index 9133eb3ee78..a36b7441cd6 100644 --- a/2024/31xxx/CVE-2024-31457.json +++ b/2024/31xxx/CVE-2024-31457.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31457", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the Plugin System -> Plugin Template feature, an attacker can perform directory traversal by manipulating the `plugName` parameter. They can create specific folders such as `api`, `config`, `global`, `model`, `router`, `service`, and `main.go` function within the specified traversal directory. Moreover, the Go files within these folders can have arbitrary code inserted based on a specific PoC parameter. The main reason for the existence of this vulnerability is the controllability of the PlugName field within the struct. Pseudoversion 0.0.0-20240409100909-b1b7427c6ea6, corresponding to commit b1b7427c6ea6c7a027fa188c6be557f3795e732b, contains a patch for the issue. As a workaround, one may manually use a filtering method available in the GitHub Security Advisory to rectify the directory traversal problem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "flipped-aurora", + "product": { + "product_data": [ + { + "product_name": "gin-vue-admin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 0.0.0-20240409100909-b1b7427c6ea6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-gv3w-m57p-3wc4", + "refsource": "MISC", + "name": "https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-gv3w-m57p-3wc4" + }, + { + "url": "https://github.com/flipped-aurora/gin-vue-admin/commit/b1b7427c6ea6c7a027fa188c6be557f3795e732b", + "refsource": "MISC", + "name": "https://github.com/flipped-aurora/gin-vue-admin/commit/b1b7427c6ea6c7a027fa188c6be557f3795e732b" + }, + { + "url": "https://pkg.go.dev/github.com/flipped-aurora/gin-vue-admin/server?tab=versions", + "refsource": "MISC", + "name": "https://pkg.go.dev/github.com/flipped-aurora/gin-vue-admin/server?tab=versions" + } + ] + }, + "source": { + "advisory": "GHSA-gv3w-m57p-3wc4", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/31xxx/CVE-2024-31943.json b/2024/31xxx/CVE-2024-31943.json index 260da447527..08003fa0fe3 100644 --- a/2024/31xxx/CVE-2024-31943.json +++ b/2024/31xxx/CVE-2024-31943.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31943", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce \u2013 Live Rates.This issue affects USPS Shipping for WooCommerce \u2013 Live Rates: from n/a through 1.9.2.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Octolize", + "product": { + "product_data": [ + { + "product_name": "USPS Shipping for WooCommerce \u2013 Live Rates", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.9.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.9.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/flexible-shipping-usps/wordpress-usps-shipping-for-woocommerce-plugin-1-9-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/flexible-shipping-usps/wordpress-usps-shipping-for-woocommerce-plugin-1-9-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.9.3 or a higher version." + } + ], + "value": "Update to 1.9.3 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/31xxx/CVE-2024-31944.json b/2024/31xxx/CVE-2024-31944.json index 2e67a5d7f75..5bc625d4df3 100644 --- a/2024/31xxx/CVE-2024-31944.json +++ b/2024/31xxx/CVE-2024-31944.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31944", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping \u2013 Live Rates and Access Points.This issue affects WooCommerce UPS Shipping \u2013 Live Rates and Access Points: from n/a through 2.2.4.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Octolize", + "product": { + "product_data": [ + { + "product_name": "WooCommerce UPS Shipping \u2013 Live Rates and Access Points", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.2.5 ", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.2.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/flexible-shipping-ups/wordpress-woocommerce-ups-shipping-plugin-2-2-4-cross-site-request-forgery-csrf-leading-to-notice-dismissal-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/flexible-shipping-ups/wordpress-woocommerce-ups-shipping-plugin-2-2-4-cross-site-request-forgery-csrf-leading-to-notice-dismissal-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.2.5 or a higher version." + } + ], + "value": "Update to 2.2.5 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/32xxx/CVE-2024-32017.json b/2024/32xxx/CVE-2024-32017.json new file mode 100644 index 00000000000..d6512ec93e9 --- /dev/null +++ b/2024/32xxx/CVE-2024-32017.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-32017", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/32xxx/CVE-2024-32018.json b/2024/32xxx/CVE-2024-32018.json new file mode 100644 index 00000000000..4d5bb66664b --- /dev/null +++ b/2024/32xxx/CVE-2024-32018.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-32018", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/32xxx/CVE-2024-32019.json b/2024/32xxx/CVE-2024-32019.json new file mode 100644 index 00000000000..d0391ae5930 --- /dev/null +++ b/2024/32xxx/CVE-2024-32019.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-32019", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/32xxx/CVE-2024-32020.json b/2024/32xxx/CVE-2024-32020.json new file mode 100644 index 00000000000..7a03c51b015 --- /dev/null +++ b/2024/32xxx/CVE-2024-32020.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-32020", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/32xxx/CVE-2024-32021.json b/2024/32xxx/CVE-2024-32021.json new file mode 100644 index 00000000000..982f211b981 --- /dev/null +++ b/2024/32xxx/CVE-2024-32021.