From b19f3f6c0f53de42616ba090db7aaa687d88d3c3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Nov 2024 17:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/26xxx/CVE-2020-26062.json | 269 ++++++++++++- 2020/26xxx/CVE-2020-26063.json | 268 ++++++++++++- 2020/26xxx/CVE-2020-26066.json | 261 +++++++++++- 2020/26xxx/CVE-2020-26067.json | 85 +++- 2020/26xxx/CVE-2020-26071.json | 698 ++++++++++++++++++++++++++++++++- 2020/27xxx/CVE-2020-27124.json | 95 ++++- 2020/3xxx/CVE-2020-3420.json | 90 ++++- 2020/3xxx/CVE-2020-3431.json | 85 +++- 2024/10xxx/CVE-2024-10390.json | 76 +++- 2024/11xxx/CVE-2024-11343.json | 18 + 2024/11xxx/CVE-2024-11344.json | 18 + 2024/11xxx/CVE-2024-11345.json | 18 + 2024/11xxx/CVE-2024-11346.json | 18 + 2024/11xxx/CVE-2024-11347.json | 18 + 2024/11xxx/CVE-2024-11348.json | 18 + 2024/11xxx/CVE-2024-11349.json | 18 + 2024/11xxx/CVE-2024-11350.json | 18 + 2024/42xxx/CVE-2024-42677.json | 5 + 2024/43xxx/CVE-2024-43416.json | 81 +++- 2024/44xxx/CVE-2024-44756.json | 61 ++- 2024/44xxx/CVE-2024-44757.json | 61 ++- 2024/47xxx/CVE-2024-47533.json | 90 ++++- 2024/47xxx/CVE-2024-47820.json | 81 +++- 2024/48xxx/CVE-2024-48896.json | 2 +- 2024/48xxx/CVE-2024-48897.json | 2 +- 2024/48xxx/CVE-2024-48898.json | 2 +- 2024/48xxx/CVE-2024-48900.json | 2 +- 2024/48xxx/CVE-2024-48901.json | 2 +- 2024/52xxx/CVE-2024-52419.json | 85 +++- 2024/52xxx/CVE-2024-52422.json | 85 +++- 2024/52xxx/CVE-2024-52423.json | 85 +++- 2024/52xxx/CVE-2024-52424.json | 85 +++- 32 files changed, 2719 insertions(+), 81 deletions(-) create mode 100644 2024/11xxx/CVE-2024-11343.json create mode 100644 2024/11xxx/CVE-2024-11344.json create mode 100644 2024/11xxx/CVE-2024-11345.json create mode 100644 2024/11xxx/CVE-2024-11346.json create mode 100644 2024/11xxx/CVE-2024-11347.json create mode 100644 2024/11xxx/CVE-2024-11348.json create mode 100644 2024/11xxx/CVE-2024-11349.json create mode 100644 2024/11xxx/CVE-2024-11350.json diff --git a/2020/26xxx/CVE-2020-26062.json b/2020/26xxx/CVE-2020-26062.json index 5dccebe6c40..f2136ed54e9 100644 --- a/2020/26xxx/CVE-2020-26062.json +++ b/2020/26xxx/CVE-2020-26062.json @@ -1,17 +1,278 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-26062", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application.\r\nThe vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Observable Discrepancy", + "cweId": "CWE-203" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Computing System (Managed)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0(1a)" + }, + { + "version_affected": "=", + "version_value": "3.2(3n)" + }, + { + "version_affected": "=", + "version_value": "4.1(1a)" + }, + { + "version_affected": "=", + "version_value": "4.1(1b)" + }, + { + "version_affected": "=", + "version_value": "4.0(4h)" + }, + { + "version_affected": "=", + "version_value": "4.1(1c)" + }, + { + "version_affected": "=", + "version_value": "3.2(3k)" + }, + { + "version_affected": "=", + "version_value": "3.2(2c)" + }, + { + "version_affected": "=", + "version_value": "4.0(4e)" + }, + { + "version_affected": "=", + "version_value": "4.0(4g)" + }, + { + "version_affected": "=", + "version_value": "3.2(3i)" + }, + { + "version_affected": "=", + "version_value": "4.0(2e)" + }, + { + "version_affected": "=", + "version_value": "3.2(3g)" + }, + { + "version_affected": "=", + "version_value": "4.0(4a)" + }, + { + "version_affected": "=", + "version_value": "4.0(2d)" + }, + { + "version_affected": "=", + "version_value": "3.2(2d)" + }, + { + "version_affected": "=", + "version_value": "4.0(1b)" + }, + { + "version_affected": "=", + "version_value": "4.0(4f)" + }, + { + "version_affected": "=", + "version_value": "3.2(3h)" + }, + { + "version_affected": "=", + "version_value": "3.2(2f)" + }, + { + "version_affected": "=", + "version_value": "4.0(4c)" + }, + { + "version_affected": "=", + "version_value": "3.2(3a)" + }, + { + "version_affected": "=", + "version_value": "4.0(1c)" + }, + { + "version_affected": "=", + "version_value": "3.2(3d)" + }, + { + "version_affected": "=", + "version_value": "3.2(2b)" + }, + { + "version_affected": "=", + "version_value": "4.0(4b)" + }, + { + "version_affected": "=", + "version_value": "3.2(2e)" + }, + { + "version_affected": "=", + "version_value": "4.0(2b)" + }, + { + "version_affected": "=", + "version_value": "4.0(4d)" + }, + { + "version_affected": "=", + "version_value": "3.2(1d)" + }, + { + "version_affected": "=", + "version_value": "3.2(3e)" + }, + { + "version_affected": "=", + "version_value": "3.2(3l)" + }, + { + "version_affected": "=", + "version_value": "3.2(3b)" + }, + { + "version_affected": "=", + "version_value": "4.0(2a)" + }, + { + "version_affected": "=", + "version_value": "3.2(3j)" + }, + { + "version_affected": "=", + "version_value": "4.0(1d)" + }, + { + "version_affected": "=", + "version_value": "3.2(3o)" + }, + { + "version_affected": "=", + "version_value": "4.0(4i)" + }, + { + "version_affected": "=", + "version_value": "4.1(1d)" + }, + { + "version_affected": "=", + "version_value": "4.1(2a)" + }, + { + "version_affected": "=", + "version_value": "4.1(1e)" + }, + { + "version_affected": "=", + "version_value": "3.2(3p)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-enum-CyheP3B7", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-enum-CyheP3B7" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL" + } + ] + }, + "source": { + "advisory": "cisco-sa-cimc-enum-CyheP3B7", + "discovery": "EXTERNAL", + "defects": [ + "CSCvv07275" + ] + }, + "exploit": [ + { + "lang": "en", + "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/RL:X/RC:X/E:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2020/26xxx/CVE-2020-26063.json b/2020/26xxx/CVE-2020-26063.json index 3f53036c127..f7704a89ae3 100644 --- a/2020/26xxx/CVE-2020-26063.json +++ b/2020/26xxx/CVE-2020-26063.json @@ -1,17 +1,277 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-26063", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization.\r\nThe vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affected system.There are no workarounds that address this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Computing System (Managed)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0(1a)" + }, + { + "version_affected": "=", + "version_value": "3.2(3n)" + }, + { + "version_affected": "=", + "version_value": "4.1(1a)" + }, + { + "version_affected": "=", + "version_value": "4.1(1b)" + }, + { + "version_affected": "=", + "version_value": "4.0(4h)" + }, + { + "version_affected": "=", + "version_value": "4.1(1c)" + }, + { + "version_affected": "=", + "version_value": "3.2(3k)" + }, + { + "version_affected": "=", + "version_value": "3.2(2c)" + }, + { + "version_affected": "=", + "version_value": "4.0(4e)" + }, + { + "version_affected": "=", + "version_value": "4.0(4g)" + }, + { + "version_affected": "=", + "version_value": "3.2(3i)" + }, + { + "version_affected": "=", + "version_value": "4.0(2e)" + }, + { + "version_affected": "=", + "version_value": "3.2(3g)" + }, + { + "version_affected": "=", + "version_value": "4.0(4a)" + }, + { + "version_affected": "=", + "version_value": "4.0(2d)" + }, + { + "version_affected": "=", + "version_value": "3.2(2d)" + }, + { + "version_affected": "=", + "version_value": "4.0(1b)" + }, + { + "version_affected": "=", + "version_value": "4.0(4f)" + }, + { + "version_affected": "=", + "version_value": "3.2(3h)" + }, + { + "version_affected": "=", + "version_value": "3.2(2f)" + }, + { + "version_affected": "=", + "version_value": "4.0(4c)" + }, + { + "version_affected": "=", + "version_value": "3.2(3a)" + }, + { + "version_affected": "=", + "version_value": "4.0(1c)" + }, + { + "version_affected": "=", + "version_value": "3.2(3d)" + }, + { + "version_affected": "=", + "version_value": "3.2(2b)" + }, + { + "version_affected": "=", + "version_value": "4.0(4b)" + }, + { + "version_affected": "=", + "version_value": "3.2(2e)" + }, + { + "version_affected": "=", + "version_value": "4.0(2b)" + }, + { + "version_affected": "=", + "version_value": "4.0(4d)" + }, + { + "version_affected": "=", + "version_value": "3.2(1d)" + }, + { + "version_affected": "=", + "version_value": "3.2(3e)" + }, + { + "version_affected": "=", + "version_value": "3.2(3l)" + }, + { + "version_affected": "=", + "version_value": "3.2(3b)" + }, + { + "version_affected": "=", + "version_value": "4.0(2a)" + }, + { + "version_affected": "=", + "version_value": "3.2(3j)" + }, + { + "version_affected": "=", + "version_value": "4.0(1d)" + }, + { + "version_affected": "=", + "version_value": "3.2(3o)" + }, + { + "version_affected": "=", + "version_value": "4.0(4i)" + }, + { + "version_affected": "=", + "version_value": "4.1(1d)" + }, + { + "version_affected": "=", + "version_value": "4.1(2a)" + }, + { + "version_affected": "=", + "version_value": "4.1(1e)" + }, + { + "version_affected": "=", + "version_value": "3.2(3p)" + }, + { + "version_affected": "=", + "version_value": "4.1(2b)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD" + } + ] + }, + "source": { + "advisory": "cisco-sa-cimc-auth-zWkppJxL", + "discovery": "EXTERNAL", + "defects": [ + "CSCvv07287" + ] + }, + "exploit": [ + { + "lang": "en", + "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/RL:X/RC:X/E:X", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" } ] } diff --git a/2020/26xxx/CVE-2020-26066.json b/2020/26xxx/CVE-2020-26066.json index f5a3ff3c115..0fae9837031 100644 --- a/2020/26xxx/CVE-2020-26066.json +++ b/2020/26xxx/CVE-2020-26066.json @@ -1,17 +1,270 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-26066", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system.