From aea94ca8f3a708696bd2a88081dac1e9bf5a5841 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 27 Feb 2024 14:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/51xxx/CVE-2023-51747.json | 84 +++++++++++++++++++++++++-- 2024/1xxx/CVE-2024-1918.json | 95 ++++++++++++++++++++++++++++-- 2024/1xxx/CVE-2024-1919.json | 95 ++++++++++++++++++++++++++++-- 2024/1xxx/CVE-2024-1920.json | 103 +++++++++++++++++++++++++++++++-- 2024/1xxx/CVE-2024-1931.json | 18 ++++++ 2024/1xxx/CVE-2024-1932.json | 18 ++++++ 6 files changed, 396 insertions(+), 17 deletions(-) create mode 100644 2024/1xxx/CVE-2024-1931.json create mode 100644 2024/1xxx/CVE-2024-1932.json diff --git a/2023/51xxx/CVE-2023-51747.json b/2023/51xxx/CVE-2023-51747.json index 3671825fbf8..607ff9d3811 100644 --- a/2023/51xxx/CVE-2023-51747.json +++ b/2023/51xxx/CVE-2023-51747.json @@ -1,18 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-51747", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling.\n\nA lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypass SPF checks.\n\nThe patch implies enforcement of CRLF as a line delimiter as part of the DATA transaction.\n\nWe recommend James users to upgrade to non vulnerable versions.\n" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache James server", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.7.4" + }, + { + "version_affected": "<=", + "version_name": "3.8", + "version_value": "3.8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/", + "refsource": "MISC", + "name": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/" + }, + { + "url": "https://postfix.org/smtp-smuggling.html", + "refsource": "MISC", + "name": "https://postfix.org/smtp-smuggling.html" + }, + { + "url": "https://lists.apache.org/thread/rxkwbkh9vgbl9rzx1fkllyk3krhgydko", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/rxkwbkh9vgbl9rzx1fkllyk3krhgydko" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Benoit TELLIER" + } + ] } \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1918.json b/2024/1xxx/CVE-2024-1918.json index 3b1cbfd11f0..be3c57d86a5 100644 --- a/2024/1xxx/CVE-2024-1918.json +++ b/2024/1xxx/CVE-2024-1918.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1918", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Beijing Baichuo Smart S42 Management Platform up to 20240219 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument hidwel leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254839. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Beijing Baichuo Smart S42 Management Platform bis 20240219 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /useratte/userattestation.php. Mit der Manipulation des Arguments hidwel mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Beijing Baichuo", + "product": { + "product_data": [ + { + "product_name": "Smart S42 Management Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20240219" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.254839", + "refsource": "MISC", + "name": "https://vuldb.com/?id.254839" + }, + { + "url": "https://vuldb.com/?ctiid.254839", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.254839" + }, + { + "url": "https://github.com/Echosssy/CVE/blob/main/%E5%85%B3%E4%BA%8ESmart%20S42%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0%E5%AD%98%E5%9C%A8%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E%E7%9A%84%E6%83%85%E5%86%B5%E9%80%9A%E6%8A%A5-userattestation.php.docx", + "refsource": "MISC", + "name": "https://github.com/Echosssy/CVE/blob/main/%E5%85%B3%E4%BA%8ESmart%20S42%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0%E5%AD%98%E5%9C%A8%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E%E7%9A%84%E6%83%85%E5%86%B5%E9%80%9A%E6%8A%A5-userattestation.php.docx" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Ting (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.7, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] } diff --git a/2024/1xxx/CVE-2024-1919.json b/2024/1xxx/CVE-2024-1919.json index b45ba5368a9..10a9d347e69 100644 --- a/2024/1xxx/CVE-2024-1919.json +++ b/2024/1xxx/CVE-2024-1919.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1919", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in SourceCodester Online Job Portal 1.0. This vulnerability affects unknown code of the file /Employer/ManageWalkin.php of the component Manage Walkin Page. The manipulation of the argument Job Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-254854 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In SourceCodester Online Job Portal 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /Employer/ManageWalkin.php der Komponente Manage Walkin Page. Mittels Manipulieren des Arguments Job Title mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Online Job Portal", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.254854", + "refsource": "MISC", + "name": "https://vuldb.com/?id.254854" + }, + { + "url": "https://vuldb.com/?ctiid.254854", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.254854" + }, + { + "url": "https://prnt.sc/1W0g0F8vv2mw", + "refsource": "MISC", + "name": "https://prnt.sc/1W0g0F8vv2mw" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "ahmed8199 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2024/1xxx/CVE-2024-1920.json b/2024/1xxx/CVE-2024-1920.json index d4b76ca3919..2ce0095116e 100644 --- a/2024/1xxx/CVE-2024-1920.json +++ b/2024/1xxx/CVE-2024-1920.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1920", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key\r . The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254855." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in osuuu LightPicture bis 1.2.2 entdeckt. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion handle der Datei /app/middleware/TokenVerify.php. Durch das Manipulieren mit unbekannten Daten kann eine use of hard-coded cryptographic key\r -Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-321 Use of Hard-coded Cryptographic Key\r\n", + "cweId": "CWE-321" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "osuuu", + "product": { + "product_data": [ + { + "product_name": "LightPicture", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.2.0" + }, + { + "version_affected": "=", + "version_value": "1.2.1" + }, + { + "version_affected": "=", + "version_value": "1.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.254855", + "refsource": "MISC", + "name": "https://vuldb.com/?id.254855" + }, + { + "url": "https://vuldb.com/?ctiid.254855", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.254855" + }, + { + "url": "https://note.zhaoj.in/share/gKyCbSSdJ5fY", + "refsource": "MISC", + "name": "https://note.zhaoj.in/share/gKyCbSSdJ5fY" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "glzjin (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.6, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.6, + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.1, + "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P" } ] } diff --git a/2024/1xxx/CVE-2024-1931.json b/2024/1xxx/CVE-2024-1931.json new file mode 100644 index 00000000000..17072aa8688 --- /dev/null +++ b/2024/1xxx/CVE-2024-1931.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1931", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1932.json b/2024/1xxx/CVE-2024-1932.json new file mode 100644 index 00000000000..896067aebaf --- /dev/null +++ b/2024/1xxx/CVE-2024-1932.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1932", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file