diff --git a/2024/0xxx/CVE-2024-0400.json b/2024/0xxx/CVE-2024-0400.json index fb030f4c613..3a7176ca0bb 100644 --- a/2024/0xxx/CVE-2024-0400.json +++ b/2024/0xxx/CVE-2024-0400.json @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", - "cweId": "CWE-94" + "value": "n/a" } ] } @@ -56,9 +55,9 @@ "references": { "reference_data": [ { - "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true", + "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000190&languageCode=en&Preview=true", "refsource": "MISC", - "name": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true" + "name": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000190&languageCode=en&Preview=true" } ] }, diff --git a/2024/1xxx/CVE-2024-1753.json b/2024/1xxx/CVE-2024-1753.json index 56b2a89adc0..3f89467c725 100644 --- a/2024/1xxx/CVE-2024-1753.json +++ b/2024/1xxx/CVE-2024-1753.json @@ -209,6 +209,11 @@ "url": "https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3", "refsource": "MISC", "name": "https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH/" } ] }, diff --git a/2024/29xxx/CVE-2024-29892.json b/2024/29xxx/CVE-2024-29892.json index 54defa6f4ab..f643770d3da 100644 --- a/2024/29xxx/CVE-2024-29892.json +++ b/2024/29xxx/CVE-2024-29892.json @@ -1,17 +1,144 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29892", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ZITADEL, open source authentication management software, uses Go templates to render the login UI. Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim `urn:zitadel:iam:user:resourceowner:name`. To compensate for this we introduced a protection that does prevent actions from changing claims that start with `urn:zitadel:iam`. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zitadel", + "product": { + "product_data": [ + { + "product_name": "zitadel", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.42.17" + }, + { + "version_affected": "=", + "version_value": ">= 2.43.0, < 2.43.11" + }, + { + "version_affected": "=", + "version_value": ">= 2.44.0, < 2.44.7" + }, + { + "version_affected": "=", + "version_value": ">= 2.45.0, < 2.45.5" + }, + { + "version_affected": "=", + "version_value": ">= 2.46.0, < 2.46.5" + }, + { + "version_affected": "=", + "version_value": ">= 2.47.0, < 2.47.8" + }, + { + "version_affected": "=", + "version_value": ">= 2.48.0, < 2.48.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-gp8g-f42f-95q2", + "refsource": "MISC", + "name": "https://github.com/zitadel/zitadel/security/advisories/GHSA-gp8g-f42f-95q2" + }, + { + "url": "https://github.com/zitadel/zitadel/releases/tag/v2.42.17", + "refsource": "MISC", + "name": "https://github.com/zitadel/zitadel/releases/tag/v2.42.17" + }, + { + "url": "https://github.com/zitadel/zitadel/releases/tag/v2.43.11", + "refsource": "MISC", + "name": "https://github.com/zitadel/zitadel/releases/tag/v2.43.11" + }, + { + "url": "https://github.com/zitadel/zitadel/releases/tag/v2.44.7", + "refsource": "MISC", + "name": "https://github.com/zitadel/zitadel/releases/tag/v2.44.7" + }, + { + "url": "https://github.com/zitadel/zitadel/releases/tag/v2.45.5", + "refsource": "MISC", + "name": "https://github.com/zitadel/zitadel/releases/tag/v2.45.5" + }, + { + "url": "https://github.com/zitadel/zitadel/releases/tag/v2.46.5", + "refsource": "MISC", + "name": "https://github.com/zitadel/zitadel/releases/tag/v2.46.5" + }, + { + "url": "https://github.com/zitadel/zitadel/releases/tag/v2.47.8", + "refsource": "MISC", + "name": "https://github.com/zitadel/zitadel/releases/tag/v2.47.8" + }, + { + "url": "https://github.com/zitadel/zitadel/releases/tag/v2.48.3", + "refsource": "MISC", + "name": "https://github.com/zitadel/zitadel/releases/tag/v2.48.3" + } + ] + }, + "source": { + "advisory": "GHSA-gp8g-f42f-95q2", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29929.json b/2024/29xxx/CVE-2024-29929.json index 511467e5b7c..2f551590e54 100644 --- a/2024/29xxx/CVE-2024-29929.json +++ b/2024/29xxx/CVE-2024-29929.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29929", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WC Lovers WCFM \u2013 Frontend Manager for WooCommerce allows Stored XSS.This issue affects WCFM \u2013 Frontend Manager for WooCommerce: from n/a through 6.7.8.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WC Lovers", + "product": { + "product_data": [ + { + "product_name": "WCFM \u2013 Frontend Manager for WooCommerce", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "6.7.9", + "status": "unaffected" + } + ], + "lessThanOrEqual": "6.7.8", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wc-frontend-manager/wordpress-wcfm-plugin-6-7-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wc-frontend-manager/wordpress-wcfm-plugin-6-7-8-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 6.7.9 or a higher version." + } + ], + "value": "Update to 6.7.9 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Steven Julian (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29930.json b/2024/29xxx/CVE-2024-29930.json index 69448876d5e..775ada6b704 100644 --- a/2024/29xxx/CVE-2024-29930.json +++ b/2024/29xxx/CVE-2024-29930.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29930", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.4.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CurrencyRate.today", + "product": { + "product_data": [ + { + "product_name": "Crypto Converter Widget", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.9.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.8.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/crypto-converter-widget/wordpress-crypto-converter-widget-plugin-1-8-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/crypto-converter-widget/wordpress-crypto-converter-widget-plugin-1-8-4-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.9.0 or a higher version." + } + ], + "value": "Update to 1.9.0 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Yudistira Arya (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29931.json b/2024/29xxx/CVE-2024-29931.json index 76f39e70f62..19b558194c5 100644 --- a/2024/29xxx/CVE-2024-29931.json +++ b/2024/29xxx/CVE-2024-29931.