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-32021", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/32xxx/CVE-2024-32022.json b/2024/32xxx/CVE-2024-32022.json new file mode 100644 index 00000000000..a72aed7ef38 --- /dev/null +++ b/2024/32xxx/CVE-2024-32022.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-32022", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/32xxx/CVE-2024-32023.json b/2024/32xxx/CVE-2024-32023.json new file mode 100644 index 00000000000..d72607e0fbb --- /dev/null +++ b/2024/32xxx/CVE-2024-32023.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-32023", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/32xxx/CVE-2024-32024.json b/2024/32xxx/CVE-2024-32024.json new file mode 100644 index 00000000000..83b8ea7eba6 --- /dev/null +++ b/2024/32xxx/CVE-2024-32024.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-32024", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/32xxx/CVE-2024-32025.json b/2024/32xxx/CVE-2024-32025.json new file mode 100644 index 00000000000..0f7e2430c3d --- /dev/null +++ b/2024/32xxx/CVE-2024-32025.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-32025", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/32xxx/CVE-2024-32026.json b/2024/32xxx/CVE-2024-32026.json new file mode 100644 index 00000000000..13f3a648b0a --- /dev/null +++ b/2024/32xxx/CVE-2024-32026.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-32026", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/32xxx/CVE-2024-32027.json b/2024/32xxx/CVE-2024-32027.json new file mode 100644 index 00000000000..865ff4b8be4 --- /dev/null +++ b/2024/32xxx/CVE-2024-32027.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-32027", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/32xxx/CVE-2024-32028.json b/2024/32xxx/CVE-2024-32028.json new file mode 100644 index 00000000000..a143e756909 --- /dev/null +++ b/2024/32xxx/CVE-2024-32028.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-32028", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/32xxx/CVE-2024-32029.json b/2024/32xxx/CVE-2024-32029.json new file mode 100644 index 00000000000..8ffce10da5b --- /dev/null +++ b/2024/32xxx/CVE-2024-32029.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-32029", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/32xxx/CVE-2024-32030.json b/2024/32xxx/CVE-2024-32030.json new file mode 100644 index 00000000000..d19d98a8ab9 --- /dev/null +++ b/2024/32xxx/CVE-2024-32030.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-32030", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3281.json b/2024/3xxx/CVE-2024-3281.json index 0a0aa5850bb..5e54f5b9db0 100644 --- a/2024/3xxx/CVE-2024-3281.json +++ b/2024/3xxx/CVE-2024-3281.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3281", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized actor." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "Poly CCX devices", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See HP Security Bulletin reference for affected versions." + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_10388650-10388701-16/hpsbpy03929", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_10388650-10388701-16/hpsbpy03929" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.15" } } \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3313.json b/2024/3xxx/CVE-2024-3313.json index dfe4ea67a0e..d11f679e521 100644 --- a/2024/3xxx/CVE-2024-3313.json +++ b/2024/3xxx/CVE-2024-3313.json @@ -1,17 +1,120 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3313", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SUBNET Solutions Inc. has identified vulnerabilities in third-party \ncomponents used in PowerSYSTEM Server 2021 and Substation Server 2021.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1357", + "cweId": "CWE-1357" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SUBNET Solutions", + "product": { + "product_data": [ + { + "product_name": "PowerSYSTEM Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.07.00" + } + ] + } + }, + { + "product_name": "Substation Server 2021", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.07.00" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-100-01", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-100-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "ICSA-24-100-01", + "discovery": "INTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\nSubnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of PowerSYSTEM Server and \nSubstation Server 2021. Users are advised to update to version \n4.09.00.927 or newer. To obtain this software, contact Subnet Solution's Customer Service.\n\n
" + } + ], + "value": "Subnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of PowerSYSTEM Server and \nSubstation Server 2021. Users are advised to update to version \n4.09.00.927 or newer. To obtain this software, contact Subnet Solution's Customer Service. https://subnet.com/contact/ \n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "SUBNET Solutions reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3517.json b/2024/3xxx/CVE-2024-3517.json new file mode 100644 index 00000000000..dece88ba22b --- /dev/null +++ b/2024/3xxx/CVE-2024-3517.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3517", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3521.json b/2024/3xxx/CVE-2024-3521.json index 73cddb8e2fc..13f2d1a000b 100644 --- a/2024/3xxx/CVE-2024-3521.json +++ b/2024/3xxx/CVE-2024-3521.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3521", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Byzoro Smart S80 Management Platform up to 20240317. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in Byzoro Smart S80 Management Platform bis 20240317 ausgemacht. Dies betrifft einen unbekannten Teil der Datei /useratte/userattestation.php. Mittels Manipulieren des Arguments web_img mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Byzoro", + "product": { + "product_data": [ + { + "product_name": "Smart S80 Management Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20240317" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.259892", + "refsource": "MISC", + "name": "https://vuldb.com/?id.259892" + }, + { + "url": "https://vuldb.com/?ctiid.259892", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.259892" + }, + { + "url": "https://vuldb.com/?submit.308509", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.308509" + }, + { + "url": "https://github.com/garboa/cve_3/blob/main/Upload2.md", + "refsource": "MISC", + "name": "https://github.com/garboa/cve_3/blob/main/Upload2.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Guo Jiabao (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.7, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] } diff --git a/2024/3xxx/CVE-2024-3522.json b/2024/3xxx/CVE-2024-3522.json index f54d2f0b507..8eab26d29c6 100644 --- a/2024/3xxx/CVE-2024-3522.json +++ b/2024/3xxx/CVE-2024-3522.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3522", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in Campcodes Online Event Management System 1.0. This affects an unknown part of the file /api/process.php. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259893 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Campcodes Online Event Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /api/process.php. Durch das Manipulieren des Arguments userId mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Online Event Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.259893", + "refsource": "MISC", + "name": "https://vuldb.com/?id.259893" + }, + { + "url": "https://vuldb.com/?ctiid.259893", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.259893" + }, + { + "url": "https://vuldb.com/?submit.312504", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.312504" + }, + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Online%20Event%20Management%20System/Online%20Event%20Management%20System%20-%20vuln%201.pdf", + "refsource": "MISC", + "name": "https://github.com/E1CHO/cve_hub/blob/main/Online%20Event%20Management%20System/Online%20Event%20Management%20System%20-%20vuln%201.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/3xxx/CVE-2024-3523.json b/2024/3xxx/CVE-2024-3523.json index 7fd4d6d6a0e..db343c88f72 100644 --- a/2024/3xxx/CVE-2024-3523.json +++ b/2024/3xxx/CVE-2024-3523.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3523", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in Campcodes Online Event Management System 1.0. This vulnerability affects unknown code of the file /views/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259894 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In Campcodes Online Event Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /views/index.php. Durch Manipulieren des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Online Event Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.259894", + "refsource": "MISC", + "name": "https://vuldb.com/?id.259894" + }, + { + "url": "https://vuldb.com/?ctiid.259894", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.259894" + }, + { + "url": "https://vuldb.com/?submit.312505", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.312505" + }, + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Online%20Event%20Management%20System/Online%20Event%20Management%20System%20-%20vuln%202.pdf", + "refsource": "MISC", + "name": "https://github.com/E1CHO/cve_hub/blob/main/Online%20Event%20Management%20System/Online%20Event%20Management%20System%20-%20vuln%202.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/3xxx/CVE-2024-3524.json b/2024/3xxx/CVE-2024-3524.json index 5136ceecaf7..bd18d812358 100644 --- a/2024/3xxx/CVE-2024-3524.json +++ b/2024/3xxx/CVE-2024-3524.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3524", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in Campcodes Online Event Management System 1.0. This issue affects some unknown processing of the file /views/process.php. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259895." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Campcodes Online Event Management System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei /views/process.php. Durch das Beeinflussen des Arguments name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Online Event Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.259895", + "refsource": "MISC", + "name": "https://vuldb.com/?id.259895" + }, + { + "url": "https://vuldb.com/?ctiid.259895", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.259895" + }, + { + "url": "https://vuldb.com/?submit.312506", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.312506" + }, + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Online%20Event%20Management%20System/Online%20Event%20Management%20System%20-%20vuln%203.pdf", + "refsource": "MISC", + "name": "https://github.com/E1CHO/cve_hub/blob/main/Online%20Event%20Management%20System/Online%20Event%20Management%20System%20-%20vuln%203.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2024/3xxx/CVE-2024-3531.json b/2024/3xxx/CVE-2024-3531.json index 6732e2471a5..efacc0aae8e 100644 --- a/2024/3xxx/CVE-2024-3531.json +++ b/2024/3xxx/CVE-2024-3531.