From a23a145a4f441938ef55811f1a1eb717daec6ab8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 23 Aug 2024 17:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/32xxx/CVE-2024-32501.json | 61 +++++++++++++++++-- 2024/33xxx/CVE-2024-33852.json | 61 +++++++++++++++++-- 2024/33xxx/CVE-2024-33853.json | 61 +++++++++++++++++-- 2024/33xxx/CVE-2024-33854.json | 61 +++++++++++++++++-- 2024/36xxx/CVE-2024-36474.json | 18 ++++++ 2024/39xxx/CVE-2024-39841.json | 61 +++++++++++++++++-- 2024/41xxx/CVE-2024-41841.json | 103 +++++++++++++++++++++++++++++++-- 2024/41xxx/CVE-2024-41842.json | 103 +++++++++++++++++++++++++++++++-- 2024/41xxx/CVE-2024-41843.json | 103 +++++++++++++++++++++++++++++++-- 2024/41xxx/CVE-2024-41844.json | 103 +++++++++++++++++++++++++++++++-- 2024/41xxx/CVE-2024-41845.json | 103 +++++++++++++++++++++++++++++++-- 2024/41xxx/CVE-2024-41846.json | 103 +++++++++++++++++++++++++++++++-- 2024/41xxx/CVE-2024-41847.json | 103 +++++++++++++++++++++++++++++++-- 2024/41xxx/CVE-2024-41848.json | 103 +++++++++++++++++++++++++++++++-- 2024/41xxx/CVE-2024-41849.json | 103 +++++++++++++++++++++++++++++++-- 2024/41xxx/CVE-2024-41875.json | 103 +++++++++++++++++++++++++++++++-- 2024/41xxx/CVE-2024-41876.json | 103 +++++++++++++++++++++++++++++++-- 2024/41xxx/CVE-2024-41877.json | 103 +++++++++++++++++++++++++++++++-- 2024/41xxx/CVE-2024-41878.json | 103 +++++++++++++++++++++++++++++++-- 2024/42xxx/CVE-2024-42415.json | 18 ++++++ 2024/42xxx/CVE-2024-42531.json | 61 +++++++++++++++++-- 2024/43xxx/CVE-2024-43794.json | 85 +++++++++++++++++++++++++-- 2024/44xxx/CVE-2024-44386.json | 56 ++++++++++++++++-- 2024/44xxx/CVE-2024-44387.json | 56 ++++++++++++++++-- 2024/44xxx/CVE-2024-44390.json | 56 ++++++++++++++++-- 25 files changed, 1884 insertions(+), 110 deletions(-) create mode 100644 2024/36xxx/CVE-2024-36474.json create mode 100644 2024/42xxx/CVE-2024-42415.json diff --git a/2024/32xxx/CVE-2024-32501.json b/2024/32xxx/CVE-2024-32501.json index 0dc28d98c32..b7cb347213f 100644 --- a/2024/32xxx/CVE-2024-32501.json +++ b/2024/32xxx/CVE-2024-32501.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-32501", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-32501", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://centreon.com", + "refsource": "MISC", + "name": "https://centreon.com" + }, + { + "refsource": "CONFIRM", + "name": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744", + "url": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744" } ] } diff --git a/2024/33xxx/CVE-2024-33852.json b/2024/33xxx/CVE-2024-33852.json index 2010171686c..65c32c28878 100644 --- a/2024/33xxx/CVE-2024-33852.json +++ b/2024/33xxx/CVE-2024-33852.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-33852", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-33852", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/centreon/centreon/releases", + "refsource": "MISC", + "name": "https://github.com/centreon/centreon/releases" + }, + { + "refsource": "CONFIRM", + "name": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744", + "url": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744" } ] } diff --git a/2024/33xxx/CVE-2024-33853.json b/2024/33xxx/CVE-2024-33853.json index 19dee0cff61..0c261364f9e 100644 --- a/2024/33xxx/CVE-2024-33853.json +++ b/2024/33xxx/CVE-2024-33853.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-33853", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-33853", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/centreon/centreon/releases", + "refsource": "MISC", + "name": "https://github.com/centreon/centreon/releases" + }, + { + "refsource": "CONFIRM", + "name": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744", + "url": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744" } ] } diff --git a/2024/33xxx/CVE-2024-33854.json b/2024/33xxx/CVE-2024-33854.json index e6af138e4e8..c786d6d6ae0 100644 --- a/2024/33xxx/CVE-2024-33854.json +++ b/2024/33xxx/CVE-2024-33854.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-33854", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-33854", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/centreon/centreon/releases", + "refsource": "MISC", + "name": "https://github.com/centreon/centreon/releases" + }, + { + "refsource": "CONFIRM", + "name": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744", + "url": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744" } ] } diff --git a/2024/36xxx/CVE-2024-36474.json b/2024/36xxx/CVE-2024-36474.json new file mode 100644 index 00000000000..570de61d238 --- /dev/null +++ b/2024/36xxx/CVE-2024-36474.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-36474", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39841.json b/2024/39xxx/CVE-2024-39841.json index aebcec0cc40..9cbae6ca9d4 100644 --- a/2024/39xxx/CVE-2024-39841.json +++ b/2024/39xxx/CVE-2024-39841.