diff --git a/2021/4xxx/CVE-2021-4442.json b/2021/4xxx/CVE-2021-4442.json new file mode 100644 index 00000000000..5070b248bc2 --- /dev/null +++ b/2021/4xxx/CVE-2021-4442.json @@ -0,0 +1,135 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4442", + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: add sanity tests to TCP_QUEUE_SEQ\n\nQingyu Li reported a syzkaller bug where the repro\nchanges RCV SEQ _after_ restoring data in the receive queue.\n\nmprotect(0x4aa000, 12288, PROT_READ) = 0\nmmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000\nmmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000\nmmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000\nsocket(AF_INET6, SOCK_STREAM, IPPROTO_IP) = 3\nsetsockopt(3, SOL_TCP, TCP_REPAIR, [1], 4) = 0\nconnect(3, {sa_family=AF_INET6, sin6_port=htons(0), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, \"::1\", &sin6_addr), sin6_scope_id=0}, 28) = 0\nsetsockopt(3, SOL_TCP, TCP_REPAIR_QUEUE, [1], 4) = 0\nsendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=\"0x0000000000000003\\0\\0\", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 20\nsetsockopt(3, SOL_TCP, TCP_REPAIR, [0], 4) = 0\nsetsockopt(3, SOL_TCP, TCP_QUEUE_SEQ, [128], 4) = 0\nrecvfrom(3, NULL, 20, 0, NULL, NULL) = -1 ECONNRESET (Connection reset by peer)\n\nsyslog shows:\n[ 111.205099] TCP recvmsg seq # bug 2: copied 80, seq 0, rcvnxt 80, fl 0\n[ 111.207894] WARNING: CPU: 1 PID: 356 at net/ipv4/tcp.c:2343 tcp_recvmsg_locked+0x90e/0x29a0\n\nThis should not be allowed. TCP_QUEUE_SEQ should only be used\nwhen queues are empty.\n\nThis patch fixes this case, and the tx path as well." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "ee9952831cfd", + "version_value": "319f460237fc" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "3.5", + "status": "affected" + }, + { + "version": "0", + "lessThan": "3.5", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.181", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.106", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.24", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.11.7", + "lessThanOrEqual": "5.11.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/319f460237fc2965a80aa9a055044e1da7b3692a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/319f460237fc2965a80aa9a055044e1da7b3692a" + }, + { + "url": "https://git.kernel.org/stable/c/3bf899438c123c444f6b644a57784dfbb6b15ad6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3bf899438c123c444f6b644a57784dfbb6b15ad6" + }, + { + "url": "https://git.kernel.org/stable/c/046f3c1c2ff450fb7ae53650e9a95e0074a61f3e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/046f3c1c2ff450fb7ae53650e9a95e0074a61f3e" + }, + { + "url": "https://git.kernel.org/stable/c/3b72d5a703842f582502d97906f17d6ee122dac2", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3b72d5a703842f582502d97906f17d6ee122dac2" + }, + { + "url": "https://git.kernel.org/stable/c/8811f4a9836e31c14ecdf79d9f3cb7c5d463265d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8811f4a9836e31c14ecdf79d9f3cb7c5d463265d" + } + ] + }, + "generator": { + "engine": "bippy-c9c4e1df01b2" + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29723.json b/2024/29xxx/CVE-2024-29723.json index 5242e6ca722..f294eae2ff4 100644 --- a/2024/29xxx/CVE-2024-29723.json +++ b/2024/29xxx/CVE-2024-29723.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/conexiones/ax/openTracExt/, parameter categoria;." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SportsNET", + "product": { + "product_data": [ + { + "product_name": "SportsNET", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No solution reported at this time." + } + ], + "value": "No solution reported at this time." + } + ], + "credits": [ + { + "lang": "en", + "value": "https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-sportsnet" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29724.json b/2024/29xxx/CVE-2024-29724.json index b8f18ac5644..4eb68ba496f 100644 --- a/2024/29xxx/CVE-2024-29724.json +++ b/2024/29xxx/CVE-2024-29724.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29724", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/ax/registerSp/, parameter idDesafio." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SportsNET", + "product": { + "product_data": [ + { + "product_name": "SportsNET", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No solution reported at this time." + } + ], + "value": "No solution reported at this time." + } + ], + "credits": [ + { + "lang": "en", + "value": "https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-sportsnet" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29725.json b/2024/29xxx/CVE-2024-29725.json index 07a95317aea..5632e886a73 100644 --- a/2024/29xxx/CVE-2024-29725.json +++ b/2024/29xxx/CVE-2024-29725.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29725", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sort_bloques/, parameter list." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SportsNET", + "product": { + "product_data": [ + { + "product_name": "SportsNET", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No solution reported at this time." + } + ], + "value": "No solution reported at this time." + } + ], + "credits": [ + { + "lang": "en", + "value": "https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-sportsnet" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29726.json b/2024/29xxx/CVE-2024-29726.json index 42d360e6ec7..6183ece17ea 100644 --- a/2024/29xxx/CVE-2024-29726.json +++ b/2024/29xxx/CVE-2024-29726.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29726", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/setAsRead/, parameter id." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SportsNET", + "product": { + "product_data": [ + { + "product_name": "SportsNET", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No solution reported at this time." + } + ], + "value": "No solution reported at this time." + } + ], + "credits": [ + { + "lang": "en", + "value": "https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-sportsnet" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29727.json b/2024/29xxx/CVE-2024-29727.json index 032a81ca207..ca5b69b7133 100644 --- a/2024/29xxx/CVE-2024-29727.json +++ b/2024/29xxx/CVE-2024-29727.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29727", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sendParticipationRemember/ , parameter send." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SportsNET", + "product": { + "product_data": [ + { + "product_name": "SportsNET", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No solution reported at this time." + } + ], + "value": "No solution reported at this time." + } + ], + "credits": [ + { + "lang": "en", + "value": "https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-sportsnet" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29728.json b/2024/29xxx/CVE-2024-29728.json index 4a773ec4d16..0f65fcdf53a 100644 --- a/2024/29xxx/CVE-2024-29728.json +++ b/2024/29xxx/CVE-2024-29728.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29728", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/inscribeUsuario/ , parameter idDesafio." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SportsNET", + "product": { + "product_data": [ + { + "product_name": "SportsNET", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No solution reported at this time." + } + ], + "value": "No solution reported at this time." + } + ], + "credits": [ + { + "lang": "en", + "value": "https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-sportsnet" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29729.json b/2024/29xxx/CVE-2024-29729.json index 06b5d5cc8f0..20320de80cd 100644 --- a/2024/29xxx/CVE-2024-29729.json +++ b/2024/29xxx/CVE-2024-29729.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29729", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/generateShortURL/, parameter url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SportsNET", + "product": { + "product_data": [ + { + "product_name": "SportsNET", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No solution reported at this time." + } + ], + "value": "No solution reported at this time." + } + ], + "credits": [ + { + "lang": "en", + "value": "https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-sportsnet" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29730.json b/2024/29xxx/CVE-2024-29730.json index ef68cb94c2d..6c0d5d19043 100644 --- a/2024/29xxx/CVE-2024-29730.json +++ b/2024/29xxx/CVE-2024-29730.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29730", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query:\u00a0 https://XXXXXXX.saludydesafio.com/app/ax/consejoRandom/ , parameter idCat;." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SportsNET", + "product": { + "product_data": [ + { + "product_name": "SportsNET", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No solution reported at this time." + } + ], + "value": "No solution reported at this time." + } + ], + "credits": [ + { + "lang": "en", + "value": "https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-sportsnet" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29731.json b/2024/29xxx/CVE-2024-29731.json index e43d9ac741f..748e866750b 100644 --- a/2024/29xxx/CVE-2024-29731.json +++ b/2024/29xxx/CVE-2024-29731.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29731", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query:\u00a0 https://XXXXXXX.saludydesafio.com/app/ax/checkBlindFields/ , parameters idChallenge and idEmpresa." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SportsNET", + "product": { + "product_data": [ + { + "product_name": "SportsNET", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No solution reported at this time." + } + ], + "value": "No solution reported at this time." + } + ], + "credits": [ + { + "lang": "en", + "value": "https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-sportsnet" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/43xxx/CVE-2024-43986.json b/2024/43xxx/CVE-2024-43986.json index 226810311cd..c00a73c4ae6 100644 --- a/2024/43xxx/CVE-2024-43986.json +++ b/2024/43xxx/CVE-2024-43986.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-43986", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Stored XSS.This issue affects Taxi Booking Manager for WooCommerce: through 1.0.9." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MagePeople Team", + "product": { + "product_data": [ + { + "product_name": "Taxi Booking Manager for WooCommerce", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.1.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.0.9", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/ecab-taxi-booking-manager/wordpress-e-cab-taxi-booking-manager-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/ecab-taxi-booking-manager/wordpress-e-cab-taxi-booking-manager-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.1.0 or a higher version." + } + ], + "value": "Update to 1.1.0 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Sharanabasappa (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/8xxx/CVE-2024-8306.json b/2024/8xxx/CVE-2024-8306.json new file mode 100644 index 00000000000..589093d8793 --- /dev/null +++ b/2024/8xxx/CVE-2024-8306.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8306", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file