admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-22 22:00:31 +00:00
parent 8b27eb143b
commit 996a320c89
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
26 changed files with 1629 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
2024/10xxx/CVE-2024-10229.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10229",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "130.0.6723.69",
"version_value": "130.0.6723.69"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html"
},
{
"url": "https://issues.chromium.org/issues/371011220",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/371011220"
}
]
}

60
2024/10xxx/CVE-2024-10230.json
View File

@ -1,17 +1,69 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10230",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type Confusion",
"cweId": "CWE-843"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "130.0.6723.69",
"version_value": "130.0.6723.69"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html"
},
{
"url": "https://issues.chromium.org/issues/371565065",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/371565065"
}
]
}

60
2024/10xxx/CVE-2024-10231.json
View File

@ -1,17 +1,69 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10231",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type Confusion",
"cweId": "CWE-843"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "130.0.6723.69",
"version_value": "130.0.6723.69"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html"
},
{
"url": "https://issues.chromium.org/issues/372269618",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/372269618"
}
]
}

18
2024/10xxx/CVE-2024-10265.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10265",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/10xxx/CVE-2024-10266.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10266",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/10xxx/CVE-2024-10267.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10267",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

56
2024/26xxx/CVE-2024-26519.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-26519",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-26519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the /www/cgi-bin/nas.cgi component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://cybercx.com.au/blog/zero-day-rce-in-netcomm-ntc-221-industrial-iot-m2m-lte-4g-router/",
"url": "https://cybercx.com.au/blog/zero-day-rce-in-netcomm-ntc-221-industrial-iot-m2m-lte-4g-router/"
}
]
}

61
2024/31xxx/CVE-2024-31029.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-31029",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-31029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in the server_handle_regular function of the test_coap_server.c file within the FreeCoAP project allows remote attackers to cause a Denial of Service through specially crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/keith-cullen/FreeCoAP/issues/36",
"refsource": "MISC",
"name": "https://github.com/keith-cullen/FreeCoAP/issues/36"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/dqp10515/41ec400b7eecfcae7578d505598ab85f",
"url": "https://gist.github.com/dqp10515/41ec400b7eecfcae7578d505598ab85f"
}
]
}

61
2024/40xxx/CVE-2024-40493.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40493",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-40493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_payload(resp)` to return a null pointer, which is then dereferenced in a call to `memcpy`."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/keith-cullen/FreeCoAP/issues/37",
"refsource": "MISC",
"name": "https://github.com/keith-cullen/FreeCoAP/issues/37"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/dqp10515/fe80005e2fb58ed8ada178ac017e4ad4",
"url": "https://gist.github.com/dqp10515/fe80005e2fb58ed8ada178ac017e4ad4"
}
]
}

61
2024/40xxx/CVE-2024-40494.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40494",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-40494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/dqp10515/security/tree/main/FreeCoAP_bug",
"refsource": "MISC",
"name": "https://github.com/dqp10515/security/tree/main/FreeCoAP_bug"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/dqp10515/e9d7d663cb89187bfe7b39bb3aeb0113",
"url": "https://gist.github.com/dqp10515/e9d7d663cb89187bfe7b39bb3aeb0113"
}
]
}

214
2024/41xxx/CVE-2024-41717.json
View File

@ -1,17 +1,223 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41717",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kieback & Peter's DDC4000 series\u00a0is vulnerable to a path traversal vulnerability, which may allow an unauthenticated attacker to read files on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Path Traversal",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kieback & Peter",
"product": {
"product_data": [
{
"product_name": "DDC4040e",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.17.6"
}
]
}
}
]
}
},
{
"vendor_name": "Kieback&Peter",
"product": {
"product_data": [
{
"product_name": "DDC4020e",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.17.6"
}
]
}
},
{
"product_name": "DDC4400e",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.17.6"
}
]
}
},
{
"product_name": "DDC4200e",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.17.6"
}
]
}
},
{
"product_name": "DDC4002e",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.17.6"
}
]
}
},
{
"product_name": "DDC4400",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.12.14"
}
]
}
},
{
"product_name": "DDC4200-L",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.12.14"
}
]
}
},
{
"product_name": "DDC4200",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.12.14"
}
]
}
},
{
"product_name": "DDC4100",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.7.4"
}
]
}
},
{
"product_name": "DDC4002",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.12.14"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-291-05",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Kieback&amp;Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 \ncontrollers are considered End-of-Life (EOL) and are no longer \nsupported. Users operating these controllers should ensure they are \noperated in a strictly separate OT environment and consider updating to a\n supported controller.</p>\n<p>Kieback&amp;Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.</p>\n<p>Kieback&amp;Peter recommends all affected users contact their local \nKieback&amp;Peter office to update the firmware of the supported DDC \nsystems to v1.21.0 or later.</p>\n\n<br>"
}
],
"value": "Kieback&Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 \ncontrollers are considered End-of-Life (EOL) and are no longer \nsupported. Users operating these controllers should ensure they are \noperated in a strictly separate OT environment and consider updating to a\n supported controller.\n\n\nKieback&Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.\n\n\nKieback&Peter recommends all affected users contact their local \nKieback&Peter office to update the firmware of the supported DDC \nsystems to v1.21.0 or later."
}
],
"credits": [
{
"lang": "en",
"value": "Raphael Ruf of terreActive AG reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