\r\nThe vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco Catalyst SD-WAN Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20.1.12" + }, + { + "version_affected": "=", + "version_value": "19.2.1" + }, + { + "version_affected": "=", + "version_value": "18.4.4" + }, + { + "version_affected": "=", + "version_value": "18.4.5" + }, + { + "version_affected": "=", + "version_value": "20.1.1.1" + }, + { + "version_affected": "=", + "version_value": "20.1.1" + }, + { + "version_affected": "=", + "version_value": "19.3.0" + }, + { + "version_affected": "=", + "version_value": "19.2.2" + }, + { + "version_affected": "=", + "version_value": "19.2.099" + }, + { + "version_affected": "=", + "version_value": "18.3.6" + }, + { + "version_affected": "=", + "version_value": "18.3.7" + }, + { + "version_affected": "=", + "version_value": "19.2.0" + }, + { + "version_affected": "=", + "version_value": "18.3.8" + }, + { + "version_affected": "=", + "version_value": "19.0.0" + }, + { + "version_affected": "=", + "version_value": "19.1.0" + }, + { + "version_affected": "=", + "version_value": "18.4.302" + }, + { + "version_affected": "=", + "version_value": "18.4.303" + }, + { + "version_affected": "=", + "version_value": "19.2.097" + }, + { + "version_affected": "=", + "version_value": "19.2.098" + }, + { + "version_affected": "=", + "version_value": "17.2.10" + }, + { + "version_affected": "=", + "version_value": "18.3.6.1" + }, + { + "version_affected": "=", + "version_value": "19.0.1a" + }, + { + "version_affected": "=", + "version_value": "18.2.0" + }, + { + "version_affected": "=", + "version_value": "18.4.3" + }, + { + "version_affected": "=", + "version_value": "18.4.1" + }, + { + "version_affected": "=", + "version_value": "17.2.8" + }, + { + "version_affected": "=", + "version_value": "18.3.3.1" + }, + { + "version_affected": "=", + "version_value": "18.4.0" + }, + { + "version_affected": "=", + "version_value": "18.3.1" + }, + { + "version_affected": "=", + "version_value": "17.2.6" + }, + { + "version_affected": "=", + "version_value": "17.2.9" + }, + { + "version_affected": "=", + "version_value": "18.3.4" + }, + { + "version_affected": "=", + "version_value": "17.2.5" + }, + { + "version_affected": "=", + "version_value": "18.3.1.1" + }, + { + "version_affected": "=", + "version_value": "18.3.5" + }, + { + "version_affected": "=", + "version_value": "18.4.0.1" + }, + { + "version_affected": "=", + "version_value": "18.3.3" + }, + { + "version_affected": "=", + "version_value": "17.2.7" + }, + { + "version_affected": "=", + "version_value": "17.2.4" + }, + { + "version_affected": "=", + "version_value": "18.3.0" + }, + { + "version_affected": "=", + "version_value": "19.2.3" + }, + { + "version_affected": "=", + "version_value": "18.4.501_ES" + }, + { + "version_affected": "=", + "version_value": "20.3.1" + }, + { + "version_affected": "=", + "version_value": "19.2.929" + }, + { + "version_affected": "=", + "version_value": "19.2.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD" + } + ] + }, + "source": { + "advisory": "cisco-sa-vmanx3-vrZbOqqD", + "discovery": "EXTERNAL", + "defects": [ + "CSCvv09746" + ] + }, + "exploit": [ + { + "lang": "en", + "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." + } + ], + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2020/26xxx/CVE-2020-26067.json b/2020/26xxx/CVE-2020-26067.json index 9bac6ba285a..27d517b9059 100644 --- a/2020/26xxx/CVE-2020-26067.json +++ b/2020/26xxx/CVE-2020-26067.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-26067", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks.\r\nThe vulnerability is due to improper validation of usernames. An attacker could exploit this vulnerability by creating an account that contains malicious HTML or script content and joining a space using the malicious account name. A successful exploit could allow the attacker to conduct cross-site scripting attacks and potentially gain access to sensitive browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", + "cweId": "CWE-80" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco Webex Teams", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3" + } + ] + }, + "source": { + "advisory": "cisco-sa-webex-teams-xss-zLW9tD3", + "discovery": "EXTERNAL", + "defects": [ + "CSCvv40214" + ] + }, + "exploit": [ + { + "lang": "en", + "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/RL:X/RC:X/E:X", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" } ] } diff --git a/2020/26xxx/CVE-2020-26071.json b/2020/26xxx/CVE-2020-26071.json index 95f2fad8173..0a51716b328 100644 --- a/2020/26xxx/CVE-2020-26071.json +++ b/2020/26xxx/CVE-2020-26071.json @@ -1,17 +1,707 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-26071", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition.\r\nThe vulnerability is due to insufficient input validation for specific commands. An attacker could exploit this vulnerability by including crafted arguments to those specific commands. A successful exploit could allow the attacker to create or overwrite arbitrary files on the affected device, which could result in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco Catalyst