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29931", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Go Maps (formerly WP Google Maps) WP Google Maps allows Reflected XSS.This issue affects WP Google Maps: from n/a through 9.0.29.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WP Go Maps (formerly WP Google Maps)", + "product": { + "product_data": [ + { + "product_name": "WP Google Maps", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "9.0.30", + "status": "unaffected" + } + ], + "lessThanOrEqual": "9.0.29", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-google-maps/wordpress-wp-go-maps-plugin-9-0-29-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wp-google-maps/wordpress-wp-go-maps-plugin-9-0-29-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 9.0.30 or a higher version." + } + ], + "value": "Update to 9.0.30 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29932.json b/2024/29xxx/CVE-2024-29932.json index ea729d8234a..c384e7d969c 100644 --- a/2024/29xxx/CVE-2024-29932.json +++ b/2024/29xxx/CVE-2024-29932.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29932", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "realmag777", + "product": { + "product_data": [ + { + "product_name": "WordPress Meta Data and Taxonomies Filter (MDTF)", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.3.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.3.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-meta-data-filter-and-taxonomy-filter/wordpress-wordpress-meta-data-and-taxonomies-filter-mdtf-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wp-meta-data-filter-and-taxonomy-filter/wordpress-wordpress-meta-data-and-taxonomies-filter-mdtf-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.3.3 or a higher version." + } + ], + "value": "Update to 1.3.3 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Yudistira Arya (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29933.json b/2024/29xxx/CVE-2024-29933.json index 7735c901908..d456cce1761 100644 --- a/2024/29xxx/CVE-2024-29933.json +++ b/2024/29xxx/CVE-2024-29933.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29933", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GhozyLab, Inc.", + "product": { + "product_data": [ + { + "product_name": "Web Icons", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.0.0.11", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.0.0.10", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/icon/wordpress-web-icons-plugin-1-0-0-10-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/icon/wordpress-web-icons-plugin-1-0-0-10-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.0.0.11 or a higher version." + } + ], + "value": "Update to 1.0.0.11 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "LVT-tholv2k (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2932.json b/2024/2xxx/CVE-2024-2932.json index fe2370f514e..67f7d84a4df 100644 --- a/2024/2xxx/CVE-2024-2932.json +++ b/2024/2xxx/CVE-2024-2932.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2932", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in SourceCodester Online Chatting System 1.0. Affected is an unknown function of the file admin/update_room.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258012." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in SourceCodester Online Chatting System 1.0 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Datei admin/update_room.php. Durch das Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Online Chatting System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258012", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258012" + }, + { + "url": "https://vuldb.com/?ctiid.258012", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258012" + }, + { + "url": "https://vuldb.com/?submit.304257", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.304257" + }, + { + "url": "https://github.com/CveSecLook/cve/issues/3", + "refsource": "MISC", + "name": "https://github.com/CveSecLook/cve/issues/3" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "WangPeng_CUMT (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2934.json b/2024/2xxx/CVE-2024-2934.json index 9053f7bb623..6fe86169701 100644 --- a/2024/2xxx/CVE-2024-2934.json +++ b/2024/2xxx/CVE-2024-2934.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2934", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in SourceCodester Todo List in Kanban Board 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-todo.php. The manipulation of the argument list leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258013 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In SourceCodester Todo List in Kanban Board 1.0 wurde eine kritische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /endpoint/delete-todo.php. Durch Manipulieren des Arguments list mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Todo List in Kanban Board", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258013", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258013" + }, + { + "url": "https://vuldb.com/?ctiid.258013", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258013" + }, + { + "url": "https://vuldb.com/?submit.304677", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.304677" + }, + { + "url": "https://github.com/BurakSevben/CVEs/blob/main/To%20Do%20List%20App/To%20Do%20List%20App%20-%20SQL%20Injection.md", + "refsource": "MISC", + "name": "https://github.com/BurakSevben/CVEs/blob/main/To%20Do%20List%20App/To%20Do%20List%20App%20-%20SQL%20Injection.