56
2024/42xxx/CVE-2024-42643.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-42643",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-42643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Integer Overflow in fast_ping.c in SmartDNS Release46 allows remote attackers to cause a Denial of Service via misaligned memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/pymumu/smartdns/issues/1779",
"refsource": "MISC",
"name": "https://github.com/pymumu/smartdns/issues/1779"
}
]
}

207
2024/43xxx/CVE-2024-43698.json
View File

@ -1,17 +1,216 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43698",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kieback & Peter's DDC4000 series\u00a0uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1391 Use of Weak Credentials",
"cweId": "CWE-1391"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kieback&Peter",
"product": {
"product_data": [
{
"product_name": "DDC4040e",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.17.6"
}
]
}
},
{
"product_name": "DDC4020e",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.17.6"
}
]
}
},
{
"product_name": "DDC4400e",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.17.6"
}
]
}
},
{
"product_name": "DDC4200e",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.17.6"
}
]
}
},
{
"product_name": "DDC4002e",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.17.6"
}
]
}
},
{
"product_name": "DDC4400",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.12.14"
}
]
}
},
{
"product_name": "DDC4200-L",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.12.14"
}
]
}
},
{
"product_name": "DDC4200",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.12.14"
}
]
}
},
{
"product_name": "DDC4100",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.7.4"
}
]
}
},
{
"product_name": "DDC4002",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.12.14"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-291-05",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Kieback&amp;Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 \ncontrollers are considered End-of-Life (EOL) and are no longer \nsupported. Users operating these controllers should ensure they are \noperated in a strictly separate OT environment and consider updating to a\n supported controller.</p>\n<p>Kieback&amp;Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.</p>\n<p>Kieback&amp;Peter recommends all affected users contact their local \nKieback&amp;Peter office to update the firmware of the supported DDC \nsystems to v1.21.0 or later.</p>\n\n<br>"
}
],
"value": "Kieback&Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 \ncontrollers are considered End-of-Life (EOL) and are no longer \nsupported. Users operating these controllers should ensure they are \noperated in a strictly separate OT environment and consider updating to a\n supported controller.\n\n\nKieback&Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.\n\n\nKieback&Peter recommends all affected users contact their local \nKieback&Peter office to update the firmware of the supported DDC \nsystems to v1.21.0 or later."
}
],
"credits": [
{
"lang": "en",
"value": "Raphael Ruf of terreActive AG reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

207
2024/43xxx/CVE-2024-43812.json
View File

@ -1,17 +1,216 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43812",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kieback & Peter's DDC4000 series\u00a0has an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all users on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kieback&Peter",
"product": {
"product_data": [
{
"product_name": "DDC4040e",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.17.6"
}
]
}
},
{
"product_name": "DDC4020e",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.17.6"
}
]
}
},
{
"product_name": "DDC4400e",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.17.6"
}
]
}
},
{
"product_name": "DDC4200e",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.17.6"
}
]
}
},
{
"product_name": "DDC4002e",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.17.6"
}
]
}
},
{
"product_name": "DDC4400",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.12.14"
}
]
}
},
{
"product_name": "DDC4200-L",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.12.14"
}
]
}
},
{
"product_name": "DDC4200",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.12.14"
}
]
}
},
{
"product_name": "DDC4100",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.7.4"
}
]
}
},
{
"product_name": "DDC4002",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.12.14"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-291-05",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Kieback&amp;Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 \ncontrollers are considered End-of-Life (EOL) and are no longer \nsupported. Users operating these controllers should ensure they are \noperated in a strictly separate OT environment and consider updating to a\n supported controller.</p>\n<p>Kieback&amp;Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.</p>\n<p>Kieback&amp;Peter recommends all affected users contact their local \nKieback&amp;Peter office to update the firmware of the supported DDC \nsystems to v1.21.0 or later.</p>\n\n<br>"
}
],
"value": "Kieback&Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 \ncontrollers are considered End-of-Life (EOL) and are no longer \nsupported. Users operating these controllers should ensure they are \noperated in a strictly separate OT environment and consider updating to a\n supported controller.\n\n\nKieback&Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.\n\n\nKieback&Peter recommends all affected users contact their local \nKieback&Peter office to update the firmware of the supported DDC \nsystems to v1.21.0 or later."
}
],
"credits": [
{
"lang": "en",
"value": "Raphael Ruf of terreActive AG reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

