diff --git a/2017/15xxx/CVE-2017-15364.json b/2017/15xxx/CVE-2017-15364.json index 253b4ce3086..7b76b8dca3e 100644 --- a/2017/15xxx/CVE-2017-15364.json +++ b/2017/15xxx/CVE-2017-15364.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file." + "value": "** DISPUTED ** The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this is not present in version 1.1.0." } ] }, @@ -56,6 +56,16 @@ "name": "https://github.com/evan/ccsv/issues/15", "refsource": "MISC", "url": "https://github.com/evan/ccsv/issues/15" + }, + { + "refsource": "MISC", + "name": "https://github.com/evan/ccsv/commit/24e0b9b94c44a15b23475e821366239d53764dbd", + "url": "https://github.com/evan/ccsv/commit/24e0b9b94c44a15b23475e821366239d53764dbd" + }, + { + "refsource": "MISC", + "name": "https://github.com/evan/ccsv/commit/c59d960ffa6b742a0616a209442618462142e6c1#diff-e39824a4819928ff248d5e90a12d1b311db2923907171cdc0ad7058da12244d9R224", + "url": "https://github.com/evan/ccsv/commit/c59d960ffa6b742a0616a209442618462142e6c1#diff-e39824a4819928ff248d5e90a12d1b311db2923907171cdc0ad7058da12244d9R224" } ] } diff --git a/2021/27xxx/CVE-2021-27285.json b/2021/27xxx/CVE-2021-27285.json index 1e07f2c7d2a..8c477ab5bf2 100644 --- a/2021/27xxx/CVE-2021-27285.json +++ b/2021/27xxx/CVE-2021-27285.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27285", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27285", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/fjh1997/CVE-2021-27285", + "url": "https://github.com/fjh1997/CVE-2021-27285" } ] } diff --git a/2024/13xxx/CVE-2024-13155.json b/2024/13xxx/CVE-2024-13155.json new file mode 100644 index 00000000000..c1eb13e2d0a --- /dev/null +++ b/2024/13xxx/CVE-2024-13155.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13155", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13156.json b/2024/13xxx/CVE-2024-13156.json new file mode 100644 index 00000000000..10a96125bb7 --- /dev/null +++ b/2024/13xxx/CVE-2024-13156.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13156", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/46xxx/CVE-2024-46981.json b/2024/46xxx/CVE-2024-46981.json index 5d5b3fa7f8b..d3ca26efd9b 100644 --- a/2024/46xxx/CVE-2024-46981.json +++ b/2024/46xxx/CVE-2024-46981.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-46981", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "redis", + "product": { + "product_data": [ + { + "product_name": "redis", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 7.4.0, < 7.4.2" + }, + { + "version_affected": "=", + "version_value": ">= 7.2.0, < 7.2.7" + }, + { + "version_affected": "=", + "version_value": "< 6.2.17" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c", + "refsource": "MISC", + "name": "https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c" + }, + { + "url": "https://github.com/redis/redis/releases/tag/6.2.17", + "refsource": "MISC", + "name": "https://github.com/redis/redis/releases/tag/6.2.17" + }, + { + "url": "https://github.com/redis/redis/releases/tag/7.2.7", + "refsource": "MISC", + "name": "https://github.com/redis/redis/releases/tag/7.2.7" + }, + { + "url": "https://github.com/redis/redis/releases/tag/7.4.2", + "refsource": "MISC", + "name": "https://github.com/redis/redis/releases/tag/7.4.2" + } + ] + }, + "source": { + "advisory": "GHSA-39h2-x6c4-6w4c", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/48xxx/CVE-2024-48455.json b/2024/48xxx/CVE-2024-48455.json index 199ca0cd584..cd0bec88167 100644 --- a/2024/48xxx/CVE-2024-48455.json +++ b/2024/48xxx/CVE-2024-48455.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48455", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48455", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a remote attacker to obtain sensitive information via the mode_name, wl_link parameters of the skk_get.cgi component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/users/h00die-gr3y/projects/1/views/1", + "url": "https://github.com/users/h00die-gr3y/projects/1/views/1" } ] } diff --git a/2024/48xxx/CVE-2024-48456.json b/2024/48xxx/CVE-2024-48456.json index fd9385404be..08f36872db9 100644 --- a/2024/48xxx/CVE-2024-48456.json +++ b/2024/48xxx/CVE-2024-48456.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48456", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48456", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a remote attacker to obtain sensitive information via the parameter password at the change admin password page at the router web interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/users/h00die-gr3y/projects/1/views/1", + "url": "https://github.com/users/h00die-gr3y/projects/1/views/1" } ] } diff --git a/2024/48xxx/CVE-2024-48457.json b/2024/48xxx/CVE-2024-48457.json index 4e688c0e288..27171caa8a5 100644 --- a/2024/48xxx/CVE-2024-48457.json +++ b/2024/48xxx/CVE-2024-48457.