SD-WAN Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20.1.12" + }, + { + "version_affected": "=", + "version_value": "19.2.1" + }, + { + "version_affected": "=", + "version_value": "18.4.4" + }, + { + "version_affected": "=", + "version_value": "18.4.5" + }, + { + "version_affected": "=", + "version_value": "20.1.1.1" + }, + { + "version_affected": "=", + "version_value": "20.1.1" + }, + { + "version_affected": "=", + "version_value": "19.3.0" + }, + { + "version_affected": "=", + "version_value": "19.2.2" + }, + { + "version_affected": "=", + "version_value": "19.2.099" + }, + { + "version_affected": "=", + "version_value": "18.3.6" + }, + { + "version_affected": "=", + "version_value": "18.3.7" + }, + { + "version_affected": "=", + "version_value": "19.2.0" + }, + { + "version_affected": "=", + "version_value": "18.3.8" + }, + { + "version_affected": "=", + "version_value": "19.0.0" + }, + { + "version_affected": "=", + "version_value": "19.1.0" + }, + { + "version_affected": "=", + "version_value": "18.4.302" + }, + { + "version_affected": "=", + "version_value": "18.4.303" + }, + { + "version_affected": "=", + "version_value": "19.2.097" + }, + { + "version_affected": "=", + "version_value": "19.2.098" + }, + { + "version_affected": "=", + "version_value": "17.2.10" + }, + { + "version_affected": "=", + "version_value": "18.3.6.1" + }, + { + "version_affected": "=", + "version_value": "19.0.1a" + }, + { + "version_affected": "=", + "version_value": "18.2.0" + }, + { + "version_affected": "=", + "version_value": "18.4.3" + }, + { + "version_affected": "=", + "version_value": "18.4.1" + }, + { + "version_affected": "=", + "version_value": "17.2.8" + }, + { + "version_affected": "=", + "version_value": "18.3.3.1" + }, + { + "version_affected": "=", + "version_value": "18.4.0" + }, + { + "version_affected": "=", + "version_value": "18.3.1" + }, + { + "version_affected": "=", + "version_value": "17.2.6" + }, + { + "version_affected": "=", + "version_value": "17.2.9" + }, + { + "version_affected": "=", + "version_value": "18.3.4" + }, + { + "version_affected": "=", + "version_value": "17.2.5" + }, + { + "version_affected": "=", + "version_value": "18.3.1.1" + }, + { + "version_affected": "=", + "version_value": "18.3.5" + }, + { + "version_affected": "=", + "version_value": "18.4.0.1" + }, + { + "version_affected": "=", + "version_value": "18.3.3" + }, + { + "version_affected": "=", + "version_value": "17.2.7" + }, + { + "version_affected": "=", + "version_value": "17.2.4" + }, + { + "version_affected": "=", + "version_value": "18.3.0" + }, + { + "version_affected": "=", + "version_value": "19.2.3" + }, + { + "version_affected": "=", + "version_value": "18.4.501_ES" + } + ] + } + }, + { + "product_name": "Cisco SD-WAN vContainer", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "18.4.5" + }, + { + "version_affected": "=", + "version_value": "20.1.12" + }, + { + "version_affected": "=", + "version_value": "18.3.6" + }, + { + "version_affected": "=", + "version_value": "19.2.1" + }, + { + "version_affected": "=", + "version_value": "19.3.0" + }, + { + "version_affected": "=", + "version_value": "20.1.1" + }, + { + "version_affected": "=", + "version_value": "19.2.2" + }, + { + "version_affected": "=", + "version_value": "18.3.8" + }, + { + "version_affected": "=", + "version_value": "18.4.3" + }, + { + "version_affected": "=", + "version_value": "18.4.4" + }, + { + "version_affected": "=", + "version_value": "18.4.302" + }, + { + "version_affected": "=", + "version_value": "19.1.0" + }, + { + "version_affected": "=", + "version_value": "18.4.303" + }, + { + "version_affected": "=", + "version_value": "19.2.0" + }, + { + "version_affected": "=", + "version_value": "19.2.098" + }, + { + "version_affected": "=", + "version_value": "17.2.10" + }, + { + "version_affected": "=", + "version_value": "18.3.7" + }, + { + "version_affected": "=", + "version_value": "18.3.1" + }, + { + "version_affected": "=", + "version_value": "19.2.099" + }, + { + "version_affected": "=", + "version_value": "19.2.097" + }, + { + "version_affected": "=", + "version_value": "18.3.4" + }, + { + "version_affected": "=", + "version_value": "18.2.0" + }, + { + "version_affected": "=", + "version_value": "18.3.5" + }, + { + "version_affected": "=", + "version_value": "18.4.1" + }, + { + "version_affected": "=", + "version_value": "17.2.5" + }, + { + "version_affected": "=", + "version_value": "17.2.7" + }, + { + "version_affected": "=", + "version_value": "17.2.8" + }, + { + "version_affected": "=", + "version_value": "17.2.9" + }, + { + "version_affected": "=", + "version_value": "18.4.0" + }, + { + "version_affected": "=", + "version_value": "17.2.6" + }, + { + "version_affected": "=", + "version_value": "18.3.0" + }, + { + "version_affected": "=", + "version_value": "17.2.4" + }, + { + "version_affected": "=", + "version_value": "18.3.3" + }, + { + "version_affected": "=", + "version_value": "19.2.3" + } + ] + } + }, + { + "product_name": "Cisco SD-WAN vEdge