diff --git a/2023/47xxx/CVE-2023-47634.json b/2023/47xxx/CVE-2023-47634.json index 9dd61320a9a..b8d8e98f7c8 100644 --- a/2023/47xxx/CVE-2023-47634.json +++ b/2023/47xxx/CVE-2023-47634.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47634", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement. To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel. Versions 0.26.9, 0.27.5, and 0.28.0 contain a patch for this issue. As a workaround, disable the Endorsement feature in the components. " + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + "cweId": "CWE-362" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "decidim", + "product": { + "product_data": [ + { + "product_name": "decidim", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 0.10.0, < 0.26.9" + }, + { + "version_affected": "=", + "version_value": ">= 0.27.0, < 0.27.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/decidim/decidim/security/advisories/GHSA-r275-j57c-7mf2", + "refsource": "MISC", + "name": "https://github.com/decidim/decidim/security/advisories/GHSA-r275-j57c-7mf2" + }, + { + "url": "https://github.com/decidim/decidim/releases/tag/v0.26.9", + "refsource": "MISC", + "name": "https://github.com/decidim/decidim/releases/tag/v0.26.9" + }, + { + "url": "https://github.com/decidim/decidim/releases/tag/v0.27.5", + "refsource": "MISC", + "name": "https://github.com/decidim/decidim/releases/tag/v0.27.5" + }, + { + "url": "https://github.com/decidim/decidim/releases/tag/v0.28.0", + "refsource": "MISC", + "name": "https://github.com/decidim/decidim/releases/tag/v0.28.0" + } + ] + }, + "source": { + "advisory": "GHSA-r275-j57c-7mf2", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47635.json b/2023/47xxx/CVE-2023-47635.json index ace25da3b70..cc24d3cab8f 100644 --- a/2023/47xxx/CVE-2023-47635.json +++ b/2023/47xxx/CVE-2023-47635.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47635", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the session cookie in order to see this resource. This URL does not allow modifying the resource but it may allow attackers to gain access to information which was not meant to be public. The issue is fixed in version 0.27.5 and 0.28.0. As a workaround, disable the templates functionality or remove all available templates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918: Server-Side Request Forgery (SSRF)", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "decidim", + "product": { + "product_data": [ + { + "product_name": "decidim", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 0.23.0, < 0.27.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/decidim/decidim/security/advisories/GHSA-f3qm-vfc3-jg6v", + "refsource": "MISC", + "name": "https://github.com/decidim/decidim/security/advisories/GHSA-f3qm-vfc3-jg6v" + }, + { + "url": "https://github.com/decidim/decidim/pull/11743", + "refsource": "MISC", + "name": "https://github.com/decidim/decidim/pull/11743" + }, + { + "url": "https://github.com/decidim/decidim/pull/6247", + "refsource": "MISC", + "name": "https://github.com/decidim/decidim/pull/6247" + }, + { + "url": "https://github.com/decidim/decidim/commit/5542227be66e3b6d7530f5b536069bce09376660", + "refsource": "MISC", + "name": "https://github.com/decidim/decidim/commit/5542227be66e3b6d7530f5b536069bce09376660" + }, + { + "url": "https://github.com/decidim/decidim/commit/57a4b467787448307b5d9b01ce6e2c8502e121ac", + "refsource": "MISC", + "name": "https://github.com/decidim/decidim/commit/57a4b467787448307b5d9b01ce6e2c8502e121ac" + }, + { + "url": "https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnaire_templates_controller.rb#L11", + "refsource": "MISC", + "name": "https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnaire_templates_controller.rb#L11" + } + ] + }, + "source": { + "advisory": "GHSA-f3qm-vfc3-jg6v", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/1xxx/CVE-2024-1470.json b/2024/1xxx/CVE-2024-1470.json index ddbf2720df7..c89a9d861a0 100644 --- a/2024/1xxx/CVE-2024-1470.json +++ b/2024/1xxx/CVE-2024-1470.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1470", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@opentext.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue \n\nonly \n\naffects NetIQ Client Login Extension: 4.6.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639 Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenText", + "product": { + "product_data": [ + { + "product_name": "NetIQ Client Login Extension", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://portal.microfocus.com/s/article/KM000026667?language=en_US", + "refsource": "MISC", + "name": "https://portal.microfocus.com/s/article/KM000026667?language=en_US" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/1xxx/CVE-2024-1669.json b/2024/1xxx/CVE-2024-1669.json new file mode 100644 index 00000000000..3e5bd33e914 --- /dev/null +++ b/2024/1xxx/CVE-2024-1669.