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3531", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file courses_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259901 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Campcodes Complete Online Student Management System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei courses_view.php. Durch Manipulation des Arguments FirstRecord mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Complete Online Student Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.259901", + "refsource": "MISC", + "name": "https://vuldb.com/?id.259901" + }, + { + "url": "https://vuldb.com/?ctiid.259901", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.259901" + }, + { + "url": "https://vuldb.com/?submit.312522", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.312522" + }, + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Student%20Management%20System/Complete%20Online%20Student%20Management%20System%20-%20vuln%204.pdf", + "refsource": "MISC", + "name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Student%20Management%20System/Complete%20Online%20Student%20Management%20System%20-%20vuln%204.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2024/3xxx/CVE-2024-3532.json b/2024/3xxx/CVE-2024-3532.json index 3d5edd06333..21b7f31c1e5 100644 --- a/2024/3xxx/CVE-2024-3532.json +++ b/2024/3xxx/CVE-2024-3532.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3532", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in Campcodes Complete Online Student Management System 1.0. Affected is an unknown function of the file attendance_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259902 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in Campcodes Complete Online Student Management System 1.0 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Datei attendance_view.php. Mittels dem Manipulieren des Arguments FirstRecord mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Complete Online Student Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.259902", + "refsource": "MISC", + "name": "https://vuldb.com/?id.259902" + }, + { + "url": "https://vuldb.com/?ctiid.259902", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.259902" + }, + { + "url": "https://vuldb.com/?submit.312523", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.312523" + }, + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Student%20Management%20System/Complete%20Online%20Student%20Management%20System%20-%20vuln%205.pdf", + "refsource": "MISC", + "name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Student%20Management%20System/Complete%20Online%20Student%20Management%20System%20-%20vuln%205.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2024/3xxx/CVE-2024-3533.json b/2024/3xxx/CVE-2024-3533.json index 162a8e53c87..db8341d584b 100644 --- a/2024/3xxx/CVE-2024-3533.json +++ b/2024/3xxx/CVE-2024-3533.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3533", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in Campcodes Complete Online Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file academic_year_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259903." + }, + { + "lang": "deu", + "value": "In Campcodes Complete Online Student Management System 1.0 wurde eine problematische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei academic_year_view.php. Mittels Manipulieren des Arguments FirstRecord mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Complete Online Student Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.259903", + "refsource": "MISC", + "name": "https://vuldb.com/?id.259903" + }, + { + "url": "https://vuldb.com/?ctiid.259903", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.259903" + }, + { + "url": "https://vuldb.com/?submit.312524", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.312524" + }, + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Student%20Management%20System/Complete%20Online%20Student%20Management%20System%20-%20vuln%206.pdf", + "refsource": "MISC", + "name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Student%20Management%20System/Complete%20Online%20Student%20Management%20System%20-%20vuln%206.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2024/3xxx/CVE-2024-3534.json b/2024/3xxx/CVE-2024-3534.json index a7c2992c300..af625d70314 100644 --- a/2024/3xxx/CVE-2024-3534.json +++ b/2024/3xxx/CVE-2024-3534.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3534", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in Campcodes Church Management System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259904." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in Campcodes Church Management System 1.0 entdeckt. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei login.php. Durch das Manipulieren des Arguments password mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Church Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.259904", + "refsource": "MISC", + "name": "https://vuldb.com/?id.259904" + }, + { + "url": "https://vuldb.com/?ctiid.259904", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.259904" + }, + { + "url": "https://vuldb.com/?submit.312535", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.312535" + }, + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Church%20Management%20System/Church%20Management%20System%20-%20vuln%201.pdf", + "refsource": "MISC", + "name": "https://github.com/E1CHO/cve_hub/blob/main/Church%20Management%20System/Church%20Management%20System%20-%20vuln%201.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2024/3xxx/CVE-2024-3543.json b/2024/3xxx/CVE-2024-3543.json new file mode 100644 index 00000000000..9704c72029b --- /dev/null +++ b/2024/3xxx/CVE-2024-3543.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3543", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3544.json b/2024/3xxx/CVE-2024-3544.json new file mode 100644 index 00000000000..f654d384e71 --- /dev/null +++ b/2024/3xxx/CVE-2024-3544.