Cloud", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "19.2.1" + }, + { + "version_affected": "=", + "version_value": "20.1.12" + }, + { + "version_affected": "=", + "version_value": "18.4.4" + }, + { + "version_affected": "=", + "version_value": "19.3.0" + }, + { + "version_affected": "=", + "version_value": "18.3.8" + }, + { + "version_affected": "=", + "version_value": "19.2.2" + }, + { + "version_affected": "=", + "version_value": "20.1.1" + }, + { + "version_affected": "=", + "version_value": "18.3.6" + }, + { + "version_affected": "=", + "version_value": "18.4.3" + }, + { + "version_affected": "=", + "version_value": "18.4.302" + }, + { + "version_affected": "=", + "version_value": "18.4.5" + }, + { + "version_affected": "=", + "version_value": "18.4.303" + }, + { + "version_affected": "=", + "version_value": "19.2.098" + }, + { + "version_affected": "=", + "version_value": "19.1.0" + }, + { + "version_affected": "=", + "version_value": "17.2.10" + }, + { + "version_affected": "=", + "version_value": "19.0.1a" + }, + { + "version_affected": "=", + "version_value": "19.2.099" + }, + { + "version_affected": "=", + "version_value": "18.3.7" + }, + { + "version_affected": "=", + "version_value": "19.2.097" + }, + { + "version_affected": "=", + "version_value": "18.3.1" + }, + { + "version_affected": "=", + "version_value": "19.2.0" + }, + { + "version_affected": "=", + "version_value": "17.2.9" + }, + { + "version_affected": "=", + "version_value": "18.3.4" + }, + { + "version_affected": "=", + "version_value": "18.2.0" + }, + { + "version_affected": "=", + "version_value": "18.4.1" + }, + { + "version_affected": "=", + "version_value": "17.2.5" + }, + { + "version_affected": "=", + "version_value": "18.4.0" + }, + { + "version_affected": "=", + "version_value": "18.3.5" + }, + { + "version_affected": "=", + "version_value": "18.3.3" + }, + { + "version_affected": "=", + "version_value": "17.2.7" + }, + { + "version_affected": "=", + "version_value": "17.2.6" + }, + { + "version_affected": "=", + "version_value": "17.2.8" + }, + { + "version_affected": "=", + "version_value": "18.3.0" + }, + { + "version_affected": "=", + "version_value": "17.2.4" + }, + { + "version_affected": "=", + "version_value": "19.2.3" + } + ] + } + }, + { + "product_name": "Cisco SD-WAN vEdge Router", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "18.4.303" + }, + { + "version_affected": "=", + "version_value": "18.3.7" + }, + { + "version_affected": "=", + "version_value": "19.3.0" + }, + { + "version_affected": "=", + "version_value": "18.2.0" + }, + { + "version_affected": "=", + "version_value": "20.1.12" + }, + { + "version_affected": "=", + "version_value": "19.2.099" + }, + { + "version_affected": "=", + "version_value": "17.2.10" + }, + { + "version_affected": "=", + "version_value": "18.3.3" + }, + { + "version_affected": "=", + "version_value": "18.3.6" + }, + { + "version_affected": "=", + "version_value": "19.0.0" + }, + { + "version_affected": "=", + "version_value": "17.2.6" + }, + { + "version_affected": "=", + "version_value": "18.4.0" + }, + { + "version_affected": "=", + "version_value": "19.1.01" + }, + { + "version_affected": "=", + "version_value": "19.2.098" + }, + { + "version_affected": "=", + "version_value": "18.3.1" + }, + { + "version_affected": "=", + "version_value": "18.4.302" + }, + { + "version_affected": "=", + "version_value": "19.2.2" + }, + { + "version_affected": "=", + "version_value": "18.3.5" + }, + { + "version_affected": "=", + "version_value": "17.2.9" + }, + { + "version_affected": "=", + "version_value": "19.1.0" + }, + { + "version_affected": "=", + "version_value": "20.1.11" + }, + { + "version_affected": "=", + "version_value": "19.2.097" + }, + { + "version_affected": "=", + "version_value": "18.4.5" + }, + { + "version_affected": "=", + "version_value": "17.2.5" + }, + { + "version_affected": "=", + "version_value": "17.2.8" + }, + { + "version_affected": "=", + "version_value": "18.3.8" + }, + { + "version_affected": "=", + "version_value": "18.3.0" + }, + { + "version_affected": "=", + "version_value": "18.4.3" + }, + { + "version_affected": "=", + "version_value": "18.4.4" + }, + { + "version_affected": "=", + "version_value": "19.2.1" + }, + { + "version_affected": "=", + "version_value": "17.2.4" + }, + { + "version_affected": "=", + "version_value": "18.3.4" + }, + { + "version_affected": "=", + "version_value": "19.0.1a" + }, + { + "version_affected": "=", + "version_value": "20.1.1" + }, + { + "version_affected": "=", + "version_value": "17.2.7" + }, + { + "version_affected": "=", + "version_value": "18.4.1" + }, + { + "version_affected": "=", + "version_value": "19.2.0" + }, + { + "version_affected": "=", + "version_value": "19.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns" + } + ] + }, + "source": { + "advisory": "cisco-sa-vsoln-arbfile-gtsEYxns", + "discovery": "INTERNAL", + "defects": [ + "CSCvv09807" + ] + }, + "exploit": [ + { + "lang": "en", + "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/RL:X/RC:X/E:X", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2020/27xxx/CVE-2020-27124.json b/2020/27xxx/CVE-2020-27124.json index b2471c3ed3d..f5bd250c329 100644 --- a/2020/27xxx/CVE-2020-27124.json +++ b/2020/27xxx/CVE-2020-27124.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27124", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition.\r\nThe vulnerability is due to improper error handling on established SSL/TLS connections. An attacker could exploit this vulnerability by establishing an SSL/TLS connection with the affected device and then sending a malicious SSL/TLS message within that connection. A successful exploit could allow the attacker to cause the device to reload.