admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-17 22:00:34 +00:00
parent 81c70f29c6
commit 8a642d6f7e
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 367 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
2020/10xxx/CVE-2020-10136.json
View File

@ -1,24 +1,32 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2020-10136",
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2020-06-01T00:00:00.000Z",
"TITLE": "Decapsulation and routing of unidentified IP-in-IP traffic allows a remote, unauthenticated attacker to route arbitrary network traffic",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"VU#636397"
],
"advisory": "VU#636397",
"discovery": "EXTERNAL"
"description": {
"description_data": [
{
"lang": "eng",
"value": "IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290 Authentication Bypass by Spoofing",
"cweId": "CWE-290"
}
]
}
]
},
"affects": {
"vendor": {
@ -32,10 +40,8 @@
"version": {
"version_data": [
{
"version_name": "STD 1",
"version_affected": "=",
"version_value": "STD 1",
"platform": ""
"version_value": "STD 1"
}
]
}
@ -46,83 +52,56 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-19 Data Processing Errors"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access control bypass, and other unexpected network behaviors."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/636397/",
"name": "VU#636397"
"refsource": "MISC",
"name": "https://kb.cert.org/vuls/id/636397/"
},
{
"refsource": "MISC",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4",
"refsource": "MISC",
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4"
},
{
"refsource": "MISC",
"url": "https://www.digi.com/resources/security",
"refsource": "MISC",
"name": "https://www.digi.com/resources/security"
},
{
"refsource": "CERT-VN",
"name": "VU#636397",
"url": "https://www.kb.cert.org/vuls/id/636397"
"url": "https://www.kb.cert.org/vuls/id/636397",
"refsource": "MISC",
"name": "https://www.kb.cert.org/vuls/id/636397"
},
{
"url": "https://datatracker.ietf.org/doc/html/rfc6169",
"refsource": "MISC",
"name": "https://datatracker.ietf.org/doc/html/rfc6169"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
"generator": {
"engine": "cveClient/1.0.15"
},
"source": {
"discovery": "EXTERNAL"
},
"exploit": [],
"work_around": [
{
"lang": "eng",
"lang": "en",
"value": "Users can block IP-in-IP packets by filtering IP protocol number 4. Note this filtering is for the IPv4 Protocol (or IPv6 Next Header) field value of 4 and not IP protocol version 4 (IPv4)."
}
],
"solution": [
{
"lang": "eng",
"lang": "en",
"value": "Customers should apply the latest patch provided by the affected vendor that addresses this issue and prevents unspecified IP-in-IP packets from being processed. Devices manufacturers are urged to disable IP-in-IP in their default configuration and require their customers to explicitly configure IP-in-IP as and when needed."
}
],
"credit": [
"credits": [
{
"lang": "eng",
"lang": "en",
"value": "Thanks to Yannay Livneh for reporting this issue."
}
]

100
2024/6xxx/CVE-2024-6065.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6065",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268793 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in itsourcecode Bakery Online Ordering System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei index.php. Durch Manipulieren des Arguments user_email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "itsourcecode",
"product": {
"product_data": [
{
"product_name": "Bakery Online Ordering System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.268793",
"refsource": "MISC",
"name": "https://vuldb.com/?id.268793"
},
{
"url": "https://vuldb.com/?ctiid.268793",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.268793"
},
{
"url": "https://vuldb.com/?submit.358386",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.358386"
},
{
"url": "https://github.com/ppp-src/CVE/issues/4",
"refsource": "MISC",
"name": "https://github.com/ppp-src/CVE/issues/4"
}
]
},
"credits": [
{
"lang": "en",
"value": "polaris0x1 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

100
2024/6xxx/CVE-2024-6066.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6066",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268794 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in SourceCodester Best House Rental Management System 1.0 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei payment_report.php. Durch das Beeinflussen des Arguments month_of mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Best House Rental Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.268794",
"refsource": "MISC",
"name": "https://vuldb.com/?id.268794"
},
{
"url": "https://vuldb.com/?ctiid.268794",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.268794"
},
{
"url": "https://vuldb.com/?submit.358439",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.358439"
},
{
"url": "https://github.com/jadu101/CVE/blob/main/SourceCodester_House_Rental_Management_System_Sqli.md",
"refsource": "MISC",
"name": "https://github.com/jadu101/CVE/blob/main/SourceCodester_House_Rental_Management_System_Sqli.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "jadu101 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

100
2024/6xxx/CVE-2024-6067.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6067",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in SourceCodester Music Class Enrollment System 1.0. Affected by this vulnerability is an unknown functionality of the file /mces/?p=class/view_class. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268795."
},
{
"lang": "deu",
"value": "In SourceCodester Music Class Enrollment System 1.0 wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /mces/?p=class/view_class. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Music Class Enrollment System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.268795",
"refsource": "MISC",
"name": "https://vuldb.com/?id.268795"
},
{
"url": "https://vuldb.com/?ctiid.268795",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.268795"
},
{
"url": "https://vuldb.com/?submit.358566",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.358566"
},
{
"url": "https://github.com/jadu101/CVE/blob/main/SourceCodester-Musical-Class-Enrollment-System-SQLi.md",
"refsource": "MISC",
"name": "https://github.com/jadu101/CVE/blob/main/SourceCodester-Musical-Class-Enrollment-System-SQLi.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "jadu101 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

18
2024/6xxx/CVE-2024-6098.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6098",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/6xxx/CVE-2024-6099.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6099",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}