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Burak (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2935.json b/2024/2xxx/CVE-2024-2935.json index e62a56374ab..4f71a539bbe 100644 --- a/2024/2xxx/CVE-2024-2935.json +++ b/2024/2xxx/CVE-2024-2935.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2935", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Todo List in Kanban Board 1.0. Affected by this issue is some unknown functionality of the component Add ToDo. The manipulation of the argument Todo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258014 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in SourceCodester Todo List in Kanban Board 1.0 entdeckt. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente Add ToDo. Durch das Beeinflussen des Arguments Todo mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Todo List in Kanban Board", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258014", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258014" + }, + { + "url": "https://vuldb.com/?ctiid.258014", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258014" + }, + { + "url": "https://vuldb.com/?submit.304678", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.304678" + }, + { + "url": "https://github.com/BurakSevben/CVEs/blob/main/To%20Do%20List%20App/To%20Do%20List%20App%20-%20Cross-Site-Scripting.md", + "refsource": "MISC", + "name": "https://github.com/BurakSevben/CVEs/blob/main/To%20Do%20List%20App/To%20Do%20List%20App%20-%20Cross-Site-Scripting.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Burak (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2024/2xxx/CVE-2024-2938.json b/2024/2xxx/CVE-2024-2938.json index a88ac37bb60..a5f6a7ecc7e 100644 --- a/2024/2xxx/CVE-2024-2938.json +++ b/2024/2xxx/CVE-2024-2938.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2938", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Campcodes Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /adminpanel/admin/facebox_modal/updateCourse.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258029 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Campcodes Online Examination System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /adminpanel/admin/facebox_modal/updateCourse.php. Mit der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Online Examination System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258029", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258029" + }, + { + "url": "https://vuldb.com/?ctiid.258029", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258029" + }, + { + "url": "https://vuldb.com/?submit.304746", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.304746" + }, + { + "url": "https://github.com/Beatriz-ai-boop/cve/blob/main/report/1.pdf", + "refsource": "MISC", + "name": "https://github.com/Beatriz-ai-boop/cve/blob/main/report/1.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "willchen (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2939.json b/2024/2xxx/CVE-2024-2939.json index a6dd6f5eba5..c600dc4e3b7 100644 --- a/2024/2xxx/CVE-2024-2939.json +++ b/2024/2xxx/CVE-2024-2939.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2939", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in Campcodes Online Examination System 1.0. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258030 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in Campcodes Online Examination System 1.0 entdeckt. Es betrifft eine unbekannte Funktion der Datei /adminpanel/admin/facebox_modal/updateExaminee.php. Durch die Manipulation des Arguments id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Online Examination System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258030", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258030" + }, + { + "url": "https://vuldb.com/?ctiid.258030", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258030" + }, + { + "url": "https://vuldb.com/?submit.304747", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.304747" + }, + { + "url": "https://github.com/Beatriz-ai-boop/cve/blob/main/report/2.pdf", + "refsource": "MISC", + "name": "https://github.com/Beatriz-ai-boop/cve/blob/main/report/2.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "willchen (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2024/2xxx/CVE-2024-2940.json b/2024/2xxx/CVE-2024-2940.json index 035f86c66ea..1a05118b280 100644 --- a/2024/2xxx/CVE-2024-2940.json +++ b/2024/2xxx/CVE-2024-2940.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2940", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in Campcodes Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /adminpanel/admin/facebox_modal/updateCourse.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258031." + }, + { + "lang": "deu", + "value": "In Campcodes Online Examination System 1.0 wurde eine problematische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /adminpanel/admin/facebox_modal/updateCourse.php. Durch Manipulation des Arguments id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Online Examination System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258031", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258031" + }, + { + "url": "https://vuldb.com/?ctiid.258031", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258031" + }, + { + "url": "https://vuldb.com/?submit.304748", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.304748" + }, + { + "url": "https://github.com/Beatriz-ai-boop/cve/blob/main/report/3.pdf", + "refsource": "MISC", + "name": "https://github.com/Beatriz-ai-boop/cve/blob/main/report/3.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "willchen (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2024/2xxx/CVE-2024-2941.json b/2024/2xxx/CVE-2024-2941.json index fbb3a9da2a7..4d89569980b 100644 --- a/2024/2xxx/CVE-2024-2941.json +++ b/2024/2xxx/CVE-2024-2941.