diff --git a/2023/0xxx/CVE-2023-0253.json b/2023/0xxx/CVE-2023-0253.json index 77331188bec..1aab4553dbe 100644 --- a/2023/0xxx/CVE-2023-0253.json +++ b/2023/0xxx/CVE-2023-0253.json @@ -5,84 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2023-0253", "ASSIGNER": "security@wordfence.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via folder names in versions up to, and including, 4.18.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "devowl", - "product": { - "product_data": [ - { - "product_name": "Real Media Library: Media Library Folder & File Manager", - "version": { - "version_data": [ - { - "version_value": "*", - "version_affected": "=" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://wordpress.org/plugins/real-media-library-lite/", - "refsource": "MISC", - "name": "https://wordpress.org/plugins/real-media-library-lite/" - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/950d71ae-29a1-4b71-b74a-b1a5c9f3326e", - "refsource": "MISC", - "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/950d71ae-29a1-4b71-b74a-b1a5c9f3326e" - }, - { - "url": "https://devowlio.gitbook.io/changelogs/wordpress-plugins/real-media-library", - "refsource": "MISC", - "name": "https://devowlio.gitbook.io/changelogs/wordpress-plugins/real-media-library" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Bipul Jaiswal" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", - "baseScore": 6.4, - "baseSeverity": "MEDIUM" + "value": "** REJECT ** **REJECT** Accidental CVE Assignment. Please use CVE-2023-0285." } ] } diff --git a/2024/36xxx/CVE-2024-36424.json b/2024/36xxx/CVE-2024-36424.json index be8266ea02e..dade951ef24 100644 --- a/2024/36xxx/CVE-2024-36424.json +++ b/2024/36xxx/CVE-2024-36424.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36424", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36424", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "K7RKScan.sys in K7 Ultimate Security before 17.0.2019 allows local users to cause a denial of service (BSOD) because of a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.k7computing.com/", + "refsource": "MISC", + "name": "https://www.k7computing.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://support.k7computing.com/index.php?/selfhelp/view-article/Advisory-issued-on-5th-aug-2024-417", + "url": "https://support.k7computing.com/index.php?/selfhelp/view-article/Advisory-issued-on-5th-aug-2024-417" } ] } diff --git a/2024/41xxx/CVE-2024-41910.json b/2024/41xxx/CVE-2024-41910.json index 3daeda59551..1037daae9a6 100644 --- a/2024/41xxx/CVE-2024-41910.json +++ b/2024/41xxx/CVE-2024-41910.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41910", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XXS vulnerabilities in the version of JavaScript used." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "Poly Clariti Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See HP Security Bulletin reference for affected versions." + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_11006981-11007005-16/hpsbpy03960", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_11006981-11007005-16/hpsbpy03960" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.15" } } \ No newline at end of file diff --git a/2024/41xxx/CVE-2024-41911.json b/2024/41xxx/CVE-2024-41911.json index d937ded12f3..7aa411100e9 100644 --- a/2024/41xxx/CVE-2024-41911.json +++ b/2024/41xxx/CVE-2024-41911.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41911", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "Poly Clariti Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See HP Security Bulletin reference for affected versions." + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_11006770-11006795-16/hpsbpy03959", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_11006770-11006795-16/hpsbpy03959" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.15" } } \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7552.json b/2024/7xxx/CVE-2024-7552.json index 471c01fc96c..b7f402039bc 100644 --- a/2024/7xxx/CVE-2024-7552.json +++ b/2024/7xxx/CVE-2024-7552.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7552", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by this vulnerability is the function evaluateVariableExpression of the file ConversionSqlParamValueMapper.java of the component Data Schema Page. The manipulation leads to improper neutralization of special elements used in an expression language statement. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273697 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In DataGear bis 5.0.0 wurde eine kritische Schwachstelle ausgemacht. Betroffen ist die Funktion evaluateVariableExpression der Datei ConversionSqlParamValueMapper.java der Komponente Data Schema Page. Mittels Manipulieren mit unbekannten Daten kann eine improper neutralization of special elements used in an expression language statement-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement", + "cweId": "CWE-917" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "DataGear", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.273697", + "refsource": "MISC", + "name": "https://vuldb.com/?id.273697" + }, + { + "url": "https://vuldb.com/?ctiid.273697", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.273697" + }, + { + "url": "https://vuldb.com/?submit.386413", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.386413" + }, + { + "url": "https://gitee.com/datagear/datagear/issues/IAF3H7", + "refsource": "MISC", + "name": "https://gitee.com/datagear/datagear/issues/IAF3H7" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "nerowander (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/7xxx/CVE-2024-7559.json b/2024/7xxx/CVE-2024-7559.json new file mode 100644 index 00000000000..7a8d16cc858 --- /dev/null +++ b/2024/7xxx/CVE-2024-7559.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7559", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7560.json b/2024/7xxx/CVE-2024-7560.json new file mode 100644 index 00000000000..56732db1891 --- /dev/null +++ b/2024/7xxx/CVE-2024-7560.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7560", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7561.json b/2024/7xxx/CVE-2024-7561.json new file mode 100644 index 00000000000..16fda8b8890 --- /dev/null +++ b/2024/7xxx/CVE-2024-7561.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7561", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7562.json b/2024/7xxx/CVE-2024-7562.json new file mode 100644 index 00000000000..59c1659a5b3 --- /dev/null +++ b/2024/7xxx/CVE-2024-7562.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7562", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file