diff --git a/2024/11xxx/CVE-2024-11187.json b/2024/11xxx/CVE-2024-11187.json index eef94219ab0..e20972e2885 100644 --- a/2024/11xxx/CVE-2024-11187.json +++ b/2024/11xxx/CVE-2024-11187.json @@ -1,17 +1,144 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11187", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-officer@isc.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-405 Asymmetric Resource Consumption (Amplification)", + "cweId": "CWE-405" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ISC", + "product": { + "product_data": [ + { + "product_name": "BIND 9", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "9.11.0", + "version_value": "9.11.37" + }, + { + "version_affected": "<=", + "version_name": "9.16.0", + "version_value": "9.16.50" + }, + { + "version_affected": "<=", + "version_name": "9.18.0", + "version_value": "9.18.32" + }, + { + "version_affected": "<=", + "version_name": "9.20.0", + "version_value": "9.20.4" + }, + { + "version_affected": "<=", + "version_name": "9.21.0", + "version_value": "9.21.3" + }, + { + "version_affected": "<=", + "version_name": "9.11.3-S1", + "version_value": "9.11.37-S1" + }, + { + "version_affected": "<=", + "version_name": "9.16.8-S1", + "version_value": "9.16.50-S1" + }, + { + "version_affected": "<=", + "version_name": "9.18.11-S1", + "version_value": "9.18.32-S1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://kb.isc.org/docs/cve-2024-11187", + "refsource": "MISC", + "name": "https://kb.isc.org/docs/cve-2024-11187" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "value": "Setting option `minimal-responses yes;` provides an effective workaround." + } + ], + "exploit": [ + { + "lang": "en", + "value": "We are not aware of any active exploits." + } + ], + "solution": [ + { + "lang": "en", + "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.33, 9.20.5, 9.21.4, or 9.18.33-S1." + } + ], + "credits": [ + { + "lang": "en", + "value": "ISC would like to thank Toshifumi Sakaguchi for bringing this vulnerability to our attention." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2024/12xxx/CVE-2024-12705.json b/2024/12xxx/CVE-2024-12705.json index 93bc693c8cf..ebbd0437ba6 100644 --- a/2024/12xxx/CVE-2024-12705.json +++ b/2024/12xxx/CVE-2024-12705.json @@ -1,17 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12705", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-officer@isc.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic.\nThis issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770 Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ISC", + "product": { + "product_data": [ + { + "product_name": "BIND 9", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "9.18.0", + "version_value": "9.18.32" + }, + { + "version_affected": "<=", + "version_name": "9.20.0", + "version_value": "9.20.4" + }, + { + "version_affected": "<=", + "version_name": "9.21.0", + "version_value": "9.21.3" + }, + { + "version_affected": "<=", + "version_name": "9.18.11-S1", + "version_value": "9.18.32-S1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://kb.isc.org/docs/cve-2024-12705", + "refsource": "MISC", + "name": "https://kb.isc.org/docs/cve-2024-12705" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "value": "The issue affects only the DNS-over-HTTPS protocol and does not apply to instances where DoH is not enabled." + } + ], + "exploit": [ + { + "lang": "en", + "value": "We are not aware of any active exploits." + } + ], + "solution": [ + { + "lang": "en", + "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.33, 9.20.5, 9.21.4, or 9.18.33-S1." + } + ], + "credits": [ + { + "lang": "en", + "value": "ISC would like to thank Jean-Fran\u00e7ois Billaud for bringing this vulnerability to our attention." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2024/13xxx/CVE-2024-13794.json b/2024/13xxx/CVE-2024-13794.json new file mode 100644 index 00000000000..fd75e039f8c --- /dev/null +++ b/2024/13xxx/CVE-2024-13794.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13794", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13795.json b/2024/13xxx/CVE-2024-13795.json new file mode 100644 index 00000000000..10436cc0f78 --- /dev/null +++ b/2024/13xxx/CVE-2024-13795.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13795", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13796.json b/2024/13xxx/CVE-2024-13796.json new file mode 100644 index 00000000000..4f17c25b684 --- /dev/null +++ b/2024/13xxx/CVE-2024-13796.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13796", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13797.json b/2024/13xxx/CVE-2024-13797.json new file mode 100644 index 00000000000..a619d775123 --- /dev/null +++ b/2024/13xxx/CVE-2024-13797.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13797", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13798.json b/2024/13xxx/CVE-2024-13798.json new file mode 100644 index 00000000000..c37da0f25f8 --- /dev/null +++ b/2024/13xxx/CVE-2024-13798.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13798", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/23xxx/CVE-2024-23733.json b/2024/23xxx/CVE-2024-23733.json index 842a8fc1b35..a9210ff0a2d 100644 --- a/2024/23xxx/CVE-2024-23733.json +++ b/2024/23xxx/CVE-2024-23733.