diff --git a/2023/45xxx/CVE-2023-45229.json b/2023/45xxx/CVE-2023-45229.json
index 0b23da5103d..86d73ec104f 100644
--- a/2023/45xxx/CVE-2023-45229.json
+++ b/2023/45xxx/CVE-2023-45229.json
@@ -58,6 +58,11 @@
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h",
"refsource": "MISC",
"name": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
}
]
},
diff --git a/2023/45xxx/CVE-2023-45230.json b/2023/45xxx/CVE-2023-45230.json
index a052729c121..5b1867967f1 100644
--- a/2023/45xxx/CVE-2023-45230.json
+++ b/2023/45xxx/CVE-2023-45230.json
@@ -58,6 +58,11 @@
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h",
"refsource": "MISC",
"name": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
}
]
},
diff --git a/2023/45xxx/CVE-2023-45231.json b/2023/45xxx/CVE-2023-45231.json
index 7ba8e8e0bec..826d9e45d7a 100644
--- a/2023/45xxx/CVE-2023-45231.json
+++ b/2023/45xxx/CVE-2023-45231.json
@@ -58,6 +58,11 @@
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h",
"refsource": "MISC",
"name": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
}
]
},
diff --git a/2023/45xxx/CVE-2023-45232.json b/2023/45xxx/CVE-2023-45232.json
index cff7f3b067a..466bb387243 100644
--- a/2023/45xxx/CVE-2023-45232.json
+++ b/2023/45xxx/CVE-2023-45232.json
@@ -58,6 +58,11 @@
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h",
"refsource": "MISC",
"name": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
}
]
},
diff --git a/2023/45xxx/CVE-2023-45233.json b/2023/45xxx/CVE-2023-45233.json
index 12980769b08..ea9a95916dd 100644
--- a/2023/45xxx/CVE-2023-45233.json
+++ b/2023/45xxx/CVE-2023-45233.json
@@ -58,6 +58,11 @@
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h",
"refsource": "MISC",
"name": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
}
]
},
diff --git a/2023/45xxx/CVE-2023-45234.json b/2023/45xxx/CVE-2023-45234.json
index b8c47680c46..11870c7228c 100644
--- a/2023/45xxx/CVE-2023-45234.json
+++ b/2023/45xxx/CVE-2023-45234.json
@@ -58,6 +58,11 @@
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h",
"refsource": "MISC",
"name": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
}
]
},
diff --git a/2023/45xxx/CVE-2023-45235.json b/2023/45xxx/CVE-2023-45235.json
index be63d69f24f..3cde05f5a21 100644
--- a/2023/45xxx/CVE-2023-45235.json
+++ b/2023/45xxx/CVE-2023-45235.json
@@ -58,6 +58,11 @@
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h",
"refsource": "MISC",
"name": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
}
]
},
diff --git a/2023/45xxx/CVE-2023-45236.json b/2023/45xxx/CVE-2023-45236.json
index 0e9ef06eef6..ed67a7fc713 100644
--- a/2023/45xxx/CVE-2023-45236.json
+++ b/2023/45xxx/CVE-2023-45236.json
@@ -58,6 +58,11 @@
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h",
"refsource": "MISC",
"name": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
}
]
},
diff --git a/2023/45xxx/CVE-2023-45237.json b/2023/45xxx/CVE-2023-45237.json
index 0a066a8fee5..86a9aa9adc8 100644
--- a/2023/45xxx/CVE-2023-45237.json
+++ b/2023/45xxx/CVE-2023-45237.json
@@ -58,6 +58,11 @@
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h",
"refsource": "MISC",
"name": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
}
]
},
diff --git a/2023/49xxx/CVE-2023-49351.json b/2023/49xxx/CVE-2023-49351.json
index eab95eef9ed..3e22a419d27 100644
--- a/2023/49xxx/CVE-2023-49351.json
+++ b/2023/49xxx/CVE-2023-49351.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-49351",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-49351",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A stack-based buffer overflow vulnerability in /bin/webs binary in Edimax BR6478AC V2 firmware veraion v1.23 allows attackers to overwrite other values located on the stack due to an incorrect use of the strcpy() function."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/countfatcode/temp/blob/main/formUSBAccount/formUSBAccount.md",
+ "url": "https://github.com/countfatcode/temp/blob/main/formUSBAccount/formUSBAccount.md"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4969.json b/2023/4xxx/CVE-2023-4969.json
index 9dbdbca4da6..2b9e921323f 100644
--- a/2023/4xxx/CVE-2023-4969.json
+++ b/2023/4xxx/CVE-2023-4969.json
@@ -93,6 +93,11 @@
"url": "https://blog.trailofbits.com",
"refsource": "MISC",
"name": "https://blog.trailofbits.com"
+ },
+ {
+ "url": "https://www.kb.cert.org/vuls/id/446598",
+ "refsource": "MISC",
+ "name": "https://www.kb.cert.org/vuls/id/446598"
}
]
},
diff --git a/2023/51xxx/CVE-2023-51381.json b/2023/51xxx/CVE-2023-51381.json
index 46cc4eed22d..10d4b02971b 100644
--- a/2023/51xxx/CVE-2023-51381.json
+++ b/2023/51xxx/CVE-2023-51381.json
@@ -1,17 +1,168 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-51381",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "product-cna@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Cross-site Scripting in the\u00a0tag name pattern field in the tag protections UI in GitHub Enterprise Server\u00a03.8.12, 3.9.7, 3.10.4, 3.11.2\u00a0allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created\u00a0CSRF tokens. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in all versions of 3.11.3, 3.10.5, 3.9.8, and 3.8.13. This vulnerability was reported via the GitHub Bug Bounty program.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "GitHub",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Enterprise Server",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "changes": [