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2941", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in Campcodes Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /adminpanel/admin/query/loginExe.php. The manipulation of the argument pass leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258032." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in Campcodes Online Examination System 1.0 entdeckt. Dies betrifft einen unbekannten Teil der Datei /adminpanel/admin/query/loginExe.php. Mittels dem Manipulieren des Arguments pass mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Online Examination System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258032", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258032" + }, + { + "url": "https://vuldb.com/?ctiid.258032", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258032" + }, + { + "url": "https://vuldb.com/?submit.304757", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.304757" + }, + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%201.pdf", + "refsource": "MISC", + "name": "https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%201.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2942.json b/2024/2xxx/CVE-2024-2942.json index 0966e1d229e..efa46eb336c 100644 --- a/2024/2xxx/CVE-2024-2942.json +++ b/2024/2xxx/CVE-2024-2942.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2942", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in Campcodes Online Examination System 1.0. This affects an unknown part of the file /adminpanel/admin/query/deleteQuestionExe.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258033 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in Campcodes Online Examination System 1.0 gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei /adminpanel/admin/query/deleteQuestionExe.php. Mittels Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Online Examination System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258033", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258033" + }, + { + "url": "https://vuldb.com/?ctiid.258033", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258033" + }, + { + "url": "https://vuldb.com/?submit.304758", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.304758" + }, + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%202.pdf", + "refsource": "MISC", + "name": "https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%202.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2995.json b/2024/2xxx/CVE-2024-2995.json index 5d9b48667ae..d2dbb39fce4 100644 --- a/2024/2xxx/CVE-2024-2995.json +++ b/2024/2xxx/CVE-2024-2995.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2995", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in NUUO Camera up to 20240319 and classified as problematic. This issue affects some unknown processing of the file /deletefile.php. The manipulation of the argument filename leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258197 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in NUUO Camera bis 20240319 gefunden. Dies betrifft einen unbekannten Teil der Datei /deletefile.php. Mittels dem Manipulieren des Arguments filename mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service", + "cweId": "CWE-404" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NUUO", + "product": { + "product_data": [ + { + "product_name": "Camera", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20240319" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258197", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258197" + }, + { + "url": "https://vuldb.com/?ctiid.258197", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258197" + }, + { + "url": "https://vuldb.com/?submit.301068", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.301068" + }, + { + "url": "https://h0e4a0r1t.github.io/2024/vulns/Arbitrary%20file%20deletion%20vulnerability%20exists%20in%20nuuo%20camera-deletefile.php.pdf", + "refsource": "MISC", + "name": "https://h0e4a0r1t.github.io/2024/vulns/Arbitrary%20file%20deletion%20vulnerability%20exists%20in%20nuuo%20camera-deletefile.php.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "H0e4a0r1t (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.5, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2996.json b/2024/2xxx/CVE-2024-2996.json index 1a88be14c0d..73887eecd46 100644 --- a/2024/2xxx/CVE-2024-2996.json +++ b/2024/2xxx/CVE-2024-2996.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2996", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been classified as problematic. Affected is an unknown function of the component Page Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258198 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in Bdtask Multi-Store Inventory Management System bis 20240320 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Komponente Page Title Handler. Mittels Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bdtask", + "product": { + "product_data": [ + { + "product_name": "Multi-Store Inventory Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20240320" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258198", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258198" + }, + { + "url": "https://vuldb.com/?ctiid.258198", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258198" + }, + { + "url": "https://vuldb.com/?submit.301376", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.301376" + }, + { + "url": "https://drive.google.com/file/d/115tr5PJ_RmSlaLR_jLXPyJse6ojSFRxu/view?usp=drivesdk", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/115tr5PJ_RmSlaLR_jLXPyJse6ojSFRxu/view?usp=drivesdk" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "srivishnu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N" } ] } diff --git a/2024/2xxx/CVE-2024-2997.json b/2024/2xxx/CVE-2024-2997.json index dd36ee5f5bf..7498c3dd2c4 100644 --- a/2024/2xxx/CVE-2024-2997.json +++ b/2024/2xxx/CVE-2024-2997.