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-39841", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-39841", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/centreon/centreon/releases", + "refsource": "MISC", + "name": "https://github.com/centreon/centreon/releases" + }, + { + "refsource": "CONFIRM", + "name": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744", + "url": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744" } ] } diff --git a/2024/41xxx/CVE-2024-41841.json b/2024/41xxx/CVE-2024-41841.json index 3cad658def8..6721b5617be 100644 --- a/2024/41xxx/CVE-2024-41841.json +++ b/2024/41xxx/CVE-2024-41841.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41841", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "6.5.20", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.4, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "LOW", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "NETWORK", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "LOW", + "modifiedIntegrityImpact": "LOW", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "CHANGED", + "temporalScore": 5.4, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/41xxx/CVE-2024-41842.json b/2024/41xxx/CVE-2024-41842.json index 53f6007391f..fdd995a30b9 100644 --- a/2024/41xxx/CVE-2024-41842.json +++ b/2024/41xxx/CVE-2024-41842.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41842", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Stored XSS) (CWE-79)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "6.5.20", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 4.8, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "LOW", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "NETWORK", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "LOW", + "modifiedIntegrityImpact": "LOW", + "modifiedPrivilegesRequired": "HIGH", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "HIGH", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "CHANGED", + "temporalScore": 4.8, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/41xxx/CVE-2024-41843.json b/2024/41xxx/CVE-2024-41843.json index 3c11140f2fb..2e0ab50dd84 100644 --- a/2024/41xxx/CVE-2024-41843.json +++ b/2024/41xxx/CVE-2024-41843.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41843", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Stored XSS) (CWE-79)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "6.5.20", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.4, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "LOW", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "NETWORK", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "LOW", + "modifiedIntegrityImpact": "LOW", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "CHANGED", + "temporalScore": 5.4, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/41xxx/CVE-2024-41844.json b/2024/41xxx/CVE-2024-41844.json index 7f80b85c0ce..03c517bcff1 100644 --- a/2024/41xxx/CVE-2024-41844.json +++ b/2024/41xxx/CVE-2024-41844.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41844", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Stored XSS) (CWE-79)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "6.5.20", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.4, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "LOW", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "NETWORK", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "LOW", + "modifiedIntegrityImpact": "LOW", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "CHANGED", + "temporalScore": 5.4, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/41xxx/CVE-2024-41845.json b/2024/41xxx/CVE-2024-41845.json index 4ba79a2d6d2..b6a891f83e0 100644 --- a/2024/41xxx/CVE-2024-41845.json +++ b/2024/41xxx/CVE-2024-41845.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41845", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Stored XSS) (CWE-79)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "6.5.20", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.4, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "LOW", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "NETWORK", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "LOW", + "modifiedIntegrityImpact": "LOW", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "CHANGED", + "temporalScore": 5.4, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/41xxx/CVE-2024-41846.json b/2024/41xxx/CVE-2024-41846.json index 9522dbc4c8c..39aed03b679 100644 --- a/2024/41xxx/CVE-2024-41846.json +++ b/2024/41xxx/CVE-2024-41846.