+ {
+ "at": "3.8.13",
+ "status": "unaffected"
+ }
+ ],
+ "lessThanOrEqual": "3.8.12",
+ "status": "affected",
+ "version": "3.8",
+ "versionType": "semver"
+ },
+ {
+ "changes": [
+ {
+ "at": "3.9.8",
+ "status": "unaffected"
+ }
+ ],
+ "lessThanOrEqual": "3.9.7",
+ "status": "affected",
+ "version": "3.9",
+ "versionType": "semver"
+ },
+ {
+ "changes": [
+ {
+ "at": "3.10.5",
+ "status": "unaffected"
+ }
+ ],
+ "lessThanOrEqual": "3.10.4",
+ "status": "affected",
+ "version": "3.10",
+ "versionType": "semver"
+ },
+ {
+ "changes": [
+ {
+ "at": "3.11.3",
+ "status": "unaffected"
+ }
+ ],
+ "lessThanOrEqual": "3.11.2",
+ "status": "affected",
+ "version": "3.11",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13",
+ "refsource": "MISC",
+ "name": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13"
+ },
+ {
+ "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8",
+ "refsource": "MISC",
+ "name": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8"
+ },
+ {
+ "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5",
+ "refsource": "MISC",
+ "name": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5"
+ },
+ {
+ "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3",
+ "refsource": "MISC",
+ "name": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Johan Carlsson (https://twitter.com/joaxcar)"
+ },
+ {
+ "lang": "en",
+ "value": "Roshan Kudave (https://twitter.com/ROSHANKUDAVE3)"
+ },
+ {
+ "lang": "en",
+ "value": "Sudhanshu Rajbhar (https://twitter.com/sudhanshur705)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.7,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/52xxx/CVE-2023-52041.json b/2023/52xxx/CVE-2023-52041.json
index b1e5ea161d9..555e27b2f53 100644
--- a/2023/52xxx/CVE-2023-52041.json
+++ b/2023/52xxx/CVE-2023-52041.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-52041",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-52041",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://kee02p.github.io/2024/01/13/CVE-2023-52041/",
+ "url": "https://kee02p.github.io/2024/01/13/CVE-2023-52041/"
}
]
}
diff --git a/2023/6xxx/CVE-2023-6395.json b/2023/6xxx/CVE-2023-6395.json
index fb4dad16198..0e697066aa9 100644
--- a/2023/6xxx/CVE-2023-6395.json
+++ b/2023/6xxx/CVE-2023-6395.json
@@ -128,6 +128,11 @@
"url": "https://github.com/xsuchy/templated-dictionary/commit/bcd90f0dafa365575c4b101e6f5d98c4ef4e4b69",
"refsource": "MISC",
"name": "https://github.com/xsuchy/templated-dictionary/commit/bcd90f0dafa365575c4b101e6f5d98c4ef4e4b69"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/01/16/1",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2024/01/16/1"
}
]
},
diff --git a/2023/7xxx/CVE-2023-7234.json b/2023/7xxx/CVE-2023-7234.json
index dc64b514c8d..6df6625eb1c 100644
--- a/2023/7xxx/CVE-2023-7234.json
+++ b/2023/7xxx/CVE-2023-7234.json
@@ -1,17 +1,111 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-7234",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\nOPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-117 ",
+ "cweId": "CWE-117"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Integration Objects",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "OPC UA Server Toolkit",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all versions"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-016-02",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-016-02"
+ },
+ {
+ "url": "https://integrationobjects.com//ask-a-question/",
+ "refsource": "MISC",
+ "name": "https://integrationobjects.com//ask-a-question/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nIntegration Objects has not responded to requests to work with CISA to mitigate these vulnerabilities. Developers using affected versions of OPC UA Server Toolkit are invited to contact Integration Objects for additional information.\n\n
"
+ }
+ ],
+ "value": "\nIntegration Objects has not responded to requests to work with CISA to mitigate these vulnerabilities. Developers using affected versions of OPC UA Server Toolkit are invited to contact Integration Objects for additional information. https://integrationobjects.com//ask-a-question/ \n\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Sam Hanson of Dragos reported this vulnerability to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2024/0xxx/CVE-2024-0200.json b/2024/0xxx/CVE-2024-0200.json
index 482f5fd5a58..1fcf7e36d92 100644
--- a/2024/0xxx/CVE-2024-0200.json
+++ b/2024/0xxx/CVE-2024-0200.json
@@ -1,17 +1,136 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0200",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "product-cna@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability\u00a0could lead to the execution of user-controlled methods and remote code execution. To\u00a0exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role.\u00a0This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')",
+ "cweId": "CWE-470"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "GitHub",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Enterprise Server",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "3.8.13",
+ "status": "affected",
+ "version": "3.8.0",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "3.9.8",
+ "status": "affected",
+ "version": "3.9.0",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "3.10.5",
