A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim.
\nCombining these 2 vulnerabilities together, an attacker is able to upload malicious Power BI templates files to the server using the victim's session and run scripts in the security context of the user and perform privilege escalation in case the victim has admin privileges when the victim access one of the HTML files present in the malicious Power BI template uploaded.
\nThe security update addresses the vulnerability by helping to ensure that Power BI Report Server properly sanitize file uploads.
\n" + "value": "A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim.\nCombining these 2 vulnerabilities together, an attacker is able to upload malicious Power BI templates files to the server using the victim's session and run scripts in the security context of the user and perform privilege escalation in case the victim has admin privileges when the victim access one of the HTML files present in the malicious Power BI template uploaded.\nThe security update addresses the vulnerability by helping to ensure that Power BI Report Server properly sanitize file uploads.\n" } ] }, diff --git a/2021/42xxx/CVE-2021-42306.json b/2021/42xxx/CVE-2021-42306.json index 884ab8343bf..abe1bd10d5f 100644 --- a/2021/42xxx/CVE-2021-42306.json +++ b/2021/42xxx/CVE-2021-42306.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential\u202f on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application.
\nAzure AD\u202faddressed this vulnerability by preventing disclosure of any private key\u202fvalues added\u202fto the application.
\nMicrosoft has identified services that could manifest this vulnerability, and steps that customers should take to be protected. Refer to the FAQ section for more information.
\nFor more details on this issue, please refer to the MSRC Blog Entry.
\n" + "value": "An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential\u202f on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application.\nAzure AD\u202faddressed this vulnerability by preventing disclosure of any private key\u202fvalues added\u202fto the application.\nMicrosoft has identified services that could manifest this vulnerability, and steps that customers should take to be protected. Refer to the FAQ section for more information.\nFor more details on this issue, please refer to the MSRC Blog Entry.\n" } ] }, diff --git a/2023/0xxx/CVE-2023-0841.json b/2023/0xxx/CVE-2023-0841.json index 40f27ec64f2..707bd76911a 100644 --- a/2023/0xxx/CVE-2023-0841.json +++ b/2023/0xxx/CVE-2023-0841.json @@ -72,6 +72,26 @@ "url": "https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3", "refsource": "MISC", "name": "https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3" + }, + { + "url": "https://github.com/advisories/GHSA-w52x-cp47-xhhw", + "refsource": "MISC", + "name": "https://github.com/advisories/GHSA-w52x-cp47-xhhw" + }, + { + "url": "https://github.com/gpac/gpac/releases/tag/v2.2.1", + "refsource": "MISC", + "name": "https://github.com/gpac/gpac/releases/tag/v2.2.1" + }, + { + "url": "https://github.com/gpac/gpac/commit/851560e3dc8155d45ace4b0d77421f241ed71dc4", + "refsource": "MISC", + "name": "https://github.com/gpac/gpac/commit/851560e3dc8155d45ace4b0d77421f241ed71dc4" + }, + { + "url": "https://github.com/gpac/gpac/issues/2396", + "refsource": "MISC", + "name": "https://github.com/gpac/gpac/issues/2396" } ] }, diff --git a/2023/30xxx/CVE-2023-30313.json b/2023/30xxx/CVE-2023-30313.json index b15b6b7bb29..238a756cd7d 100644 --- a/2023/30xxx/CVE-2023-30313.json +++ b/2023/30xxx/CVE-2023-30313.