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2997", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name/Model Name/Brand Name/Unit Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258199. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Bdtask Multi-Store Inventory Management System bis 20240320 wurde eine problematische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode. Durch das Manipulieren des Arguments Category Name/Model Name/Brand Name/Unit Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bdtask", + "product": { + "product_data": [ + { + "product_name": "Multi-Store Inventory Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20240320" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258199", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258199" + }, + { + "url": "https://vuldb.com/?ctiid.258199", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258199" + }, + { + "url": "https://vuldb.com/?submit.301380", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.301380" + }, + { + "url": "https://drive.google.com/file/d/1Zx_JnAf6QArTtfoSuzESkBasZSrNzmFF/view?usp=drivesdk", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1Zx_JnAf6QArTtfoSuzESkBasZSrNzmFF/view?usp=drivesdk" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "srivishnu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N" } ] } diff --git a/2024/2xxx/CVE-2024-2998.json b/2024/2xxx/CVE-2024-2998.json index 66edf388507..0317b507d08 100644 --- a/2024/2xxx/CVE-2024-2998.json +++ b/2024/2xxx/CVE-2024-2998.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2998", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Store Update Page. The manipulation of the argument Store Name/Store Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258200. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in Bdtask Multi-Store Inventory Management System bis 20240320 ausgemacht. Davon betroffen ist unbekannter Code der Komponente Store Update Page. Durch Manipulieren des Arguments Store Name/Store Address mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bdtask", + "product": { + "product_data": [ + { + "product_name": "Multi-Store Inventory Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20240320" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258200", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258200" + }, + { + "url": "https://vuldb.com/?ctiid.258200", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258200" + }, + { + "url": "https://vuldb.com/?submit.301381", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.301381" + }, + { + "url": "https://drive.google.com/file/d/1cE1gmFmPCjomWmHbBEvWCYg0dPEWkFoR/view?usp=drivesdk", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1cE1gmFmPCjomWmHbBEvWCYg0dPEWkFoR/view?usp=drivesdk" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "srivishnu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N" } ] } diff --git a/2024/2xxx/CVE-2024-2999.json b/2024/2xxx/CVE-2024-2999.json index 5a131bd6540..15e75ad821a 100644 --- a/2024/2xxx/CVE-2024-2999.json +++ b/2024/2xxx/CVE-2024-2999.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2999", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in Campcodes Online Art Gallery Management System 1.0. This affects an unknown part of the file /admin/adminHome.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258201 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Campcodes Online Art Gallery Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /admin/adminHome.php. Durch das Beeinflussen des Arguments uname mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Online Art Gallery Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258201", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258201" + }, + { + "url": "https://vuldb.com/?ctiid.258201", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258201" + }, + { + "url": "https://vuldb.com/?submit.304765", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.304765" + }, + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Online%20Art%20Gallery%20Management%20System%20-%20vuln%201.pdf", + "refsource": "MISC", + "name": "https://github.com/E1CHO/cve_hub/blob/main/Online%20Art%20Gallery%20Management%20System%20-%20vuln%201.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/30xxx/CVE-2024-30477.json b/2024/30xxx/CVE-2024-30477.json index 72386e90d6d..3fa6ef392c8 100644 --- a/2024/30xxx/CVE-2024-30477.json +++ b/2024/30xxx/CVE-2024-30477.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30477", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.This issue affects Klarna Payments for WooCommerce: from n/a through 3.2.4.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-862 Missing Authorization", - "cweId": "CWE-862" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "klarna", - "product": { - "product_data": [ - { - "product_name": "Klarna Payments for WooCommerce", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "3.3.0", - "status": "unaffected" - } - ], - "lessThanOrEqual": "3.2.4", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/klarna-payments-for-woocommerce/wordpress-klarna-payments-for-woocommerce-plugin-3-2-4-broken-access-control-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/klarna-payments-for-woocommerce/wordpress-klarna-payments-for-woocommerce-plugin-3-2-4-broken-access-control-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 3.3.0 or a higher version." - } - ], - "value": "Update to 3.3.0 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "Mika (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30478.json b/2024/30xxx/CVE-2024-30478.json index 9fa524c69ed..5176262aa75 100644 --- a/2024/30xxx/CVE-2024-30478.json +++ b/2024/30xxx/CVE-2024-30478.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30478", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bulletin WordPress Announcement & Notification Banner Plugin \u2013 Bulletin.This issue affects WordPress Announcement & Notification Banner Plugin \u2013 Bulletin: from n/a through 3.8.5.