61
2024/44xxx/CVE-2024-44331.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44331",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-44331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/dqp10515/security/tree/main/gst-rtsp-server_bug/bug1",
"refsource": "MISC",
"name": "https://github.com/dqp10515/security/tree/main/gst-rtsp-server_bug/bug1"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/dqp10515/c6a8879bebe92d8c74f7c52667fd3400",
"url": "https://gist.github.com/dqp10515/c6a8879bebe92d8c74f7c52667fd3400"
}
]
}

56
2024/44xxx/CVE-2024-44812.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44812",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-44812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/b1u3st0rm/CVE-2024-44812-PoC",
"url": "https://github.com/b1u3st0rm/CVE-2024-44812-PoC"
}
]
}

20
2024/45xxx/CVE-2024-45519.json
View File

@ -61,6 +61,26 @@
"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy",
"refsource": "MISC",
"name": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy"
},
{
"refsource": "MISC",
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes"
},
{
"refsource": "MISC",
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes"
},
{
"refsource": "MISC",
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes"
},
{
"refsource": "MISC",
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes"
}
]
},

56
2024/45xxx/CVE-2024-45526.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45526",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-45526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in OPC Foundation OPCFoundation/UA-.NETStandard through 1.5.374.78. A remote attacker can send requests with invalid credentials and cause the server performance to degrade gradually."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-45526.pdf",
"url": "https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-45526.pdf"
}
]
}

56
2024/46xxx/CVE-2024-46482.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46482",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-46482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .html or .svg file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/Asadiqbal2/Vulnerabilities-Research/tree/main/CVE-2024-46482",
"url": "https://github.com/Asadiqbal2/Vulnerabilities-Research/tree/main/CVE-2024-46482"
}
]
}

56
2024/46xxx/CVE-2024-46483.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46483",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-46483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to a heap overflow with attacker-controlled content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/kn32/cve-2024-46483",
"url": "https://github.com/kn32/cve-2024-46483"
}
]
}

4
2024/46xxx/CVE-2024-46914.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2024-46914",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

56
2024/48xxx/CVE-2024-48415.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48415",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-48415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/khaliquesX/CVE-2024-48415/blob/main/README.md",
"url": "https://github.com/khaliquesX/CVE-2024-48415/blob/main/README.md"
}
]
}

56
2024/48xxx/CVE-2024-48644.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48644",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-48644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera (Firmware Version v3.0.0.1889_23031701) allows remote attackers to determine valid user accounts via login attempts. This can lead to the enumeration of user accounts and potentially facilitate other attacks, such as brute-forcing of passwords. The vulnerability arises from the application responding differently to login attempts with valid and invalid usernames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/rosembergpro/CVE-2024-48644",
"url": "https://github.com/rosembergpro/CVE-2024-48644"
}
]
}

56
2024/48xxx/CVE-2024-48652.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48652",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-48652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/paragbagul111/CVE-2024-48652/",
"url": "https://github.com/paragbagul111/CVE-2024-48652/"
}
]
}

56
2024/48xxx/CVE-2024-48656.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48656",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-48656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/LeiPudd/Student-Management-System-v1.0-has-Cross-site-Scripting-XSS-",
"url": "https://github.com/LeiPudd/Student-Management-System-v1.0-has-Cross-site-Scripting-XSS-"
}
]
}

56
2024/48xxx/CVE-2024-48657.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48657",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-48657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/LeiPudd/Hospital-Management-System-v1.0-has-SQL-Injection-SQLDET-",
"url": "https://github.com/LeiPudd/Hospital-Management-System-v1.0-has-SQL-Injection-SQLDET-"
}
]
}