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-30313", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-30313", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue discovered in Wavlink QUANTUM D2G routers allows attackers to hijack TCP sessions which could lead to a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.ndss-symposium.org/ndss-paper/exploiting-sequence-number-leakage-tcp-hijacking-in-nat-enabled-wi-fi-networks/", + "url": "https://www.ndss-symposium.org/ndss-paper/exploiting-sequence-number-leakage-tcp-hijacking-in-nat-enabled-wi-fi-networks/" } ] } diff --git a/2023/52xxx/CVE-2023-52474.json b/2023/52xxx/CVE-2023-52474.json index b8bbd117e10..09c2c5a43d0 100644 --- a/2023/52xxx/CVE-2023-52474.json +++ b/2023/52xxx/CVE-2023-52474.json @@ -141,6 +141,6 @@ ] }, "generator": { - "engine": "bippy-b01c2a820106" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52475.json b/2023/52xxx/CVE-2023-52475.json index ffbbd2c49a1..4e3fd983857 100644 --- a/2023/52xxx/CVE-2023-52475.json +++ b/2023/52xxx/CVE-2023-52475.json @@ -153,6 +153,6 @@ ] }, "generator": { - "engine": "bippy-c298863b1525" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52476.json b/2023/52xxx/CVE-2023-52476.json index b1709712252..223f838f6db 100644 --- a/2023/52xxx/CVE-2023-52476.json +++ b/2023/52xxx/CVE-2023-52476.json @@ -109,6 +109,6 @@ ] }, "generator": { - "engine": "bippy-c298863b1525" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52477.json b/2023/52xxx/CVE-2023-52477.json index 996dc5b026a..fdc1af16e35 100644 --- a/2023/52xxx/CVE-2023-52477.json +++ b/2023/52xxx/CVE-2023-52477.json @@ -153,6 +153,6 @@ ] }, "generator": { - "engine": "bippy-c298863b1525" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52478.json b/2023/52xxx/CVE-2023-52478.json index ed4f791beb2..1e672821cf3 100644 --- a/2023/52xxx/CVE-2023-52478.json +++ b/2023/52xxx/CVE-2023-52478.json @@ -153,6 +153,6 @@ ] }, "generator": { - "engine": "bippy-c298863b1525" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52479.json b/2023/52xxx/CVE-2023-52479.json index 0f03a15f77d..e55c1e342d5 100644 --- a/2023/52xxx/CVE-2023-52479.json +++ b/2023/52xxx/CVE-2023-52479.json @@ -109,6 +109,6 @@ ] }, "generator": { - "engine": "bippy-c298863b1525" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52480.json b/2023/52xxx/CVE-2023-52480.json index 512392590df..c64c2a59506 100644 --- a/2023/52xxx/CVE-2023-52480.json +++ b/2023/52xxx/CVE-2023-52480.json @@ -109,6 +109,6 @@ ] }, "generator": { - "engine": "bippy-c298863b1525" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52481.json b/2023/52xxx/CVE-2023-52481.json index 79d4544ade8..652a9020ec7 100644 --- a/2023/52xxx/CVE-2023-52481.json +++ b/2023/52xxx/CVE-2023-52481.json @@ -98,6 +98,6 @@ ] }, "generator": { - "engine": "bippy-c298863b1525" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52482.json b/2023/52xxx/CVE-2023-52482.json index 69d56dd8ec0..7c43b764a98 100644 --- a/2023/52xxx/CVE-2023-52482.json +++ b/2023/52xxx/CVE-2023-52482.json @@ -120,6 +120,6 @@ ] }, "generator": { - "engine": "bippy-d175d3acf727" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52483.json b/2023/52xxx/CVE-2023-52483.json index 2cb6725845b..055e684ffeb 100644 --- a/2023/52xxx/CVE-2023-52483.json +++ b/2023/52xxx/CVE-2023-52483.json @@ -119,6 +119,6 @@ ] }, "generator": { - "engine": "bippy-c298863b1525" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52484.json b/2023/52xxx/CVE-2023-52484.json index 5e39967e884..96e02e2f2a6 100644 --- a/2023/52xxx/CVE-2023-52484.json +++ b/2023/52xxx/CVE-2023-52484.json @@ -109,6 +109,6 @@ ] }, "generator": { - "engine": "bippy-c298863b1525" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52485.json b/2023/52xxx/CVE-2023-52485.json index f2bbf586209..745563a266b 100644 --- a/2023/52xxx/CVE-2023-52485.json +++ b/2023/52xxx/CVE-2023-52485.json @@ -87,6 +87,6 @@ ] }, "generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52486.json b/2023/52xxx/CVE-2023-52486.json index 08b8dd2aa19..8306a3eff8e 100644 --- a/2023/52xxx/CVE-2023-52486.json +++ b/2023/52xxx/CVE-2023-52486.json @@ -153,6 +153,6 @@ ] }, "generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52487.json b/2023/52xxx/CVE-2023-52487.json index 23b3abad197..bba681b1247 100644 --- a/2023/52xxx/CVE-2023-52487.json +++ b/2023/52xxx/CVE-2023-52487.json @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52488.json b/2023/52xxx/CVE-2023-52488.json index 8b443635781..6fb6c0d954c 100644 --- a/2023/52xxx/CVE-2023-52488.json +++ b/2023/52xxx/CVE-2023-52488.json @@ -141,6 +141,6 @@ ] }, "generator": { - "engine": "bippy-d175d3acf727" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52489.json b/2023/52xxx/CVE-2023-52489.json index e24e3c78825..c5d8febfb66 100644 --- a/2023/52xxx/CVE-2023-52489.json +++ b/2023/52xxx/CVE-2023-52489.json @@ -141,6 +141,6 @@ ] }, "generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52490.json b/2023/52xxx/CVE-2023-52490.json index 37dc32de648..9be319f12c4 100644 --- a/2023/52xxx/CVE-2023-52490.json +++ b/2023/52xxx/CVE-2023-52490.json @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52491.json b/2023/52xxx/CVE-2023-52491.json index 05847585760..868c0d4b705 100644 --- a/2023/52xxx/CVE-2023-52491.json +++ b/2023/52xxx/CVE-2023-52491.json @@ -141,6 +141,6 @@ ] }, "generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52492.json b/2023/52xxx/CVE-2023-52492.json index 69c455ee70e..5dde75f0820 100644 --- a/2023/52xxx/CVE-2023-52492.json +++ b/2023/52xxx/CVE-2023-52492.json @@ -141,6 +141,6 @@ ] }, "generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52493.json b/2023/52xxx/CVE-2023-52493.json index d5469fca206..bb3fb3e91be 100644 --- a/2023/52xxx/CVE-2023-52493.json +++ b/2023/52xxx/CVE-2023-52493.json @@ -141,6 +141,6 @@ ] }, "generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52494.json b/2023/52xxx/CVE-2023-52494.json index c4507d37df9..1cca948d677 100644 --- a/2023/52xxx/CVE-2023-52494.json +++ b/2023/52xxx/CVE-2023-52494.json @@ -130,6 +130,6 @@ ] }, "generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52495.json b/2023/52xxx/CVE-2023-52495.json index 400f75725c8..af126dbaa58 100644 --- a/2023/52xxx/CVE-2023-52495.json +++ b/2023/52xxx/CVE-2023-52495.json @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52497.json b/2023/52xxx/CVE-2023-52497.json index 1aa35bdc24e..7f4ba0088a3 100644 --- a/2023/52xxx/CVE-2023-52497.json +++ b/2023/52xxx/CVE-2023-52497.json @@ -141,6 +141,6 @@ ] }, "generator": { - "engine": "bippy-5f0117140d9a" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52498.json b/2023/52xxx/CVE-2023-52498.json index 59d4d1d5e3a..21ae58a43a9 100644 --- a/2023/52xxx/CVE-2023-52498.json +++ b/2023/52xxx/CVE-2023-52498.json @@ -131,6 +131,6 @@ ] }, "generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52499.json b/2023/52xxx/CVE-2023-52499.json index 49f974faf10..ce03d2a965d 100644 --- a/2023/52xxx/CVE-2023-52499.json +++ b/2023/52xxx/CVE-2023-52499.json @@ -119,6 +119,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52500.json b/2023/52xxx/CVE-2023-52500.json index 2695a35e301..e7d9c72282e 100644 --- a/2023/52xxx/CVE-2023-52500.json +++ b/2023/52xxx/CVE-2023-52500.json @@ -120,6 +120,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52501.json b/2023/52xxx/CVE-2023-52501.json index 760b337bc67..7d9ffb6b027 100644 --- a/2023/52xxx/CVE-2023-52501.json +++ b/2023/52xxx/CVE-2023-52501.json @@ -120,6 +120,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52502.json b/2023/52xxx/CVE-2023-52502.json index fe5b3dadf16..44db375e72a 100644 --- a/2023/52xxx/CVE-2023-52502.json +++ b/2023/52xxx/CVE-2023-52502.json @@ -152,6 +152,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52503.json b/2023/52xxx/CVE-2023-52503.json index 919dae32c80..d4b2cf852b6 100644 --- a/2023/52xxx/CVE-2023-52503.json +++ b/2023/52xxx/CVE-2023-52503.json @@ -130,6 +130,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52504.json b/2023/52xxx/CVE-2023-52504.json index 9d211c1a3eb..b22c6d5e063 100644 --- a/2023/52xxx/CVE-2023-52504.json +++ b/2023/52xxx/CVE-2023-52504.json @@ -152,6 +152,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52505.json b/2023/52xxx/CVE-2023-52505.json index a42cdd138a6..2267d8b67fd 100644 --- a/2023/52xxx/CVE-2023-52505.json +++ b/2023/52xxx/CVE-2023-52505.json @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52506.json b/2023/52xxx/CVE-2023-52506.json index beb237e08f1..5d6081a334b 100644 --- a/2023/52xxx/CVE-2023-52506.json +++ b/2023/52xxx/CVE-2023-52506.json @@ -98,6 +98,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52507.json b/2023/52xxx/CVE-2023-52507.json index e9a2e126bae..d4bf0e4e8f6 100644 --- a/2023/52xxx/CVE-2023-52507.json +++ b/2023/52xxx/CVE-2023-52507.json @@ -163,6 +163,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52508.json b/2023/52xxx/CVE-2023-52508.json index d2c449fc237..57d89cfd01e 100644 --- a/2023/52xxx/CVE-2023-52508.json +++ b/2023/52xxx/CVE-2023-52508.json @@ -98,6 +98,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52509.json b/2023/52xxx/CVE-2023-52509.json index f4a35f23746..47131a6626f 100644 --- a/2023/52xxx/CVE-2023-52509.json +++ b/2023/52xxx/CVE-2023-52509.json @@ -141,6 +141,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52510.json b/2023/52xxx/CVE-2023-52510.json index d6b07ed2a12..d18d457a0ab 100644 --- a/2023/52xxx/CVE-2023-52510.json +++ b/2023/52xxx/CVE-2023-52510.json @@ -163,6 +163,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52511.json b/2023/52xxx/CVE-2023-52511.json index 2448bb1554f..ac5b6fe594d 100644 --- a/2023/52xxx/CVE-2023-52511.json +++ b/2023/52xxx/CVE-2023-52511.json @@ -109,6 +109,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52512.json b/2023/52xxx/CVE-2023-52512.json index 8aab17cc231..696bf5b054f 100644 --- a/2023/52xxx/CVE-2023-52512.json +++ b/2023/52xxx/CVE-2023-52512.json @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52513.json b/2023/52xxx/CVE-2023-52513.json index 3370718f9be..043f870416f 100644 --- a/2023/52xxx/CVE-2023-52513.json +++ b/2023/52xxx/CVE-2023-52513.json @@ -141,6 +141,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52515.json b/2023/52xxx/CVE-2023-52515.json index bf4a51b0c60..567150d7848 100644 --- a/2023/52xxx/CVE-2023-52515.json +++ b/2023/52xxx/CVE-2023-52515.json @@ -130,6 +130,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52516.json b/2023/52xxx/CVE-2023-52516.json index 3c82db55bda..b5a4807655b 100644 --- a/2023/52xxx/CVE-2023-52516.json +++ b/2023/52xxx/CVE-2023-52516.json @@ -120,6 +120,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52517.json b/2023/52xxx/CVE-2023-52517.json index a34013a5621..fd515c10ada 100644 --- a/2023/52xxx/CVE-2023-52517.json +++ b/2023/52xxx/CVE-2023-52517.json @@ -109,6 +109,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52518.json b/2023/52xxx/CVE-2023-52518.json index 3c380f70690..ec67074fe13 100644 --- a/2023/52xxx/CVE-2023-52518.json +++ b/2023/52xxx/CVE-2023-52518.json @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52519.json b/2023/52xxx/CVE-2023-52519.json index 0c06e6c27bd..ba3aa2c0835 100644 --- a/2023/52xxx/CVE-2023-52519.json +++ b/2023/52xxx/CVE-2023-52519.json @@ -119,6 +119,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52520.json b/2023/52xxx/CVE-2023-52520.json index 523f98fe4c4..a1336d4d7e1 100644 --- a/2023/52xxx/CVE-2023-52520.json +++ b/2023/52xxx/CVE-2023-52520.json @@ -119,6 +119,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52522.json b/2023/52xxx/CVE-2023-52522.json index 01c90aaccd8..c8d858c5cc8 100644 --- a/2023/52xxx/CVE-2023-52522.json +++ b/2023/52xxx/CVE-2023-52522.json @@ -141,6 +141,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52523.json b/2023/52xxx/CVE-2023-52523.json