From a27a58cb4516c652a2e190fad8267ad4dadc95f0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 28 Jan 2025 14:00:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/11xxx/CVE-2024-11954.json | 103 +++++++++++++++++++++++++++-- 2024/11xxx/CVE-2024-11956.json | 116 +++++++++++++++++++++++++++++++-- 2024/13xxx/CVE-2024-13759.json | 18 +++++ 2024/13xxx/CVE-2024-13760.json | 18 +++++ 2024/13xxx/CVE-2024-13761.json | 18 +++++ 2024/13xxx/CVE-2024-13762.json | 18 +++++ 2024/13xxx/CVE-2024-13763.json | 18 +++++ 2024/13xxx/CVE-2024-13764.json | 18 +++++ 2024/13xxx/CVE-2024-13765.json | 18 +++++ 2024/13xxx/CVE-2024-13766.json | 18 +++++ 2025/0xxx/CVE-2025-0781.json | 18 +++++ 2025/0xxx/CVE-2025-0782.json | 18 +++++ 2025/0xxx/CVE-2025-0783.json | 18 +++++ 2025/0xxx/CVE-2025-0784.json | 18 +++++ 14 files changed, 427 insertions(+), 8 deletions(-) create mode 100644 2024/13xxx/CVE-2024-13759.json create mode 100644 2024/13xxx/CVE-2024-13760.json create mode 100644 2024/13xxx/CVE-2024-13761.json create mode 100644 2024/13xxx/CVE-2024-13762.json create mode 100644 2024/13xxx/CVE-2024-13763.json create mode 100644 2024/13xxx/CVE-2024-13764.json create mode 100644 2024/13xxx/CVE-2024-13765.json create mode 100644 2024/13xxx/CVE-2024-13766.json create mode 100644 2025/0xxx/CVE-2025-0781.json create mode 100644 2025/0xxx/CVE-2025-0782.json create mode 100644 2025/0xxx/CVE-2025-0783.json create mode 100644 2025/0xxx/CVE-2025-0784.json diff --git a/2024/11xxx/CVE-2024-11954.json b/2024/11xxx/CVE-2024-11954.json index a8fad339c39..13120c58c07 100644 --- a/2024/11xxx/CVE-2024-11954.json +++ b/2024/11xxx/CVE-2024-11954.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11954", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in Pimcore 11.4.2. Affected by this vulnerability is an unknown functionality of the component Search Document. The manipulation leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In Pimcore 11.4.2 wurde eine problematische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Komponente Search Document. Durch das Manipulieren mit unbekannten Daten kann eine basic cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Basic Cross Site Scripting", + "cweId": "CWE-80" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Pimcore", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.293905", + "refsource": "MISC", + "name": "https://vuldb.com/?id.293905" + }, + { + "url": "https://vuldb.com/?ctiid.293905", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.293905" + }, + { + "url": "https://vuldb.com/?submit.451774", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.451774" + }, + { + "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-xr3m-6gq6-22cg", + "refsource": "MISC", + "name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-xr3m-6gq6-22cg" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N" } ] } diff --git a/2024/11xxx/CVE-2024-11956.json b/2024/11xxx/CVE-2024-11956.json index 7ce7ed32b2b..bbafa0e74b8 100644 --- a/2024/11xxx/CVE-2024-11956.json +++ b/2024/11xxx/CVE-2024-11956.json @@ -1,17 +1,125 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11956", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in Pimcore customer-data-framework bis 4.2.0 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /admin/customermanagementframework/customers/list. Durch Manipulieren des Arguments filterDefinition/filter mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 4.2.1 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Pimcore", + "product": { + "product_data": [ + { + "product_name": "customer-data-framework", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0" + }, + { + "version_affected": "=", + "version_value": "4.1" + }, + { + "version_affected": "=", + "version_value": "4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.293906", + "refsource": "MISC", + "name": "https://vuldb.com/?id.293906" + }, + { + "url": "https://vuldb.com/?ctiid.293906", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.293906" + }, + { + "url": "https://vuldb.com/?submit.451863", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.451863" + }, + { + "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q53r-9hh9-w277", + "refsource": "MISC", + "name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q53r-9hh9-w277" + }, + { + "url": "https://github.com/pimcore/customer-data-framework/releases/tag/v4.2.1", + "refsource": "MISC", + "name": "https://github.com/pimcore/customer-data-framework/releases/tag/v4.2.1" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.7, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] } diff --git a/2024/13xxx/CVE-2024-13759.json b/2024/13xxx/CVE-2024-13759.json new file mode 100644 index 00000000000..d0db40b0c70 --- /dev/null +++ b/2024/13xxx/CVE-2024-13759.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13759", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13760.json b/2024/13xxx/CVE-2024-13760.json new file mode 100644 index 00000000000..09fa73697be --- /dev/null +++ b/2024/13xxx/CVE-2024-13760.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13760", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13761.json b/2024/13xxx/CVE-2024-13761.json new file mode 100644 index 00000000000..8113f5b2625 --- /dev/null +++ b/2024/13xxx/CVE-2024-13761.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13761", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13762.json b/2024/13xxx/CVE-2024-13762.json new file mode 100644 index 00000000000..8169e8bb1fa --- /dev/null +++ b/2024/13xxx/CVE-2024-13762.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13762", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13763.json b/2024/13xxx/CVE-2024-13763.json new file mode 100644 index 00000000000..5e146e25938 --- /dev/null +++ b/2024/13xxx/CVE-2024-13763.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13763", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13764.json b/2024/13xxx/CVE-2024-13764.json new file mode 100644 index 00000000000..8a568416c64 --- /dev/null +++ b/2024/13xxx/CVE-2024-13764.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13764", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13765.json b/2024/13xxx/CVE-2024-13765.json new file mode 100644 index 00000000000..e57c4db6c32 --- /dev/null +++ b/2024/13xxx/CVE-2024-13765.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13765", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13766.json b/2024/13xxx/CVE-2024-13766.json new file mode 100644 index 00000000000..47a9b006721 --- /dev/null +++ b/2024/13xxx/CVE-2024-13766.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13766", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0781.json b/2025/0xxx/CVE-2025-0781.json new file mode 100644 index 00000000000..64be42e2a46 --- /dev/null +++ b/2025/0xxx/CVE-2025-0781.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0781", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0782.json b/2025/0xxx/CVE-2025-0782.json new file mode 100644 index 00000000000..b4bd20325da --- /dev/null +++ b/2025/0xxx/CVE-2025-0782.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0782", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0783.json b/2025/0xxx/CVE-2025-0783.json new file mode 100644 index 00000000000..6764c669d14 --- /dev/null +++ b/2025/0xxx/CVE-2025-0783.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0783", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0784.json b/2025/0xxx/CVE-2025-0784.json new file mode 100644 index 00000000000..01a37fa1376 --- /dev/null +++ b/2025/0xxx/CVE-2025-0784.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0784", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file