+ "status": "affected",
+ "version": "3.10.0",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "3.11.3",
+ "status": "affected",
+ "version": "3.11.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13",
+ "refsource": "MISC",
+ "name": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13"
+ },
+ {
+ "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8",
+ "refsource": "MISC",
+ "name": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8"
+ },
+ {
+ "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5",
+ "refsource": "MISC",
+ "name": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5"
+ },
+ {
+ "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3",
+ "refsource": "MISC",
+ "name": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Ngo Wei Lin of STAR Labs"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2024/0xxx/CVE-2024-0507.json b/2024/0xxx/CVE-2024-0507.json
index dc328cd3c85..d7eeff8ecc1 100644
--- a/2024/0xxx/CVE-2024-0507.json
+++ b/2024/0xxx/CVE-2024-0507.json
@@ -1,17 +1,124 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0507",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "product-cna@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-20 Improper Input Validation",
+ "cweId": "CWE-20"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "GitHub",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Enterprise Server",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "3.8.0",
+ "version_value": "3.8.12"
+ },
+ {
+ "version_affected": "<=",
+ "version_name": "3.9.0",
+ "version_value": "3.9.7"
+ },
+ {
+ "version_affected": "<=",
+ "version_name": "3.10.0",
+ "version_value": "3.10.4"
+ },
+ {
+ "version_affected": "<=",
+ "version_name": "3.11.0",
+ "version_value": "3.11.2"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3",
+ "refsource": "MISC",
+ "name": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3"
+ },
+ {
+ "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5",
+ "refsource": "MISC",
+ "name": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5"
+ },
+ {
+ "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8",
+ "refsource": "MISC",
+ "name": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8"
+ },
+ {
+ "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13",
+ "refsource": "MISC",
+ "name": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Imre Rad"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2024/0xxx/CVE-2024-0616.json b/2024/0xxx/CVE-2024-0616.json
new file mode 100644
index 00000000000..205e097094c
--- /dev/null
+++ b/2024/0xxx/CVE-2024-0616.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-0616",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/0xxx/CVE-2024-0617.json b/2024/0xxx/CVE-2024-0617.json
new file mode 100644
index 00000000000..2acbb596b03
--- /dev/null
+++ b/2024/0xxx/CVE-2024-0617.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-0617",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/0xxx/CVE-2024-0618.json b/2024/0xxx/CVE-2024-0618.json
new file mode 100644
index 00000000000..2dc4151c4b9
--- /dev/null
+++ b/2024/0xxx/CVE-2024-0618.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-0618",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/0xxx/CVE-2024-0619.json b/2024/0xxx/CVE-2024-0619.json
new file mode 100644
index 00000000000..f1f1f0c2e0d
--- /dev/null
+++ b/2024/0xxx/CVE-2024-0619.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-0619",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/0xxx/CVE-2024-0620.json b/2024/0xxx/CVE-2024-0620.json
new file mode 100644
index 00000000000..54272b24173
--- /dev/null
+++ b/2024/0xxx/CVE-2024-0620.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-0620",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/0xxx/CVE-2024-0621.json b/2024/0xxx/CVE-2024-0621.json
new file mode 100644
index 00000000000..a3276599ebf
--- /dev/null
+++ b/2024/0xxx/CVE-2024-0621.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-0621",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/22xxx/CVE-2024-22491.json b/2024/22xxx/CVE-2024-22491.json
index 6aa2df15281..53bd6c3dd54 100644
--- a/2024/22xxx/CVE-2024-22491.json
+++ b/2024/22xxx/CVE-2024-22491.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-22491",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-22491",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/cui2shark/security/blob/main/A%20stored%20cross-site%20scripting%20(XSS)%20vulnerability%20was%20discovered%20in%20beetl-bbs%20post%20save.md",
+ "refsource": "MISC",
+ "name": "https://github.com/cui2shark/security/blob/main/A%20stored%20cross-site%20scripting%20(XSS)%20vulnerability%20was%20discovered%20in%20beetl-bbs%20post%20save.md"
}
]
}
diff --git a/2024/22xxx/CVE-2024-22628.json b/2024/22xxx/CVE-2024-22628.json
index b71c9c56868..72b3a43eef4 100644
--- a/2024/22xxx/CVE-2024-22628.json
+++ b/2024/22xxx/CVE-2024-22628.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-22628",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-22628",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end="
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/GaoZzr/CVE_report/blob/main/budget-and-expense-tracker-system/SQLi-1.md",
+ "url": "https://github.com/GaoZzr/CVE_report/blob/main/budget-and-expense-tracker-system/SQLi-1.md"
}
]
}