index 6852c24edfa..618c998a467 100644 --- a/2023/52xxx/CVE-2023-52523.json +++ b/2023/52xxx/CVE-2023-52523.json @@ -119,6 +119,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52524.json b/2023/52xxx/CVE-2023-52524.json index 4473efe1f88..08b8ab5eed7 100644 --- a/2023/52xxx/CVE-2023-52524.json +++ b/2023/52xxx/CVE-2023-52524.json @@ -161,6 +161,6 @@ ] }, "generator": { - "engine": "bippy-851b3ed3d212" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52525.json b/2023/52xxx/CVE-2023-52525.json index f42893e686d..79edc19fb20 100644 --- a/2023/52xxx/CVE-2023-52525.json +++ b/2023/52xxx/CVE-2023-52525.json @@ -167,6 +167,6 @@ ] }, "generator": { - "engine": "bippy-5f0117140d9a" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52526.json b/2023/52xxx/CVE-2023-52526.json index 27f5b985c4e..a84752ebf93 100644 --- a/2023/52xxx/CVE-2023-52526.json +++ b/2023/52xxx/CVE-2023-52526.json @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52527.json b/2023/52xxx/CVE-2023-52527.json index 4ce745ad14f..1c075c20ad7 100644 --- a/2023/52xxx/CVE-2023-52527.json +++ b/2023/52xxx/CVE-2023-52527.json @@ -163,6 +163,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52528.json b/2023/52xxx/CVE-2023-52528.json index 40af8060de4..e13443a0d67 100644 --- a/2023/52xxx/CVE-2023-52528.json +++ b/2023/52xxx/CVE-2023-52528.json @@ -163,6 +163,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52529.json b/2023/52xxx/CVE-2023-52529.json index 031ba379eb5..5da47e3d90a 100644 --- a/2023/52xxx/CVE-2023-52529.json +++ b/2023/52xxx/CVE-2023-52529.json @@ -119,6 +119,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52530.json b/2023/52xxx/CVE-2023-52530.json index 9357cfbcd6f..1fabc84d447 100644 --- a/2023/52xxx/CVE-2023-52530.json +++ b/2023/52xxx/CVE-2023-52530.json @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52531.json b/2023/52xxx/CVE-2023-52531.json index 35d48c1ab8a..6f9fd057763 100644 --- a/2023/52xxx/CVE-2023-52531.json +++ b/2023/52xxx/CVE-2023-52531.json @@ -119,6 +119,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52532.json b/2023/52xxx/CVE-2023-52532.json index 2db86f5c5ec..72589110053 100644 --- a/2023/52xxx/CVE-2023-52532.json +++ b/2023/52xxx/CVE-2023-52532.json @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52559.json b/2023/52xxx/CVE-2023-52559.json index d46fc28faee..c971f11aad0 100644 --- a/2023/52xxx/CVE-2023-52559.json +++ b/2023/52xxx/CVE-2023-52559.json @@ -119,6 +119,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52560.json b/2023/52xxx/CVE-2023-52560.json index 71439c0ba44..b55005a727c 100644 --- a/2023/52xxx/CVE-2023-52560.json +++ b/2023/52xxx/CVE-2023-52560.json @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52561.json b/2023/52xxx/CVE-2023-52561.json index 0f177a7e431..42cd7a40a28 100644 --- a/2023/52xxx/CVE-2023-52561.json +++ b/2023/52xxx/CVE-2023-52561.json @@ -98,6 +98,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52562.json b/2023/52xxx/CVE-2023-52562.json index 03a3eca71c9..232bb90f5b5 100644 --- a/2023/52xxx/CVE-2023-52562.json +++ b/2023/52xxx/CVE-2023-52562.json @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52563.json b/2023/52xxx/CVE-2023-52563.json index 2d424cfabf4..7ea08bf1038 100644 --- a/2023/52xxx/CVE-2023-52563.json +++ b/2023/52xxx/CVE-2023-52563.json @@ -124,6 +124,6 @@ ] }, "generator": { - "engine": "bippy-5f0117140d9a" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52564.json b/2023/52xxx/CVE-2023-52564.json index 5bbdf10aa88..18a1f84b17e 100644 --- a/2023/52xxx/CVE-2023-52564.json +++ b/2023/52xxx/CVE-2023-52564.json @@ -141,30 +141,10 @@ "url": "https://git.kernel.org/stable/c/29346e217b8ab8a52889b88f00b268278d6b7668", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/29346e217b8ab8a52889b88f00b268278d6b7668" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/04/11/9", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/04/11/9" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/04/11/11", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/04/11/11" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/04/12/2", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/04/12/2" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/04/12/1", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/04/12/1" } ] }, "generator": { - "engine": "bippy-851b3ed3d212" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52565.json b/2023/52xxx/CVE-2023-52565.json index fe8091df81a..aba885369e4 100644 --- a/2023/52xxx/CVE-2023-52565.json +++ b/2023/52xxx/CVE-2023-52565.json @@ -113,6 +113,6 @@ ] }, "generator": { - "engine": "bippy-851b3ed3d212" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52566.json b/2023/52xxx/CVE-2023-52566.json index fefe4efb760..acac1f1a308 100644 --- a/2023/52xxx/CVE-2023-52566.json +++ b/2023/52xxx/CVE-2023-52566.json @@ -163,6 +163,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52567.json b/2023/52xxx/CVE-2023-52567.json index 7eb574c2f1c..df80f2613da 100644 --- a/2023/52xxx/CVE-2023-52567.json +++ b/2023/52xxx/CVE-2023-52567.json @@ -193,6 +193,6 @@ ] }, "generator": { - "engine": "bippy-851b3ed3d212" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52568.json b/2023/52xxx/CVE-2023-52568.json index 0174da14af1..c054e558755 100644 --- a/2023/52xxx/CVE-2023-52568.json +++ b/2023/52xxx/CVE-2023-52568.json @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52569.json b/2023/52xxx/CVE-2023-52569.json index a0d00f137b3..380853babee 100644 --- a/2023/52xxx/CVE-2023-52569.json +++ b/2023/52xxx/CVE-2023-52569.json @@ -98,6 +98,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52570.json b/2023/52xxx/CVE-2023-52570.json index b2ddf0c3451..c2729a8e389 100644 --- a/2023/52xxx/CVE-2023-52570.json +++ b/2023/52xxx/CVE-2023-52570.json @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52571.json b/2023/52xxx/CVE-2023-52571.json index 1d84345da92..f9b9515ced5 100644 --- a/2023/52xxx/CVE-2023-52571.json +++ b/2023/52xxx/CVE-2023-52571.json @@ -113,6 +113,6 @@ ] }, "generator": { - "engine": "bippy-851b3ed3d212" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52572.json b/2023/52xxx/CVE-2023-52572.json index 66d2b3166f7..674a84b99e3 100644 --- a/2023/52xxx/CVE-2023-52572.json +++ b/2023/52xxx/CVE-2023-52572.json @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52573.json b/2023/52xxx/CVE-2023-52573.json index adcde771ee6..ca6f6fafbe5 100644 --- a/2023/52xxx/CVE-2023-52573.json +++ b/2023/52xxx/CVE-2023-52573.json @@ -141,6 +141,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52574.json b/2023/52xxx/CVE-2023-52574.json index 8ad5119f3fe..e961958011e 100644 --- a/2023/52xxx/CVE-2023-52574.json +++ b/2023/52xxx/CVE-2023-52574.json @@ -163,6 +163,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52576.json b/2023/52xxx/CVE-2023-52576.json index f79c415d42f..8108a679e54 100644 --- a/2023/52xxx/CVE-2023-52576.json +++ b/2023/52xxx/CVE-2023-52576.json @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52577.json b/2023/52xxx/CVE-2023-52577.json index 6fe0662fbf4..b15dd23690a 100644 --- a/2023/52xxx/CVE-2023-52577.json +++ b/2023/52xxx/CVE-2023-52577.json @@ -167,6 +167,6 @@ ] }, "generator": { - "engine": "bippy-5f0117140d9a" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52578.json b/2023/52xxx/CVE-2023-52578.json index 216590e8d04..13f987d9024 100644 --- a/2023/52xxx/CVE-2023-52578.json +++ b/2023/52xxx/CVE-2023-52578.json @@ -152,6 +152,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52580.json b/2023/52xxx/CVE-2023-52580.json index de0c7f13aab..7916bd1632c 100644 --- a/2023/52xxx/CVE-2023-52580.json +++ b/2023/52xxx/CVE-2023-52580.json @@ -119,6 +119,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52581.json