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1669", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1670.json b/2024/1xxx/CVE-2024-1670.json new file mode 100644 index 00000000000..498cb981904 --- /dev/null +++ b/2024/1xxx/CVE-2024-1670.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1670", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1671.json b/2024/1xxx/CVE-2024-1671.json new file mode 100644 index 00000000000..73cec475ead --- /dev/null +++ b/2024/1xxx/CVE-2024-1671.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1671", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1672.json b/2024/1xxx/CVE-2024-1672.json new file mode 100644 index 00000000000..be44a8a1a0c --- /dev/null +++ b/2024/1xxx/CVE-2024-1672.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1672", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1673.json b/2024/1xxx/CVE-2024-1673.json new file mode 100644 index 00000000000..9fa5a78ea11 --- /dev/null +++ b/2024/1xxx/CVE-2024-1673.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1673", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1674.json b/2024/1xxx/CVE-2024-1674.json new file mode 100644 index 00000000000..8b59abd254a --- /dev/null +++ b/2024/1xxx/CVE-2024-1674.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1674", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1675.json b/2024/1xxx/CVE-2024-1675.json new file mode 100644 index 00000000000..a518236dbd9 --- /dev/null +++ b/2024/1xxx/CVE-2024-1675.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1675", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1676.json b/2024/1xxx/CVE-2024-1676.json new file mode 100644 index 00000000000..3cc15f3d9e3 --- /dev/null +++ b/2024/1xxx/CVE-2024-1676.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1676", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/21xxx/CVE-2024-21722.json b/2024/21xxx/CVE-2024-21722.json index 0bfebab0e9e..20d2ff59d2c 100644 --- a/2024/21xxx/CVE-2024-21722.json +++ b/2024/21xxx/CVE-2024-21722.json @@ -1,18 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21722", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613 Insufficient Session Expiration", + "cweId": "CWE-613" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2.0-3.10.14" + }, + { + "version_affected": "=", + "version_value": "4.0.0-4.4.2" + }, + { + "version_affected": "=", + "version_value": "5.0.0-5.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://developer.joomla.org/security-centre/925-20240201-core-insufficient-session-expiration-in-mfa-management-views.html", + "refsource": "MISC", + "name": "https://developer.joomla.org/security-centre/925-20240201-core-insufficient-session-expiration-in-mfa-management-views.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Carsten Schmitz" + } + ] } \ No newline at end of file diff --git a/2024/21xxx/CVE-2024-21723.json b/2024/21xxx/CVE-2024-21723.json index 850b2afe9b9..a58211557ae 100644 --- a/2024/21xxx/CVE-2024-21723.json +++ b/2024/21xxx/CVE-2024-21723.json @@ -1,18 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inadequate parsing of URLs could result into an open redirect." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.5.0-3.10.14" + }, + { + "version_affected": "=", + "version_value": "4.0.0-4.4.2" + }, + { + "version_affected": "=", + "version_value": "5.0.0-5.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://developer.joomla.org/security-centre/926-20240202-core-open-redirect-in-installation-application.html", + "refsource": "MISC", + "name": "https://developer.joomla.org/security-centre/926-20240202-core-open-redirect-in-installation-application.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "xishir" + } + ] } \ No newline at end of file diff --git a/2024/21xxx/CVE-2024-21724.json b/2024/21xxx/CVE-2024-21724.json index 33722bbbbe3..ce66314688e 100644 --- a/2024/21xxx/CVE-2024-21724.json +++ b/2024/21xxx/CVE-2024-21724.json @@ -1,18 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21724", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.6.0-3.10.14" + }, + { + "version_affected": "=", + "version_value": "4.0.0-4.4.2" + }, + { + "version_affected": "=", + "version_value": "5.0.0-5.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://developer.joomla.org/security-centre/927-20240203-core-xss-in-media-selection-fields.html", + "refsource": "MISC", + "name": "https://developer.joomla.org/security-centre/927-20240203-core-xss-in-media-selection-fields.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Dominik Ziegelm\u00fcller" + } + ] } \ No newline at end of file diff --git a/2024/21xxx/CVE-2024-21725.json b/2024/21xxx/CVE-2024-21725.json index 7a21284d332..3423e6f545a 100644 --- a/2024/21xxx/CVE-2024-21725.json +++ b/2024/21xxx/CVE-2024-21725.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21725", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0-4.4.2" + }, + { + "version_affected": "=", + "version_value": "5.0.0-5.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://developer.joomla.org/security-centre/928-20240204-core-xss-in-mail-address-outputs.html", + "refsource": "MISC", + "name": "https://developer.joomla.org/security-centre/928-20240204-core-xss-in-mail-address-outputs.