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3544", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3545.json b/2024/3xxx/CVE-2024-3545.json index cb61eca65c1..f53e78873d1 100644 --- a/2024/3xxx/CVE-2024-3545.json +++ b/2024/3xxx/CVE-2024-3545.json @@ -1,82 +1,18 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3545", - "ASSIGNER": "security@devolutions.net", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.\n\n" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Devolutions", - "product": { - "product_data": [ - { - "product_name": "Server", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "0", - "version_value": "2024.1.8.0" - } - ] - } - }, - { - "product_name": "Remote Desktop Manager", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "0", - "version_value": "2024.1.20.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://devolutions.net/security/advisories/DEVO-2024-0006", - "refsource": "MISC", - "name": "https://devolutions.net/security/advisories/DEVO-2024-0006" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3556.json b/2024/3xxx/CVE-2024-3556.json index d28b2e19248..1aec9d75ea9 100644 --- a/2024/3xxx/CVE-2024-3556.json +++ b/2024/3xxx/CVE-2024-3556.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3556", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** Duplicate of CVE-2024-3557" } ] } diff --git a/2024/3xxx/CVE-2024-3557.json b/2024/3xxx/CVE-2024-3557.json new file mode 100644 index 00000000000..97dd15789ea --- /dev/null +++ b/2024/3xxx/CVE-2024-3557.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3557", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3558.json b/2024/3xxx/CVE-2024-3558.json new file mode 100644 index 00000000000..a87815abf6f --- /dev/null +++ b/2024/3xxx/CVE-2024-3558.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3558", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3559.json b/2024/3xxx/CVE-2024-3559.json new file mode 100644 index 00000000000..c9581d19a18 --- /dev/null +++ b/2024/3xxx/CVE-2024-3559.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3559", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3560.json b/2024/3xxx/CVE-2024-3560.json new file mode 100644 index 00000000000..8d56e155e53 --- /dev/null +++ b/2024/3xxx/CVE-2024-3560.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3560", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3561.json b/2024/3xxx/CVE-2024-3561.json new file mode 100644 index 00000000000..5facc344f99 --- /dev/null +++ b/2024/3xxx/CVE-2024-3561.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3561", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3562.json b/2024/3xxx/CVE-2024-3562.json new file mode 100644 index 00000000000..ac7a49d2169 --- /dev/null +++ b/2024/3xxx/CVE-2024-3562.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3562", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3563.json b/2024/3xxx/CVE-2024-3563.json new file mode 100644 index 00000000000..a3eabca2cc5 --- /dev/null +++ b/2024/3xxx/CVE-2024-3563.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3563", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3564.json b/2024/3xxx/CVE-2024-3564.json new file mode 100644 index 00000000000..caf116d06c2 --- /dev/null +++ b/2024/3xxx/CVE-2024-3564.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3564", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3610.json b/2024/3xxx/CVE-2024-3610.json new file mode 100644 index 00000000000..809ec6d5a16 --- /dev/null +++ b/2024/3xxx/CVE-2024-3610.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3610", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3611.json b/2024/3xxx/CVE-2024-3611.json new file mode 100644 index 00000000000..c8dec7406c3 --- /dev/null +++ b/2024/3xxx/CVE-2024-3611.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3611", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3612.json b/2024/3xxx/CVE-2024-3612.json new file mode 100644 index 00000000000..14b6402fa3f --- /dev/null +++ b/2024/3xxx/CVE-2024-3612.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3612", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3613.json b/2024/3xxx/CVE-2024-3613.json new file mode 100644 index 00000000000..6d73068ebae --- /dev/null +++ b/2024/3xxx/CVE-2024-3613.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3613", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3614.json b/2024/3xxx/CVE-2024-3614.json new file mode 100644 index 00000000000..6ae7c0e5a1d --- /dev/null +++ b/2024/3xxx/CVE-2024-3614.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3614", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3615.json b/2024/3xxx/CVE-2024-3615.json new file mode 100644 index 00000000000..268afff6db4 --- /dev/null +++ b/2024/3xxx/CVE-2024-3615.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3615", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3616.json b/2024/3xxx/CVE-2024-3616.json new file mode 100644 index 00000000000..80128219ef1 --- /dev/null +++ b/2024/3xxx/CVE-2024-3616.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3616", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3617.json b/2024/3xxx/CVE-2024-3617.json new file mode 100644 index 00000000000..b0366d0a8a3 --- /dev/null +++ b/2024/3xxx/CVE-2024-3617.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3617", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3618.json b/2024/3xxx/CVE-2024-3618.json new file mode 100644 index 00000000000..79a91fb798a --- /dev/null +++ b/2024/3xxx/CVE-2024-3618.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3618", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file