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41846", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Stored XSS) (CWE-79)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "6.5.20", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.4, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "LOW", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "NETWORK", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "LOW", + "modifiedIntegrityImpact": "LOW", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "CHANGED", + "temporalScore": 5.4, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/41xxx/CVE-2024-41847.json b/2024/41xxx/CVE-2024-41847.json index 3d7a8a54fe8..16911d716c3 100644 --- a/2024/41xxx/CVE-2024-41847.json +++ b/2024/41xxx/CVE-2024-41847.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41847", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "6.5.20", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.4, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "LOW", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "NETWORK", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "LOW", + "modifiedIntegrityImpact": "LOW", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "CHANGED", + "temporalScore": 5.4, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/41xxx/CVE-2024-41848.json b/2024/41xxx/CVE-2024-41848.json index b3f00723276..2b4aabd239f 100644 --- a/2024/41xxx/CVE-2024-41848.json +++ b/2024/41xxx/CVE-2024-41848.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41848", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "6.5.20", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.4, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "LOW", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "NETWORK", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "LOW", + "modifiedIntegrityImpact": "LOW", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "CHANGED", + "temporalScore": 5.4, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/41xxx/CVE-2024-41849.json b/2024/41xxx/CVE-2024-41849.json index c153a772a04..57f4af8c35d 100644 --- a/2024/41xxx/CVE-2024-41849.json +++ b/2024/41xxx/CVE-2024-41849.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41849", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. An low-privileged attacker could leverage this vulnerability to slightly affect the integrity of the page. Exploitation of this issue requires user interaction and scope is changed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation (CWE-20)", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "6.5.20", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 4.1, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "LOW", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "NETWORK", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "NONE", + "modifiedIntegrityImpact": "LOW", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "CHANGED", + "temporalScore": 4.1, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/41xxx/CVE-2024-41875.json b/2024/41xxx/CVE-2024-41875.json index 5c0b0cfecbc..a186d2676a6 100644 --- a/2024/41xxx/CVE-2024-41875.json +++ b/2024/41xxx/CVE-2024-41875.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41875", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Stored XSS) (CWE-79)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "6.5.20", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.4, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "LOW", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "NETWORK", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "LOW", + "modifiedIntegrityImpact": "LOW", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "CHANGED", + "temporalScore": 5.4, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/41xxx/CVE-2024-41876.json b/2024/41xxx/CVE-2024-41876.json index 4aa232c3dec..ff0f805961d 100644 --- a/2024/41xxx/CVE-2024-41876.json +++ b/2024/41xxx/CVE-2024-41876.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41876", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "6.5.20", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.4, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "LOW", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "NETWORK", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "LOW", + "modifiedIntegrityImpact": "LOW", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "CHANGED", + "temporalScore": 5.4, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/41xxx/CVE-2024-41877.json b/2024/41xxx/CVE-2024-41877.json index 810a06c09a0..8b313fc597f 100644 --- a/2024/41xxx/CVE-2024-41877.json +++ b/2024/41xxx/CVE-2024-41877.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41877", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Stored XSS) (CWE-79)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "6.5.19", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.4, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "LOW", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "NETWORK", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "LOW", + "modifiedIntegrityImpact": "LOW", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "CHANGED", + "temporalScore": 5.4, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/41xxx/CVE-2024-41878.json b/2024/41xxx/CVE-2024-41878.json index 3d0c875c873..02d210070f1 100644 --- a/2024/41xxx/CVE-2024-41878.json +++ b/2024/41xxx/CVE-2024-41878.