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Gareth Heyes (PortSwigger Research)" + } + ] } \ No newline at end of file diff --git a/2024/21xxx/CVE-2024-21726.json b/2024/21xxx/CVE-2024-21726.json index b1e0c094a24..6be0095a837 100644 --- a/2024/21xxx/CVE-2024-21726.json +++ b/2024/21xxx/CVE-2024-21726.json @@ -1,18 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21726", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inadequate content filtering leads to XSS vulnerabilities in various components." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.7.0-3.10.14" + }, + { + "version_affected": "=", + "version_value": "4.0.0-4.4.2" + }, + { + "version_affected": "=", + "version_value": "5.0.0-5.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html", + "refsource": "MISC", + "name": "https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Stefan Schiller (Sonar)" + } + ] } \ No newline at end of file diff --git a/2024/21xxx/CVE-2024-21795.json b/2024/21xxx/CVE-2024-21795.json index fb82a06f089..67425b37932 100644 --- a/2024/21xxx/CVE-2024-21795.json +++ b/2024/21xxx/CVE-2024-21795.json @@ -62,6 +62,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1920", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1920" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1920", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1920" } ] }, diff --git a/2024/21xxx/CVE-2024-21812.json b/2024/21xxx/CVE-2024-21812.json index 2e1b1c1810f..be29562ec21 100644 --- a/2024/21xxx/CVE-2024-21812.json +++ b/2024/21xxx/CVE-2024-21812.json @@ -62,6 +62,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1921", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1921" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1921", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1921" } ] }, diff --git a/2024/22xxx/CVE-2024-22097.json b/2024/22xxx/CVE-2024-22097.json index d6ed8970445..3810fbada26 100644 --- a/2024/22xxx/CVE-2024-22097.json +++ b/2024/22xxx/CVE-2024-22097.json @@ -62,6 +62,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1917", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1917" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1917", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1917" } ] }, diff --git a/2024/23xxx/CVE-2024-23305.json b/2024/23xxx/CVE-2024-23305.json index 09213e3d7cd..07567c097b4 100644 --- a/2024/23xxx/CVE-2024-23305.json +++ b/2024/23xxx/CVE-2024-23305.json @@ -62,6 +62,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1918", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1918" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1918", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1918" } ] }, diff --git a/2024/23xxx/CVE-2024-23310.json b/2024/23xxx/CVE-2024-23310.json index a863806198b..88879a2919e 100644 --- a/2024/23xxx/CVE-2024-23310.json +++ b/2024/23xxx/CVE-2024-23310.json @@ -62,6 +62,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1923", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1923" } ] }, diff --git a/2024/23xxx/CVE-2024-23313.json b/2024/23xxx/CVE-2024-23313.json index 98490112399..ea1fe97df6e 100644 --- a/2024/23xxx/CVE-2024-23313.json +++ b/2024/23xxx/CVE-2024-23313.json @@ -62,6 +62,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1922", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1922" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1922", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1922" } ] }, diff --git a/2024/23xxx/CVE-2024-23606.json b/2024/23xxx/CVE-2024-23606.json index 7aab72970d4..de7372351c4 100644 --- a/2024/23xxx/CVE-2024-23606.json +++ b/2024/23xxx/CVE-2024-23606.json @@ -62,6 +62,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1925", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1925" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1925", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1925" } ] }, diff --git a/2024/23xxx/CVE-2024-23809.json b/2024/23xxx/CVE-2024-23809.json index 636ec5b2884..76c791c9413 100644 --- a/2024/23xxx/CVE-2024-23809.json +++ b/2024/23xxx/CVE-2024-23809.json @@ -62,6 +62,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1919", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1919" } ] }, diff --git a/2024/25xxx/CVE-2024-25262.json b/2024/25xxx/CVE-2024-25262.json index fe62134e986..062fe7a0f1b 100644 --- a/2024/25xxx/CVE-2024-25262.json +++ b/2024/25xxx/CVE-2024-25262.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25262", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25262", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tug.org/svn/texlive/trunk/Build/source/texk/ttfdump/ChangeLog?revision=69605&view=co", + "refsource": "MISC", + "name": "https://tug.org/svn/texlive/trunk/Build/source/texk/ttfdump/ChangeLog?revision=69605&view=co" + }, + { + "url": "https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912" } ] }