From 67be312d2455d1064d76bd6ec095f8b14386fb7e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 5 Dec 2024 15:00:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/11xxx/CVE-2024-11941.json | 98 ++++++++++++++++++++++++++-- 2024/11xxx/CVE-2024-11942.json | 101 +++++++++++++++++++++++++++-- 2024/12xxx/CVE-2024-12229.json | 114 +++++++++++++++++++++++++++++++-- 2024/12xxx/CVE-2024-12230.json | 114 +++++++++++++++++++++++++++++++-- 2024/12xxx/CVE-2024-12242.json | 18 ++++++ 2024/12xxx/CVE-2024-12243.json | 18 ++++++ 2024/12xxx/CVE-2024-12244.json | 18 ++++++ 2024/12xxx/CVE-2024-12245.json | 18 ++++++ 2024/54xxx/CVE-2024-54679.json | 81 +++++++++++++++++++++++ 9 files changed, 562 insertions(+), 18 deletions(-) create mode 100644 2024/12xxx/CVE-2024-12242.json create mode 100644 2024/12xxx/CVE-2024-12243.json create mode 100644 2024/12xxx/CVE-2024-12244.json create mode 100644 2024/12xxx/CVE-2024-12245.json create mode 100644 2024/54xxx/CVE-2024-54679.json diff --git a/2024/11xxx/CVE-2024-11941.json b/2024/11xxx/CVE-2024-11941.json index bf1ee25a894..d303bb14d91 100644 --- a/2024/11xxx/CVE-2024-11941.json +++ b/2024/11xxx/CVE-2024-11941.json @@ -1,18 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11941", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@drupal.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')", + "cweId": "CWE-835" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Drupal", + "product": { + "product_data": [ + { + "product_name": "Drupal Core", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.2.0", + "version_value": "10.2.2" + }, + { + "version_affected": "<", + "version_name": "10.1.0", + "version_value": "10.1.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.drupal.org/sa-core-2024-001", + "refsource": "MISC", + "name": "https://www.drupal.org/sa-core-2024-001" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Alexander Antonenko" + }, + { + "lang": "en", + "value": "Doug Green" + }, + { + "lang": "en", + "value": "Lee Rowlands" + }, + { + "lang": "en", + "value": "Benji Fisher" + }, + { + "lang": "en", + "value": "Juraj Nemec" + }, + { + "lang": "en", + "value": "xjm" + }, + { + "lang": "en", + "value": "Lauri Eskola" + } + ] } \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11942.json b/2024/11xxx/CVE-2024-11942.json index fad7b983a3f..55af2881551 100644 --- a/2024/11xxx/CVE-2024-11942.json +++ b/2024/11xxx/CVE-2024-11942.json @@ -1,18 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11942", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@drupal.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-390 Detection of Error Condition Without Action", + "cweId": "CWE-390" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Drupal", + "product": { + "product_data": [ + { + "product_name": "Drupal Core", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.2.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.drupal.org/sa-core-2024-002", + "refsource": "MISC", + "name": "https://www.drupal.org/sa-core-2024-002" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Pierre Rudloff" + }, + { + "lang": "en", + "value": "catch" + }, + { + "lang": "en", + "value": "Lee Rowlands" + }, + { + "lang": "en", + "value": "Benji Fisher" + }, + { + "lang": "en", + "value": "Kim Pepper" + }, + { + "lang": "en", + "value": "Wim Leers" + }, + { + "lang": "en", + "value": "xjm" + }, + { + "lang": "en", + "value": "Dave Long" + }, + { + "lang": "en", + "value": "Juraj Nemec" + } + ] } \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12229.json b/2024/12xxx/CVE-2024-12229.json index 4b725152625..5af44e0679a 100644 --- a/2024/12xxx/CVE-2024-12229.json +++ b/2024/12xxx/CVE-2024-12229.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12229", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in PHPGurukul Complaint Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/complaint-search.php. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In PHPGurukul Complaint Management System 1.0 wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /admin/complaint-search.php. Durch das Manipulieren des Arguments search mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHPGurukul", + "product": { + "product_data": [ + { + "product_name": "Complaint Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.286975", + "refsource": "MISC", + "name": "https://vuldb.com/?id.286975" + }, + { + "url": "https://vuldb.com/?ctiid.286975", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.286975" + }, + { + "url": "https://vuldb.com/?submit.455065", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.455065" + }, + { + "url": "https://github.com/qiyes233/CVE/issues/1", + "refsource": "MISC", + "name": "https://github.com/qiyes233/CVE/issues/1" + }, + { + "url": "https://phpgurukul.com/", + "refsource": "MISC", + "name": "https://phpgurukul.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "qiye (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2024/12xxx/CVE-2024-12230.json b/2024/12xxx/CVE-2024-12230.json index c396e8bc7a8..6b7f07d06ff 100644 --- a/2024/12xxx/CVE-2024-12230.json +++ b/2024/12xxx/CVE-2024-12230.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12230", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/subcategory.php. The manipulation of the argument category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in PHPGurukul Complaint Management System 1.0 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /admin/subcategory.php. Durch Manipulieren des Arguments category mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHPGurukul", + "product": { + "product_data": [ + { + "product_name": "Complaint Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.286976", + "refsource": "MISC", + "name": "https://vuldb.com/?id.286976" + }, + { + "url": "https://vuldb.com/?ctiid.286976", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.286976" + }, + { + "url": "https://vuldb.com/?submit.456517", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.456517" + }, + { + "url": "https://github.com/wqywfvc/CVE/issues/2", + "refsource": "MISC", + "name": "https://github.com/wqywfvc/CVE/issues/2" + }, + { + "url": "https://phpgurukul.com/", + "refsource": "MISC", + "name": "https://phpgurukul.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "0x0A1lha (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2024/12xxx/CVE-2024-12242.json b/2024/12xxx/CVE-2024-12242.json new file mode 100644 index 00000000000..160a75058b3 --- /dev/null +++ b/2024/12xxx/CVE-2024-12242.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12242", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12243.json b/2024/12xxx/CVE-2024-12243.json new file mode 100644 index 00000000000..492b0edbd4d --- /dev/null +++ b/2024/12xxx/CVE-2024-12243.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12243", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12244.json b/2024/12xxx/CVE-2024-12244.json new file mode 100644 index 00000000000..5cab8eda61a --- /dev/null +++ b/2024/12xxx/CVE-2024-12244.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12244", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12245.json b/2024/12xxx/CVE-2024-12245.json new file mode 100644 index 00000000000..bc351683cab --- /dev/null +++ b/2024/12xxx/CVE-2024-12245.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12245", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/54xxx/CVE-2024-54679.json b/2024/54xxx/CVE-2024-54679.json new file mode 100644 index 00000000000..0f896f21e97 --- /dev/null +++ b/2024/54xxx/CVE-2024-54679.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2024-54679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cyberpanel.net/", + "refsource": "MISC", + "name": "https://cyberpanel.net/" + }, + { + "url": "https://github.com/usmannasir/cyberpanel/commit/6778ad1eaae41f72365da8fd021f9a60369600dc", + "refsource": "MISC", + "name": "https://github.com/usmannasir/cyberpanel/commit/6778ad1eaae41f72365da8fd021f9a60369600dc" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:L/S:U/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file