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-23733", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-23733", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the /WmAdmin/#/login/ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/ekcrsm/CVE-2024-23733/tree/main", + "url": "https://github.com/ekcrsm/CVE-2024-23733/tree/main" } ] } diff --git a/2024/40xxx/CVE-2024-40422.json b/2024/40xxx/CVE-2024-40422.json index 1868432aa8d..8c513053f45 100644 --- a/2024/40xxx/CVE-2024-40422.json +++ b/2024/40xxx/CVE-2024-40422.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://github.com/alpernae/CVE-2024-40422", "url": "https://github.com/alpernae/CVE-2024-40422" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@alpernae/uncovering-path-traversal-in-devika-v1-a-deep-dive-into-cve-2024-40422-f8ce81398b99", + "url": "https://medium.com/@alpernae/uncovering-path-traversal-in-devika-v1-a-deep-dive-into-cve-2024-40422-f8ce81398b99" } ] } diff --git a/2024/48xxx/CVE-2024-48761.json b/2024/48xxx/CVE-2024-48761.json index f3c25c9d6c5..e24963b9b4a 100644 --- a/2024/48xxx/CVE-2024-48761.json +++ b/2024/48xxx/CVE-2024-48761.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48761", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48761", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The specific component in Celk Saude 3.1.252.1 that processes user input and returns error messages to the client is vulnerable due to improper validation or sanitization of the \"erro\" parameter. This parameter appears as a response when incorrect credentials are entered during login. The lack of proper validation or sanitization makes the component susceptible to injection attacks, potentially allowing attackers to manipulate the input and exploit the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761", + "url": "https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761" } ] } diff --git a/2024/51xxx/CVE-2024-51182.json b/2024/51xxx/CVE-2024-51182.json index d62cadae6ec..a2324118bac 100644 --- a/2024/51xxx/CVE-2024-51182.json +++ b/2024/51xxx/CVE-2024-51182.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-51182", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-51182", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the \"erro\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-51182", + "url": "https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-51182" } ] } diff --git a/2024/54xxx/CVE-2024-54851.json b/2024/54xxx/CVE-2024-54851.json index 34e1936bc9d..36d463ea35c 100644 --- a/2024/54xxx/CVE-2024-54851.json +++ b/2024/54xxx/CVE-2024-54851.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-54851", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-54851", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due to the lack of CSRF protection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Tanguy-Boisset/CVE/blob/master/CVE-2024-54851/README.md", + "url": "https://github.com/Tanguy-Boisset/CVE/blob/master/CVE-2024-54851/README.md" } ] } diff --git a/2024/54xxx/CVE-2024-54852.json b/2024/54xxx/CVE-2024-54852.json index e312e41765a..4a41fd505a8 100644 --- a/2024/54xxx/CVE-2024-54852.json +++ b/2024/54xxx/CVE-2024-54852.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-54852", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-54852", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary accounts and spraying passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Tanguy-Boisset/CVE/blob/master/CVE-2024-54852/README.md", + "url": "https://github.com/Tanguy-Boisset/CVE/blob/master/CVE-2024-54852/README.md" } ] } diff --git a/2024/57xxx/CVE-2024-57395.json b/2024/57xxx/CVE-2024-57395.json index 083b34916da..bc72dfe46fd 100644 --- a/2024/57xxx/CVE-2024-57395.json +++ b/2024/57xxx/CVE-2024-57395.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57395", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57395", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.hzzcka.com/", + "refsource": "MISC", + "name": "http://www.hzzcka.com/" + }, + { + "refsource": "MISC", + "name": "https://github.com/qtxz54/Vul/blob/main/WeakPasswd/Safety-production-process-management-system.md", + "url": "https://github.com/qtxz54/Vul/blob/main/WeakPasswd/Safety-production-process-management-system.md" } ] } diff --git a/2024/57xxx/CVE-2024-57509.json b/2024/57xxx/CVE-2024-57509.json index 718885bceff..7b30dc047df 100644 --- a/2024/57xxx/CVE-2024-57509.json +++ b/2024/57xxx/CVE-2024-57509.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57509", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57509", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_File::ParseStream and related functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/axiomatic-systems/Bento4/issues/989", + "refsource": "MISC", + "name": "https://github.com/axiomatic-systems/Bento4/issues/989" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/G2FUZZ/91a1cc3b8f2b0720e984353d59023b24", + "url": "https://gist.github.com/G2FUZZ/91a1cc3b8f2b0720e984353d59023b24" } ] } diff --git a/2024/57xxx/CVE-2024-57510.json b/2024/57xxx/CVE-2024-57510.json index 1f11fdd8c78..24f0ba5b470 100644 --- a/2024/57xxx/CVE-2024-57510.json +++ b/2024/57xxx/CVE-2024-57510.