b/2023/52xxx/CVE-2023-52581.json index 998d6ad495f..9824d2b3bb9 100644 --- a/2023/52xxx/CVE-2023-52581.json +++ b/2023/52xxx/CVE-2023-52581.json @@ -137,6 +137,6 @@ ] }, "generator": { - "engine": "bippy-5f0117140d9a" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52582.json b/2023/52xxx/CVE-2023-52582.json index b30ebeb1803..03e912606a0 100644 --- a/2023/52xxx/CVE-2023-52582.json +++ b/2023/52xxx/CVE-2023-52582.json @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52583.json b/2023/52xxx/CVE-2023-52583.json index 866df525f9e..b3477bee43e 100644 --- a/2023/52xxx/CVE-2023-52583.json +++ b/2023/52xxx/CVE-2023-52583.json @@ -153,6 +153,6 @@ ] }, "generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52584.json b/2023/52xxx/CVE-2023-52584.json index c6f46f0233f..955a4fdfeb5 100644 --- a/2023/52xxx/CVE-2023-52584.json +++ b/2023/52xxx/CVE-2023-52584.json @@ -109,6 +109,6 @@ ] }, "generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52585.json b/2023/52xxx/CVE-2023-52585.json index df31fd718d7..43639784253 100644 --- a/2023/52xxx/CVE-2023-52585.json +++ b/2023/52xxx/CVE-2023-52585.json @@ -142,6 +142,6 @@ ] }, "generator": { - "engine": "bippy-d175d3acf727" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52586.json b/2023/52xxx/CVE-2023-52586.json index d6a5a2d2cee..7bcb7cce102 100644 --- a/2023/52xxx/CVE-2023-52586.json +++ b/2023/52xxx/CVE-2023-52586.json @@ -87,6 +87,6 @@ ] }, "generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52587.json b/2023/52xxx/CVE-2023-52587.json index f2bb3afc1a1..5cc7dc10e76 100644 --- a/2023/52xxx/CVE-2023-52587.json +++ b/2023/52xxx/CVE-2023-52587.json @@ -153,6 +153,6 @@ ] }, "generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52588.json b/2023/52xxx/CVE-2023-52588.json index d019cd6839e..eb8413c9ac1 100644 --- a/2023/52xxx/CVE-2023-52588.json +++ b/2023/52xxx/CVE-2023-52588.json @@ -120,6 +120,6 @@ ] }, "generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52589.json b/2023/52xxx/CVE-2023-52589.json index 3acbfb41871..bca171f45ba 100644 --- a/2023/52xxx/CVE-2023-52589.json +++ b/2023/52xxx/CVE-2023-52589.json @@ -109,6 +109,6 @@ ] }, "generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2024/22xxx/CVE-2024-22641.json b/2024/22xxx/CVE-2024-22641.json index b395cc9bab4..0567f522af4 100644 --- a/2024/22xxx/CVE-2024-22641.json +++ b/2024/22xxx/CVE-2024-22641.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-22641", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-22641", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/zunak/CVE-2024-22641", + "url": "https://github.com/zunak/CVE-2024-22641" } ] } diff --git a/2024/35xxx/CVE-2024-35239.json b/2024/35xxx/CVE-2024-35239.json index b8d423ada7e..441e5613f96 100644 --- a/2024/35xxx/CVE-2024-35239.json +++ b/2024/35xxx/CVE-2024-35239.json @@ -1,17 +1,117 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35239", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code into Forms components. This issue can be mitigated by configuring TitleAndDescription:AllowUnsafeHtmlRendering after upgrading to one of the patched versions (13.0.1, 12.2.2, 10.5.3, 8.13.13)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "umbraco", + "product": { + "product_data": [ + { + "product_name": "Umbraco.Forms.Issues", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 13.0.0, < 13.0.1" + }, + { + "version_affected": "=", + "version_value": ">= 12.0.0, < 12.2.2" + }, + { + "version_affected": "=", + "version_value": ">= 10.0.0, < 10.5.3" + }, + { + "version_affected": "=", + "version_value": "< 8.13.13 " + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/umbraco/Umbraco.Forms.Issues/security/advisories/GHSA-p572-p2rj-q5f4", + "refsource": "MISC", + "name": "https://github.com/umbraco/Umbraco.Forms.Issues/security/advisories/GHSA-p572-p2rj-q5f4" + }, + { + "url": "https://docs.umbraco.com/umbraco-forms/developer/configuration#editing-configuration-values", + "refsource": "MISC", + "name": "https://docs.umbraco.com/umbraco-forms/developer/configuration#editing-configuration-values" + }, + { + "url": "https://docs.umbraco.com/umbraco-forms/release-notes#id-13.0.1-january-16th-2024", + "refsource": "MISC", + "name": "https://docs.umbraco.com/umbraco-forms/release-notes#id-13.0.1-january-16th-2024" + }, + { + "url": "https://docs.umbraco.com/umbraco-forms/v/10.forms.latest/release-notes", + "refsource": "MISC", + "name": "https://docs.umbraco.com/umbraco-forms/v/10.forms.latest/release-notes" + }, + { + "url": "https://docs.umbraco.com/umbraco-forms/v/12.forms.latest/release-notes#id-12.2.2-january-16th-2024", + "refsource": "MISC", + "name": "https://docs.umbraco.com/umbraco-forms/v/12.forms.latest/release-notes#id-12.2.2-january-16th-2024" + } + ] + }, + "source": { + "advisory": "GHSA-p572-p2rj-q5f4", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/35xxx/CVE-2024-35240.json b/2024/35xxx/CVE-2024-35240.json index 53fbed58ac0..f434fedd96d 100644 --- a/2024/35xxx/CVE-2024-35240.json +++ b/2024/35xxx/CVE-2024-35240.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35240", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "umbraco", + "product": { + "product_data": [ + { + "product_name": "Umbraco.Commerce.Issues", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 12.0.0, < 12.1.4" + }, + { + "version_affected": "=", + "version_value": "< 10.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/umbraco/Umbraco.Commerce.Issues/security/advisories/GHSA-rpj9-xjwm-wr6w", + "refsource": "MISC", + "name": "https://github.com/umbraco/Umbraco.Commerce.Issues/security/advisories/GHSA-rpj9-xjwm-wr6w" + }, + { + "url": "https://docs.umbraco.com/umbraco-commerce/release-notes#id-13.0.0-december-13th-2023", + "refsource": "MISC", + "name": "https://docs.umbraco.com/umbraco-commerce/release-notes#id-13.0.0-december-13th-2023" + } + ] + }, + "source": { + "advisory": "GHSA-rpj9-xjwm-wr6w", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/35xxx/CVE-2024-35511.json b/2024/35xxx/CVE-2024-35511.json index 5024d22d0ce..ed8bbc85d2c 100644 --- a/2024/35xxx/CVE-2024-35511.json +++ b/2024/35xxx/CVE-2024-35511.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-35511", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-35511", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injection via the \"username\" parameter of /msms/admin/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/efekaanakkar/CVE-2024-35511/blob/main/Men%20Salon%20Management%20System%20Using%20PHP%20and%20MySQL.md", + "url": "https://github.com/efekaanakkar/CVE-2024-35511/blob/main/Men%20Salon%20Management%20System%20Using%20PHP%20and%20MySQL.md" } ] } diff --git a/2024/35xxx/CVE-2024-35548.json b/2024/35xxx/CVE-2024-35548.json index 145b600177a..7e77a82b13d 100644 --- a/2024/35xxx/CVE-2024-35548.json +++ b/2024/35xxx/CVE-2024-35548.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-35548", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-35548", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/baomidou/mybatis-plus/issues/6167", + "url": "https://github.com/baomidou/mybatis-plus/issues/6167" } ] } diff --git a/2024/5xxx/CVE-2024-5450.json b/2024/5xxx/CVE-2024-5450.json new file mode 100644 index 00000000000..f85b9709543 --- /dev/null +++ b/2024/5xxx/CVE-2024-5450.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5450", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5451.json b/2024/5xxx/CVE-2024-5451.json new file mode 100644 index 00000000000..12f08f8b194 --- /dev/null +++ b/2024/5xxx/CVE-2024-5451.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5451", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file