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Bulletin", - "product": { - "product_data": [ - { - "product_name": "WordPress Announcement & Notification Banner Plugin \u2013 Bulletin", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "3.9.0", - "status": "unaffected" - } - ], - "lessThanOrEqual": "3.8.5", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/bulletin-announcements/wordpress-announcement-notification-banner-bulletin-plugin-3-8-5-sql-injection-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/bulletin-announcements/wordpress-announcement-notification-banner-bulletin-plugin-3-8-5-sql-injection-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 3.9.0 or a higher version." - } - ], - "value": "Update to 3.9.0 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "Muhammad Daffa (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.6, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30482.json b/2024/30xxx/CVE-2024-30482.json index 9872896ed14..834ef032061 100644 --- a/2024/30xxx/CVE-2024-30482.json +++ b/2024/30xxx/CVE-2024-30482.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30482", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in Brice CAPOBIANCO Simple Revisions Delete.This issue affects Simple Revisions Delete: from n/a through 1.5.3.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Brice CAPOBIANCO", - "product": { - "product_data": [ - { - "product_name": "Simple Revisions Delete", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "1.5.4", - "status": "unaffected" - } - ], - "lessThanOrEqual": "1.5.3", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/simple-revisions-delete/wordpress-simple-revisions-delete-plugin-1-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/simple-revisions-delete/wordpress-simple-revisions-delete-plugin-1-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 1.5.4 or a higher version." - } - ], - "value": "Update to 1.5.4 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "Brandon Roldan (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 4.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30483.json b/2024/30xxx/CVE-2024-30483.json index 8256f50baac..6b31253b56f 100644 --- a/2024/30xxx/CVE-2024-30483.json +++ b/2024/30xxx/CVE-2024-30483.json @@ -1,94 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30483", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Sponsorships Sponsors allows Stored XSS.This issue affects Sponsors: from n/a through 3.5.1.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Simple Sponsorships", - "product": { - "product_data": [ - { - "product_name": "Sponsors", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "3.5.1" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/wp-sponsors/wordpress-sponsors-plugin-3-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/wp-sponsors/wordpress-sponsors-plugin-3-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Ray Wilson (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30486.json b/2024/30xxx/CVE-2024-30486.json index e7b9c496963..412b0c2d3e0 100644 --- a/2024/30xxx/CVE-2024-30486.json +++ b/2024/30xxx/CVE-2024-30486.json @@ -1,122 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30486", - "ASSIGNER": "audit@patchstack.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.7.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Max Foundry", - "product": { - "product_data": [ - { - "product_name": "Media Library Folders", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "8.1.8", - "status": "unaffected" - } - ], - "lessThanOrEqual": "8.1.7", - "status": "affected", - "version": "n/a", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://patchstack.com/database/vulnerability/media-library-plus/wordpress-media-library-folders-plugin-8-1-7-author-sql-injection-vulnerability?_s_id=cve", - "refsource": "MISC", - "name": "https://patchstack.com/database/vulnerability/media-library-plus/wordpress-media-library-folders-plugin-8-1-7-author-sql-injection-vulnerability?_s_id=cve" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to 8.1.8 or a higher version." - } - ], - "value": "Update to 8.1.8 or a higher version." - } - ], - "credits": [ - { - "lang": "en", - "value": "Le Ngoc Anh (Patchstack Alliance)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 8.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30600.json b/2024/30xxx/CVE-2024-30600.json index 2712e1b17d7..4a552640b0a 100644 --- a/2024/30xxx/CVE-2024-30600.json +++ b/2024/30xxx/CVE-2024-30600.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30600", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30600", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/setSchedWifi_end.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/setSchedWifi_end.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30601.json b/2024/30xxx/CVE-2024-30601.json index ae533bc0207..14ac69d6711 100644 --- a/2024/30xxx/CVE-2024-30601.json +++ b/2024/30xxx/CVE-2024-30601.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30601", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30601", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_time.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_time.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30602.json b/2024/30xxx/CVE-2024-30602.json index 885f8e2c50d..29f379df32c 100644 --- a/2024/30xxx/CVE-2024-30602.json +++ b/2024/30xxx/CVE-2024-30602.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30602", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30602", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/setSchedWifi_start.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/setSchedWifi_start.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30603.json b/2024/30xxx/CVE-2024-30603.json index 7cb68dba26c..5965e4d9db6 100644 --- a/2024/30xxx/CVE-2024-30603.json +++ b/2024/30xxx/CVE-2024-30603.