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Uninitialized Variable", + "cweId": "CWE-457" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco Adaptive Security Appliance (ASA) Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq" + } + ] + }, + "source": { + "advisory": "cisco-sa-asa-ssl-dos-7uZWwSEy", + "discovery": "EXTERNAL", + "defects": [ + "CSCvt64822" + ] + }, + "exploit": [ + { + "lang": "en", + "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/RL:X/RC:X/E:X", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2020/3xxx/CVE-2020-3420.json b/2020/3xxx/CVE-2020-3420.json index f2a1e684f0a..c5958f8bdfc 100644 --- a/2020/3xxx/CVE-2020-3420.json +++ b/2020/3xxx/CVE-2020-3420.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3420", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\nThe vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.There are no workarounds that address this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Communications Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3" + } + ] + }, + "source": { + "advisory": "cisco-sa-cucm-xss-bLZw4Ctq", + "discovery": "INTERNAL", + "defects": [ + "CSCvs88276" + ] + }, + "exploit": [ + { + "lang": "en", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." + } + ], + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" } ] } diff --git a/2020/3xxx/CVE-2020-3431.json b/2020/3xxx/CVE-2020-3431.json index 12c92075a1a..5fe0d372d3e 100644 --- a/2020/3xxx/CVE-2020-3431.json +++ b/2020/3xxx/CVE-2020-3431.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3431", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and Cisco Small Business RV042G Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.\r\nThe vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco Small Business RV Series Router Firmware", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3" + } + ] + }, + "source": { + "advisory": "cisco-sa-sa-rv-routers-xss-K7Z5U6q3", + "discovery": "EXTERNAL", + "defects": [ + "CSCvu06343" + ] + }, + "exploit": [ + { + "lang": "en", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/RL:X/RC:X/E:X", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" } ] } diff --git a/2024/10xxx/CVE-2024-10390.json b/2024/10xxx/CVE-2024-10390.json index 0737aa0ad8c..bf908f1cc78 100644 --- a/2024/10xxx/CVE-2024-10390.json +++ b/2024/10xxx/CVE-2024-10390.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10390", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Elfsight", + "product": { + "product_data": [ + { + "product_name": "Elfsight Telegram Chat CC", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07244763-3482-4cfb-8ae4-d19f312011aa?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07244763-3482-4cfb-8ae4-d19f312011aa?source=cve" + }, + { + "url": "https://codecanyon.net/item/elfsight-telegram-chat/25288599", + "refsource": "MISC", + "name": "https://codecanyon.net/item/elfsight-telegram-chat/25288599" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Istv\u00e1n M\u00e1rton" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/11xxx/CVE-2024-11343.json b/2024/11xxx/CVE-2024-11343.json new file mode 100644 index 00000000000..99b7c130bf1 --- /dev/null +++ b/2024/11xxx/CVE-2024-11343.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11343", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11344.json b/2024/11xxx/CVE-2024-11344.json new file mode 100644 index 00000000000..90b1e5c47a3 --- /dev/null +++ b/2024/11xxx/CVE-2024-11344.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11344", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11345.json b/2024/11xxx/CVE-2024-11345.json new file mode 100644 index 00000000000..a549a1d8c1f --- /dev/null +++ b/2024/11xxx/CVE-2024-11345.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11345", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11346.json b/2024/11xxx/CVE-2024-11346.json new file mode 100644 index 00000000000..57241bc5a7c --- /dev/null +++ b/2024/11xxx/CVE-2024-11346.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11346", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11347.json b/2024/11xxx/CVE-2024-11347.json new file mode 100644 index 00000000000..00c17d8f8aa --- /dev/null +++ b/2024/11xxx/CVE-2024-11347.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11347", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11348.json b/2024/11xxx/CVE-2024-11348.json new file mode 100644 index 00000000000..4d33495146a --- /dev/null +++ b/2024/11xxx/CVE-2024-11348.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11348", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11349.json b/2024/11xxx/CVE-2024-11349.json new file mode 100644 index 00000000000..a9a5747cba4 --- /dev/null +++ b/2024/11xxx/CVE-2024-11349.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11349", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11350.json b/2024/11xxx/CVE-2024-11350.json new file mode 100644 index 00000000000..a8d7c8804ac --- /dev/null +++ b/2024/11xxx/CVE-2024-11350.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11350", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/42xxx/CVE-2024-42677.json b/2024/42xxx/CVE-2024-42677.json index 94f16fa8425..aa90b1aab10 100644 --- a/2024/42xxx/CVE-2024-42677.json +++ b/2024/42xxx/CVE-2024-42677.json @@ -56,6 +56,11 @@ "url": "https://github.com/WarmBrew/web_vul/blob/main/HZ-cve/HZlfi.md", "refsource": "MISC", "name": "https://github.com/WarmBrew/web_vul/blob/main/HZ-cve/HZlfi.