diff --git a/2023/26xxx/CVE-2023-26770.json b/2023/26xxx/CVE-2023-26770.json index 9b081ad6c62..3486530e7ed 100644 --- a/2023/26xxx/CVE-2023-26770.json +++ b/2023/26xxx/CVE-2023-26770.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-26770", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-26770", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/JordanKnott/taskcafe", + "refsource": "MISC", + "name": "https://github.com/JordanKnott/taskcafe" + }, + { + "refsource": "MISC", + "name": "https://bishopfox.com/blog/taskcafe-version-0-3-2-advisory", + "url": "https://bishopfox.com/blog/taskcafe-version-0-3-2-advisory" } ] } diff --git a/2023/26xxx/CVE-2023-26771.json b/2023/26xxx/CVE-2023-26771.json index 48c35f41db2..eeb2d06a875 100644 --- a/2023/26xxx/CVE-2023-26771.json +++ b/2023/26xxx/CVE-2023-26771.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-26771", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-26771", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the victim opens the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/JordanKnott/taskcafe", + "refsource": "MISC", + "name": "https://github.com/JordanKnott/taskcafe" + }, + { + "refsource": "MISC", + "name": "https://bishopfox.com/blog/taskcafe-version-0-3-2-advisory", + "url": "https://bishopfox.com/blog/taskcafe-version-0-3-2-advisory" } ] } diff --git a/2024/22xxx/CVE-2024-22188.json b/2024/22xxx/CVE-2024-22188.json index f188a7058d0..457864c7aad 100644 --- a/2024/22xxx/CVE-2024-22188.json +++ b/2024/22xxx/CVE-2024-22188.json @@ -52,11 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "https://typo3.org/help/security-advisories", - "refsource": "MISC", - "name": "https://typo3.org/help/security-advisories" - }, { "refsource": "MISC", "name": "https://typo3.org/security/advisory/typo3-core-sa-2024-002", diff --git a/2024/37xxx/CVE-2024-37818.json b/2024/37xxx/CVE-2024-37818.json index 092fd3a7948..247cf4a3cf0 100644 --- a/2024/37xxx/CVE-2024-37818.json +++ b/2024/37xxx/CVE-2024-37818.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive information via a crafted GET request." + "value": "** DISPUTED ** Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive information via a crafted GET request. NOTE: The Strapi Development Community argues that this issue is not valid. They contend that \"the strapi/admin was wrongly attributed a flaw that only pertains to the strapi.io website, and which, at the end of the day, does not pose any real SSRF risk to applications that make use of the Strapi library.\"" } ] }, diff --git a/2024/38xxx/CVE-2024-38040.json b/2024/38xxx/CVE-2024-38040.json index 4012cbdfc2d..5db434f2ab0 100644 --- a/2024/38xxx/CVE-2024-38040.json +++ b/2024/38xxx/CVE-2024-38040.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38040", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@esri.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2. 11.1, 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-73: External Control of File Name or Path", + "cweId": "CWE-73" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Esri", + "product": { + "product_data": [ + { + "product_name": "Portal", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.8.1" + }, + { + "version_affected": "=", + "version_value": "10.9.1" + }, + { + "version_affected": "=", + "version_value": "11.1" + }, + { + "version_affected": "=", + "version_value": "11.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released/", + "refsource": "MISC", + "name": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "BUG-000167984" + ], + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/44xxx/CVE-2024-44439.json b/2024/44xxx/CVE-2024-44439.json index 77262e7da53..722e0436390 100644 --- a/2024/44xxx/CVE-2024-44439.json +++ b/2024/44xxx/CVE-2024-44439.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-44439", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-44439", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.notion.so/f7da442e0f8a40fc846eea495dcdd329?pvs=4", + "refsource": "MISC", + "name": "https://www.notion.so/f7da442e0f8a40fc846eea495dcdd329?pvs=4" + }, + { + "refsource": "MISC", + "name": "https://smiling-lemonade-122.notion.site/f7da442e0f8a40fc846eea495dcdd329", + "url": "https://smiling-lemonade-122.notion.site/f7da442e0f8a40fc846eea495dcdd329" } ] } diff --git a/2024/46xxx/CVE-2024-46077.json b/2024/46xxx/CVE-2024-46077.json index e5df16a9cbd..396ab9fa2b6 100644 --- a/2024/46xxx/CVE-2024-46077.json +++ b/2024/46xxx/CVE-2024-46077.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-46077", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-46077", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the val-username, val-email, val-suggestions, val-digits and state_name parameters in travellers.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://packetstormsecurity.com", + "refsource": "MISC", + "name": "https://packetstormsecurity.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/n00bS3cLe4rner/CVE-s/blob/main/CVE-2024-46077.md", + "url": "https://github.com/n00bS3cLe4rner/CVE-s/blob/main/CVE-2024-46077.md" } ] } diff --git a/2024/46xxx/CVE-2024-46078.json b/2024/46xxx/CVE-2024-46078.json index 07f6c57ff48..64873bc959d 100644 --- a/2024/46xxx/CVE-2024-46078.json +++ b/2024/46xxx/CVE-2024-46078.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-46078", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-46078", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/n00bS3cLe4rner/CVE-s/blob/main/CVE-2024-46078.md", + "url": "https://github.com/n00bS3cLe4rner/CVE-s/blob/main/CVE-2024-46078.md" } ] } diff --git a/2024/9xxx/CVE-2024-9539.json b/2024/9xxx/CVE-2024-9539.json new file mode 100644 index 00000000000..f5fafc7e653 --- /dev/null +++ b/2024/9xxx/CVE-2024-9539.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9539", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9540.json b/2024/9xxx/CVE-2024-9540.json new file mode 100644 index 00000000000..a4bd29e27bf --- /dev/null +++ b/2024/9xxx/CVE-2024-9540.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9540", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9541.json b/2024/9xxx/CVE-2024-9541.json new file mode 100644 index 00000000000..55dc24cc646 --- /dev/null +++ b/2024/9xxx/CVE-2024-9541.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9541", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file