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30603", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30603", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_urls.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_urls.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30604.json b/2024/30xxx/CVE-2024-30604.json index 358eb2029c5..c3e5249124d 100644 --- a/2024/30xxx/CVE-2024-30604.json +++ b/2024/30xxx/CVE-2024-30604.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30604", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30604", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 parameter of the fromDhcpListClient function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromDhcpListClient_list1.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromDhcpListClient_list1.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30606.json b/2024/30xxx/CVE-2024-30606.json index bef4e2adb3c..d1829de17e8 100644 --- a/2024/30xxx/CVE-2024-30606.json +++ b/2024/30xxx/CVE-2024-30606.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30606", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30606", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page parameter of the fromDhcpListClient function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromDhcpListClient_page.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromDhcpListClient_page.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30607.json b/2024/30xxx/CVE-2024-30607.json index 0b80ad3b8d9..25c16942276 100644 --- a/2024/30xxx/CVE-2024-30607.json +++ b/2024/30xxx/CVE-2024-30607.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30607", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30607", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_deviceId.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_deviceId.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30612.json b/2024/30xxx/CVE-2024-30612.json index c828cb9f281..85d3f649dab 100644 --- a/2024/30xxx/CVE-2024-30612.json +++ b/2024/30xxx/CVE-2024-30612.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30612", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30612", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetClientState.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetClientState.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30613.json b/2024/30xxx/CVE-2024-30613.json index 267002ee919..54f4849b084 100644 --- a/2024/30xxx/CVE-2024-30613.json +++ b/2024/30xxx/CVE-2024-30613.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30613", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30613", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/setSmartPowerManagement.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/setSmartPowerManagement.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30858.json b/2024/30xxx/CVE-2024-30858.json index ddce404b333..8510d293fbf 100644 --- a/2024/30xxx/CVE-2024-30858.json +++ b/2024/30xxx/CVE-2024-30858.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30858", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30858", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_fire_wall.md", - "refsource": "MISC", - "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_fire_wall.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30859.json b/2024/30xxx/CVE-2024-30859.json index 7dd106cd5b6..16409b021b6 100644 --- a/2024/30xxx/CVE-2024-30859.json +++ b/2024/30xxx/CVE-2024-30859.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30859", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30859", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupSSLCert.php." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-config_ISCGroupSSLCert.md", - "refsource": "MISC", - "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-config_ISCGroupSSLCert.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30860.json b/2024/30xxx/CVE-2024-30860.json index c42e5fc8eef..085cae132d1 100644 --- a/2024/30xxx/CVE-2024-30860.json +++ b/2024/30xxx/CVE-2024-30860.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30860", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30860", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/export_excel_user.php." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-export_excel_user.md", - "refsource": "MISC", - "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-export_excel_user.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30861.json b/2024/30xxx/CVE-2024-30861.json index d996822d8ed..7614fd7e741 100644 --- a/2024/30xxx/CVE-2024-30861.json +++ b/2024/30xxx/CVE-2024-30861.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30861", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30861", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configguide/ipsec_guide_1.php." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-ipsec_guide_1.md", - "refsource": "MISC", - "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-ipsec_guide_1.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30862.json b/2024/30xxx/CVE-2024-30862.json index e7988ce1186..d9930a11c75 100644 --- a/2024/30xxx/CVE-2024-30862.json +++ b/2024/30xxx/CVE-2024-30862.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30862", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30862", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/index.php." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-index.md", - "refsource": "MISC", - "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-index.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30863.json b/2024/30xxx/CVE-2024-30863.json index 28a6158de35..e6c13f103fc 100644 --- a/2024/30xxx/CVE-2024-30863.json +++ b/2024/30xxx/CVE-2024-30863.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30863", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30863", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/history.php." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-history.md", - "refsource": "MISC", - "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-history.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30864.json b/2024/30xxx/CVE-2024-30864.json index 2c264a5679c..630ad93f22d 100644 --- a/2024/30xxx/CVE-2024-30864.json +++ b/2024/30xxx/CVE-2024-30864.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30864", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30864", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupTimePolicy.php." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-config_ISCGroupTimePolicy.md", - "refsource": "MISC", - "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-config_ISCGroupTimePolicy.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30865.json b/2024/30xxx/CVE-2024-30865.json index 4fb34d453cf..dc0b14b9774 100644 --- a/2024/30xxx/CVE-2024-30865.json +++ b/2024/30xxx/CVE-2024-30865.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30865", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30865", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_user_login.php." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_user_login.md", - "refsource": "MISC", - "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_user_login.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30866.json b/2024/30xxx/CVE-2024-30866.json index f4c0985c24f..76e7b09aef2 100644 --- a/2024/30xxx/CVE-2024-30866.json +++ b/2024/30xxx/CVE-2024-30866.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30866", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30866", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/menu.php." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-menu.md", - "refsource": "MISC", - "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-menu.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30867.json b/2024/30xxx/CVE-2024-30867.json index 3060d73f924..6cec6bb97d5 100644 --- a/2024/30xxx/CVE-2024-30867.json +++ b/2024/30xxx/CVE-2024-30867.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30867", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30867", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_virtual_site_info.php." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_virtual_site_info.md", - "refsource": "MISC", - "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_virtual_site_info.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30868.json b/2024/30xxx/CVE-2024-30868.json index 9ba279da4e6..1d51f06eff3 100644 --- a/2024/30xxx/CVE-2024-30868.json +++ b/2024/30xxx/CVE-2024-30868.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30868", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30868", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-add_getlogin.md", - "refsource": "MISC", - "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-add_getlogin.md" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3000.json b/2024/3xxx/CVE-2024-3000.json index ed9eabd0eff..c29c9d14dcb 100644 --- a/2024/3xxx/CVE-2024-3000.json +++ b/2024/3xxx/CVE-2024-3000.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3000", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in code-projects Online Book System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument username/password/login_username/login_password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258202 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In code-projects Online Book System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /index.php. Durch Beeinflussen des Arguments username/password/login_username/login_password mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Online Book System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258202", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258202" + }, + { + "url": "https://vuldb.com/?ctiid.258202", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258202" + }, + { + "url": "https://vuldb.com/?submit.305052", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.305052" + }, + { + "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System%20-%20Authentication%20Bypass.md", + "refsource": "MISC", + "name": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System%20-%20Authentication%20Bypass.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Burak (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2024/3xxx/CVE-2024-3001.json b/2024/3xxx/CVE-2024-3001.json index 762c95835ac..9bf9774b6ee 100644 --- a/2024/3xxx/CVE-2024-3001.json +++ b/2024/3xxx/CVE-2024-3001.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3001", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in code-projects Online Book System 1.0. This issue affects some unknown processing of the file /Product.php. The manipulation of the argument value leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258203." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in code-projects Online Book System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /Product.php. Dank der Manipulation des Arguments value mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Online Book System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258203", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258203" + }, + { + "url": "https://vuldb.com/?ctiid.258203", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258203" + }, + { + "url": "https://vuldb.com/?submit.305055", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.305055" + }, + { + "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System-%20SQL%20Injection%20-%203.md", + "refsource": "MISC", + "name": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System-%20SQL%20Injection%20-%203.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Burak (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] }