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-42677.md", + "url": "https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-42677.md" } ] } diff --git a/2024/43xxx/CVE-2024-43416.json b/2024/43xxx/CVE-2024-43416.json index e3f76905430..009716564a3 100644 --- a/2024/43xxx/CVE-2024-43416.json +++ b/2024/43xxx/CVE-2024-43416.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-43416", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "glpi-project", + "product": { + "product_data": [ + { + "product_name": "glpi", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 0.80, < 10.0.17" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-j8gc-xpgr-2ww7", + "refsource": "MISC", + "name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-j8gc-xpgr-2ww7" + }, + { + "url": "https://github.com/glpi-project/glpi/commit/9be1466053f829680db318f7e7e5880d2d789c6d", + "refsource": "MISC", + "name": "https://github.com/glpi-project/glpi/commit/9be1466053f829680db318f7e7e5880d2d789c6d" + } + ] + }, + "source": { + "advisory": "GHSA-j8gc-xpgr-2ww7", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/44xxx/CVE-2024-44756.json b/2024/44xxx/CVE-2024-44756.json index 5a5fc1d8007..1315978c96c 100644 --- a/2024/44xxx/CVE-2024-44756.json +++ b/2024/44xxx/CVE-2024-44756.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-44756", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-44756", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NUS-M9 ERP Management Software v3.0.0 was discovered to contain a SQL injection vulnerability via the usercode parameter at /UserWH/checkLogin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/WarmBrew/web_vul/blob/main/M9ERP/M9ERP-sqli.md", + "refsource": "MISC", + "name": "https://github.com/WarmBrew/web_vul/blob/main/M9ERP/M9ERP-sqli.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44756.md", + "url": "https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44756.md" } ] } diff --git a/2024/44xxx/CVE-2024-44757.json b/2024/44xxx/CVE-2024-44757.json index 8591f9e25e5..14b165edddf 100644 --- a/2024/44xxx/CVE-2024-44757.json +++ b/2024/44xxx/CVE-2024-44757.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-44757", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-44757", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/WarmBrew/web_vul/blob/main/M9ERP/M9ERP-filedown-Basics.md", + "refsource": "MISC", + "name": "https://github.com/WarmBrew/web_vul/blob/main/M9ERP/M9ERP-filedown-Basics.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44757.md", + "url": "https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44757.md" } ] } diff --git a/2024/47xxx/CVE-2024-47533.json b/2024/47xxx/CVE-2024-47533.json index e6aaa5f1a7b..54868b49a54 100644 --- a/2024/47xxx/CVE-2024-47533.json +++ b/2024/47xxx/CVE-2024-47533.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47533", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cobbler", + "product": { + "product_data": [ + { + "product_name": "cobbler", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 3.0.0, < 3.2.3" + }, + { + "version_affected": "=", + "version_value": ">= 3.3.0, < 3.3.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h", + "refsource": "MISC", + "name": "https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h" + }, + { + "url": "https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0", + "refsource": "MISC", + "name": "https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0" + }, + { + "url": "https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda", + "refsource": "MISC", + "name": "https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda" + } + ] + }, + "source": { + "advisory": "GHSA-m26c-fcgh-cp6h", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/47xxx/CVE-2024-47820.json b/2024/47xxx/CVE-2024-47820.json index 2ff6102ed6f..0e6c6c9600b 100644 --- a/2024/47xxx/CVE-2024-47820.json +++ b/2024/47xxx/CVE-2024-47820.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47820", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Authenticated instructors may download any file on the web server MarkUs is running on, depending on the file permissions. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MarkUsProject", + "product": { + "product_data": [ + { + "product_name": "Markus", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.4.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-wq6v-vx8c-8fj8", + "refsource": "MISC", + "name": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-wq6v-vx8c-8fj8" + }, + { + "url": "https://github.com/MarkUsProject/Markus/pull/7026", + "refsource": "MISC", + "name": "https://github.com/MarkUsProject/Markus/pull/7026" + } + ] + }, + "source": { + "advisory": "GHSA-wq6v-vx8c-8fj8", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", + "version": "3.1" } ] } diff --git a/2024/48xxx/CVE-2024-48896.json b/2024/48xxx/CVE-2024-48896.json index c73302b4b27..6db830684b3 100644 --- a/2024/48xxx/CVE-2024-48896.json +++ b/2024/48xxx/CVE-2024-48896.