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57510", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57510", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/axiomatic-systems/Bento4/issues/989", + "refsource": "MISC", + "name": "https://github.com/axiomatic-systems/Bento4/issues/989" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/G2FUZZ/91a1cc3b8f2b0720e984353d59023b24", + "url": "https://gist.github.com/G2FUZZ/91a1cc3b8f2b0720e984353d59023b24" } ] } diff --git a/2024/57xxx/CVE-2024-57513.json b/2024/57xxx/CVE-2024-57513.json index a2773faae5a..7daeb27dcd5 100644 --- a/2024/57xxx/CVE-2024-57513.json +++ b/2024/57xxx/CVE-2024-57513.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57513", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57513", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A floating-point exception (FPE) vulnerability exists in the AP4_TfraAtom::AP4_TfraAtom function in Bento4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/axiomatic-systems/Bento4/issues/990", + "refsource": "MISC", + "name": "https://github.com/axiomatic-systems/Bento4/issues/990" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/G2FUZZ/91a1cc3b8f2b0720e984353d59023b24", + "url": "https://gist.github.com/G2FUZZ/91a1cc3b8f2b0720e984353d59023b24" } ] } diff --git a/2025/0xxx/CVE-2025-0842.json b/2025/0xxx/CVE-2025-0842.json index 37716c991a6..c14c943a542 100644 --- a/2025/0xxx/CVE-2025-0842.json +++ b/2025/0xxx/CVE-2025-0842.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0842", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in needyamin Library Card System 1.0 and classified as critical. This issue affects some unknown processing of the file admin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in needyamin Library Card System 1.0 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei admin.php der Komponente Login. Mit der Manipulation des Arguments email/password mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "needyamin", + "product": { + "product_data": [ + { + "product_name": "Library Card System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.293999", + "refsource": "MISC", + "name": "https://vuldb.com/?id.293999" + }, + { + "url": "https://vuldb.com/?ctiid.293999", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.293999" + }, + { + "url": "https://vuldb.com/?submit.485540", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.485540" + }, + { + "url": "https://www.websecurityinsights.my.id/2025/01/library-card-system-admin-login-bypass.html?m=1", + "refsource": "MISC", + "name": "https://www.websecurityinsights.my.id/2025/01/library-card-system-admin-login-bypass.html?m=1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Maloy Roy Orko" + }, + { + "lang": "en", + "value": "MaloyRoyOrko (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2025/0xxx/CVE-2025-0851.json b/2025/0xxx/CVE-2025-0851.json index 83b54d9eeef..7d7435586c4 100644 --- a/2025/0xxx/CVE-2025-0851.json +++ b/2025/0xxx/CVE-2025-0851.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0851", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "aws-security@amazon.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-36: Absolute Path Traversal", + "cweId": "CWE-36" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-73: External Control of File Name or Path", + "cweId": "CWE-73" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AWS", + "product": { + "product_data": [ + { + "product_name": "DeepJavaLibrary", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0.1.0", + "version_value": "0.31.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-003/", + "refsource": "MISC", + "name": "https://aws.amazon.com/security/security-bulletins/AWS-2025-003/" + }, + { + "url": "https://github.com/deepjavalibrary/djl/security/advisories/GHSA-jcrp-x7w3-ffmg", + "refsource": "MISC", + "name": "https://github.com/deepjavalibrary/djl/security/advisories/GHSA-jcrp-x7w3-ffmg" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0859.json b/2025/0xxx/CVE-2025-0859.json new file mode 100644 index 00000000000..262ceaa2778 --- /dev/null +++ b/2025/0xxx/CVE-2025-0859.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0859", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0860.json b/2025/0xxx/CVE-2025-0860.json new file mode 100644 index 00000000000..a2639e76897 --- /dev/null +++ b/2025/0xxx/CVE-2025-0860.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0860", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0861.json b/2025/0xxx/CVE-2025-0861.json new file mode 100644 index 00000000000..9a861dbc2ce --- /dev/null +++ b/2025/0xxx/CVE-2025-0861.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0861", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0862.json b/2025/0xxx/CVE-2025-0862.json new file mode 100644 index 00000000000..63b070b6fdc --- /dev/null +++ b/2025/0xxx/CVE-2025-0862.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0862", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0863.json b/2025/0xxx/CVE-2025-0863.json new file mode 100644 index 00000000000..417e21fa084 --- /dev/null +++ b/2025/0xxx/CVE-2025-0863.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0863", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0864.json b/2025/0xxx/CVE-2025-0864.json new file mode 100644 index 00000000000..28a80198d51 --- /dev/null +++ b/2025/0xxx/CVE-2025-0864.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0864", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file