From 68eec73e6d4ccf37f6b528a8d3a07feaaf70bc3a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 19 Feb 2025 20:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/46xxx/CVE-2022-46283.json | 2 +- 2023/51xxx/CVE-2023-51297.json | 61 ++++++++++++++++++++++++++++++---- 2023/51xxx/CVE-2023-51298.json | 61 ++++++++++++++++++++++++++++++---- 2023/51xxx/CVE-2023-51299.json | 61 ++++++++++++++++++++++++++++++---- 2024/11xxx/CVE-2024-11146.json | 26 +++++++++++---- 2024/13xxx/CVE-2024-13890.json | 18 ++++++++++ 2025/1xxx/CVE-2025-1477.json | 18 ++++++++++ 2025/1xxx/CVE-2025-1478.json | 18 ++++++++++ 2025/1xxx/CVE-2025-1479.json | 18 ++++++++++ 9 files changed, 258 insertions(+), 25 deletions(-) create mode 100644 2024/13xxx/CVE-2024-13890.json create mode 100644 2025/1xxx/CVE-2025-1477.json create mode 100644 2025/1xxx/CVE-2025-1478.json create mode 100644 2025/1xxx/CVE-2025-1479.json diff --git a/2022/46xxx/CVE-2022-46283.json b/2022/46xxx/CVE-2022-46283.json index bd731935c01..7fcb9de04bf 100644 --- a/2022/46xxx/CVE-2022-46283.json +++ b/2022/46xxx/CVE-2022-46283.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "** REJECT ** This is Unused" + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused" } ] } diff --git a/2023/51xxx/CVE-2023-51297.json b/2023/51xxx/CVE-2023-51297.json index 9a24e2685ef..d5f924fe0e2 100644 --- a/2023/51xxx/CVE-2023-51297.json +++ b/2023/51xxx/CVE-2023-51297.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51297", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51297", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.phpjabbers.com/hotel-booking-system/#sectionDemo", + "refsource": "MISC", + "name": "https://www.phpjabbers.com/hotel-booking-system/#sectionDemo" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176486/PHPJabbers-Hotel-Booking-System-4.0-Missing-Rate-Limiting.html", + "url": "http://packetstormsecurity.com/files/176486/PHPJabbers-Hotel-Booking-System-4.0-Missing-Rate-Limiting.html" } ] } diff --git a/2023/51xxx/CVE-2023-51298.json b/2023/51xxx/CVE-2023-51298.json index 86566987a97..026aba90933 100644 --- a/2023/51xxx/CVE-2023-51298.json +++ b/2023/51xxx/CVE-2023-51298.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51298", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51298", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHPJabbers Event Booking Calendar v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.phpjabbers.com/event-booking-calendar/#sectionDemo", + "refsource": "MISC", + "name": "https://www.phpjabbers.com/event-booking-calendar/#sectionDemo" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176487/PHPJabbers-Event-Booking-Calendar-4.0-CSV-Injection.html", + "url": "http://packetstormsecurity.com/files/176487/PHPJabbers-Event-Booking-Calendar-4.0-CSV-Injection.html" } ] } diff --git a/2023/51xxx/CVE-2023-51299.json b/2023/51xxx/CVE-2023-51299.json index 5504528ac9b..ac63de4e98f 100644 --- a/2023/51xxx/CVE-2023-51299.json +++ b/2023/51xxx/CVE-2023-51299.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51299", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51299", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHPJabbers Hotel Booking System v4.0 is vulnerable to HTML Injection in the \"name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title\" parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.phpjabbers.com/hotel-booking-system/#sectionDemo", + "refsource": "MISC", + "name": "https://www.phpjabbers.com/hotel-booking-system/#sectionDemo" + }, + { + "refsource": "MISC", + "name": "https://packetstorm.news/files/id/176488", + "url": "https://packetstorm.news/files/id/176488" } ] } diff --git a/2024/11xxx/CVE-2024-11146.json b/2024/11xxx/CVE-2024-11146.json index c95e7927145..8b9d56c0f23 100644 --- a/2024/11xxx/CVE-2024-11146.json +++ b/2024/11xxx/CVE-2024-11146.json @@ -63,7 +63,7 @@ "status": "unaffected" } ], - "defaultStatus": "affected" + "defaultStatus": "unknown" } } ] @@ -78,19 +78,33 @@ "references": { "reference_data": [ { - "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-25-017-01.json", + "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-25-016-01.json", "refsource": "MISC", - "name": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-25-017-01.json" + "name": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-25-016-01.json" } ] }, + "credits": [ + { + "lang": "en", + "value": "[Alison Breacher](https://infosec.exchange/@abreacher)" + } + ], "impact": { "cvss": [ { - "baseScore": 7.3, - "baseSeverity": "HIGH", + "scope": "UNCHANGED", "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + "baseScore": 6.3, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "integrityImpact": "LOW", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "LOW", + "confidentialityImpact": "LOW" } ] } diff --git a/2024/13xxx/CVE-2024-13890.json b/2024/13xxx/CVE-2024-13890.json new file mode 100644 index 00000000000..e9dd9996308 --- /dev/null +++ b/2024/13xxx/CVE-2024-13890.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13890", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1477.json b/2025/1xxx/CVE-2025-1477.json new file mode 100644 index 00000000000..6837986528f --- /dev/null +++ b/2025/1xxx/CVE-2025-1477.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1477", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1478.json b/2025/1xxx/CVE-2025-1478.json new file mode 100644 index 00000000000..c23aed5e7c8 --- /dev/null +++ b/2025/1xxx/CVE-2025-1478.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1478", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1479.json b/2025/1xxx/CVE-2025-1479.json new file mode 100644 index 00000000000..e2bd7960fad --- /dev/null +++ b/2025/1xxx/CVE-2025-1479.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1479", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file