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-48896", - "ASSIGNER": "secalert@redhat.com", + "ASSIGNER": "patrick@puiterwijk.org", "STATE": "PUBLIC" }, "description": { diff --git a/2024/48xxx/CVE-2024-48897.json b/2024/48xxx/CVE-2024-48897.json index 09ff0a0d072..f2788a33ae3 100644 --- a/2024/48xxx/CVE-2024-48897.json +++ b/2024/48xxx/CVE-2024-48897.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-48897", - "ASSIGNER": "secalert@redhat.com", + "ASSIGNER": "patrick@puiterwijk.org", "STATE": "PUBLIC" }, "description": { diff --git a/2024/48xxx/CVE-2024-48898.json b/2024/48xxx/CVE-2024-48898.json index 4260d1e710b..f9d8374c70c 100644 --- a/2024/48xxx/CVE-2024-48898.json +++ b/2024/48xxx/CVE-2024-48898.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-48898", - "ASSIGNER": "secalert@redhat.com", + "ASSIGNER": "patrick@puiterwijk.org", "STATE": "PUBLIC" }, "description": { diff --git a/2024/48xxx/CVE-2024-48900.json b/2024/48xxx/CVE-2024-48900.json index 59046059190..7431245b927 100644 --- a/2024/48xxx/CVE-2024-48900.json +++ b/2024/48xxx/CVE-2024-48900.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-48900", - "ASSIGNER": "secalert@redhat.com", + "ASSIGNER": "patrick@puiterwijk.org", "STATE": "PUBLIC" }, "description": { diff --git a/2024/48xxx/CVE-2024-48901.json b/2024/48xxx/CVE-2024-48901.json index 65f37112613..6633b5f35fb 100644 --- a/2024/48xxx/CVE-2024-48901.json +++ b/2024/48xxx/CVE-2024-48901.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-48901", - "ASSIGNER": "secalert@redhat.com", + "ASSIGNER": "patrick@puiterwijk.org", "STATE": "PUBLIC" }, "description": { diff --git a/2024/52xxx/CVE-2024-52419.json b/2024/52xxx/CVE-2024-52419.json index 09a33842471..6b8dd8d7d5c 100644 --- a/2024/52xxx/CVE-2024-52419.json +++ b/2024/52xxx/CVE-2024-52419.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52419", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Clipboard Team Copy Anything to Clipboard allows Stored XSS.This issue affects Copy Anything to Clipboard: from n/a through 4.0.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Clipboard Team", + "product": { + "product_data": [ + { + "product_name": "Copy Anything to Clipboard", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "4.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/copy-the-code/wordpress-copy-anything-to-clipboard-plugin-4-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/copy-the-code/wordpress-copy-anything-to-clipboard-plugin-4-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "LVT-tholv2k (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52422.json b/2024/52xxx/CVE-2024-52422.json index 12ddc59a41f..1ecd0f1c8d2 100644 --- a/2024/52xxx/CVE-2024-52422.json +++ b/2024/52xxx/CVE-2024-52422.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52422", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Terry Lin WP Githuber MD allows Stored XSS.This issue affects WP Githuber MD: from n/a through 1.16.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Terry Lin", + "product": { + "product_data": [ + { + "product_name": "WP Githuber MD", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.16.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-githuber-md/wordpress-wp-githuber-md-plugin-1-16-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wp-githuber-md/wordpress-wp-githuber-md-plugin-1-16-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Fazle Mawla (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52423.json b/2024/52xxx/CVE-2024-52423.json index 0e8cc58fe94..9895f32c1d5 100644 --- a/2024/52xxx/CVE-2024-52423.json +++ b/2024/52xxx/CVE-2024-52423.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52423", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Builder allows Stored XSS.This issue affects Themify Builder: from n/a through 7.6.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Themify", + "product": { + "product_data": [ + { + "product_name": "Themify Builder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "7.6.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/themify-builder/wordpress-themify-builder-plugin-7-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/themify-builder/wordpress-themify-builder-plugin-7-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Jo\u00e3o Pedro Soares de Alc\u00e2ntara - Kinorth (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52424.json b/2024/52xxx/CVE-2024-52424.json index 9cb9f47ad33..2c769d82559 100644 --- a/2024/52xxx/CVE-2024-52424.json +++ b/2024/52xxx/CVE-2024-52424.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52424", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Suresh Kumar wp-login customizer allows Stored XSS.This issue affects wp-login customizer: from n/a through 1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Suresh Kumar", + "product": { + "product_data": [ + { + "product_name": "wp-login customizer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-login-customizer/wordpress-wp-login-customizer-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wp-login-customizer/wordpress-wp-login-customizer-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] }