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41878", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (DOM-based XSS) (CWE-79)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "6.5.19", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.4, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "LOW", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "NETWORK", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "LOW", + "modifiedIntegrityImpact": "LOW", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "CHANGED", + "temporalScore": 5.4, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/42xxx/CVE-2024-42415.json b/2024/42xxx/CVE-2024-42415.json new file mode 100644 index 00000000000..065e6acae35 --- /dev/null +++ b/2024/42xxx/CVE-2024-42415.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-42415", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/42xxx/CVE-2024-42531.json b/2024/42xxx/CVE-2024-42531.json index 6752c2b996d..474149ca33b 100644 --- a/2024/42xxx/CVE-2024-42531.json +++ b/2024/42xxx/CVE-2024-42531.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-42531", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-42531", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://ezviz.com", + "refsource": "MISC", + "name": "http://ezviz.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/Anonymous120386/Anonymous", + "url": "https://github.com/Anonymous120386/Anonymous" } ] } diff --git a/2024/43xxx/CVE-2024-43794.json b/2024/43xxx/CVE-2024-43794.json index f2ef0d978f1..d71888cf532 100644 --- a/2024/43xxx/CVE-2024-43794.json +++ b/2024/43xxx/CVE-2024-43794.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-43794", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is available in 1.3.19 and 2.16.0 for this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "opensearch-project", + "product": { + "product_data": [ + { + "product_name": "security-dashboards-plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.3.19" + }, + { + "version_affected": "=", + "version_value": ">= 2.0.0, < 2.16.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/opensearch-project/security-dashboards-plugin/security/advisories/GHSA-3fph-6cqp-5mfc", + "refsource": "MISC", + "name": "https://github.com/opensearch-project/security-dashboards-plugin/security/advisories/GHSA-3fph-6cqp-5mfc" + }, + { + "url": "https://github.com/opensearch-project/security-dashboards-plugin/commit/fc4f6a27c0c80881be9e8ed6b9259a25c3fa0e13", + "refsource": "MISC", + "name": "https://github.com/opensearch-project/security-dashboards-plugin/commit/fc4f6a27c0c80881be9e8ed6b9259a25c3fa0e13" + } + ] + }, + "source": { + "advisory": "GHSA-3fph-6cqp-5mfc", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/44xxx/CVE-2024-44386.json b/2024/44xxx/CVE-2024-44386.json index b750ccca4c8..423787c688d 100644 --- a/2024/44xxx/CVE-2024-44386.json +++ b/2024/44xxx/CVE-2024-44386.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-44386", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-44386", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function fromSetIpBind." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/GroundCTL2MajorTom/pocs/blob/main/tenda_FH1206_buffer_overflow2.md", + "refsource": "MISC", + "name": "https://github.com/GroundCTL2MajorTom/pocs/blob/main/tenda_FH1206_buffer_overflow2.md" } ] } diff --git a/2024/44xxx/CVE-2024-44387.json b/2024/44xxx/CVE-2024-44387.json index 954b8d099d6..97183cef4f5 100644 --- a/2024/44xxx/CVE-2024-44387.json +++ b/2024/44xxx/CVE-2024-44387.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-44387", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-44387", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the functino formWrlExtraGet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/GroundCTL2MajorTom/pocs/blob/main/tenda_FH1206_buffer_overflow1.md", + "refsource": "MISC", + "name": "https://github.com/GroundCTL2MajorTom/pocs/blob/main/tenda_FH1206_buffer_overflow1.md" } ] } diff --git a/2024/44xxx/CVE-2024-44390.json b/2024/44xxx/CVE-2024-44390.json index f45d9939498..ff7d2dceb4a 100644 --- a/2024/44xxx/CVE-2024-44390.json +++ b/2024/44xxx/CVE-2024-44390.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-44390", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-44390", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function formWrlsafeset." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/GroundCTL2MajorTom/pocs/blob/main/tenda_FH1206_buffer_overflow8.md", + "refsource": "MISC", + "name": "https://github.com/GroundCTL2MajorTom/pocs/blob/main/tenda_FH1206_buffer_overflow8.md" } ] }