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48457", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48457", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a remote attacker to obtain sensitive information via the endpoint /cgi-bin/skk_set.cgi and binary /bin/scripts/start_wifi.sh" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/users/h00die-gr3y/projects/1/views/1", + "url": "https://github.com/users/h00die-gr3y/projects/1/views/1" } ] } diff --git a/2024/48xxx/CVE-2024-48956.json b/2024/48xxx/CVE-2024-48956.json index afd0b079c57..e8f4d0bba70 100644 --- a/2024/48xxx/CVE-2024-48956.json +++ b/2024/48xxx/CVE-2024-48956.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Serviceware Processes 6.0 through 7.3 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution." + "value": "Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution." } ] }, diff --git a/2024/51xxx/CVE-2024-51741.json b/2024/51xxx/CVE-2024-51741.json index 0b1219ff497..55a8995af4e 100644 --- a/2024/51xxx/CVE-2024-51741.json +++ b/2024/51xxx/CVE-2024-51741.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51741", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "redis", + "product": { + "product_data": [ + { + "product_name": "redis", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 7.0.0, < 7.2.7" + }, + { + "version_affected": "=", + "version_value": ">= 7.4.0, < 7.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9", + "refsource": "MISC", + "name": "https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9" + } + ] + }, + "source": { + "advisory": "GHSA-prpq-rh5h-46g9", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53933.json b/2024/53xxx/CVE-2024-53933.json index 69b3c14f6cc..d6b84c16fc4 100644 --- a/2024/53xxx/CVE-2024-53933.json +++ b/2024/53xxx/CVE-2024-53933.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53933", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53933", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The com.callerscreen.colorphone.themes.callflash (aka Color Call Theme & Call Screen) application through 1.0.7 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.android.call.color.app.activities.DialerActivity component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/actuator/com.callerscreen.colorphone.themes.callflash", + "refsource": "MISC", + "name": "https://github.com/actuator/com.callerscreen.colorphone.themes.callflash" + }, + { + "refsource": "MISC", + "name": "https://github.com/actuator/com.callerscreen.colorphone.themes.callflash/blob/main/CVE-2024-53933", + "url": "https://github.com/actuator/com.callerscreen.colorphone.themes.callflash/blob/main/CVE-2024-53933" } ] } diff --git a/2024/53xxx/CVE-2024-53934.json b/2024/53xxx/CVE-2024-53934.json index 438c19ea2e3..ad200bd0bd3 100644 --- a/2024/53xxx/CVE-2024-53934.json +++ b/2024/53xxx/CVE-2024-53934.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53934", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53934", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) application through 1.1.2 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.frovis.androidbase.call.DialerActivity component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/actuator/com.windymob.callscreen.ringtone.callcolor.colorphone", + "refsource": "MISC", + "name": "https://github.com/actuator/com.windymob.callscreen.ringtone.callcolor.colorphone" + }, + { + "refsource": "MISC", + "name": "https://github.com/actuator/com.windymob.callscreen.ringtone.callcolor.colorphone/blob/main/CVE-2024-53934", + "url": "https://github.com/actuator/com.windymob.callscreen.ringtone.callcolor.colorphone/blob/main/CVE-2024-53934" } ] } diff --git a/2024/53xxx/CVE-2024-53936.json b/2024/53xxx/CVE-2024-53936.json index 4fbd5d3f0ca..6ae6380e846 100644 --- a/2024/53xxx/CVE-2024-53936.json +++ b/2024/53xxx/CVE-2024-53936.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53936", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53936", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The com.asianmobile.callcolor (aka Color Phone Call Screen App) application through 24 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.asianmobile.callcolor.ui.component.call.CallActivity component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/actuator/com.asianmobile.callcolor", + "refsource": "MISC", + "name": "https://github.com/actuator/com.asianmobile.callcolor" + }, + { + "refsource": "MISC", + "name": "https://github.com/actuator/com.asianmobile.callcolor/blob/main/CVE-2024-53936", + "url": "https://github.com/actuator/com.asianmobile.callcolor/blob/main/CVE-2024-53936" } ] } diff --git a/2024/9xxx/CVE-2024-9774.json b/2024/9xxx/CVE-2024-9774.json index 5c1edc5abd4..7101b57a959 100644 --- a/2024/9xxx/CVE-2024-9774.json +++ b/2024/9xxx/CVE-2024-9774.json @@ -53,6 +53,11 @@ }, "references": { "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332734", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2332734" + }, { "url": "https://discuss.tryton.org/t/security-release-for-issue-93/7889/3", "refsource": "MISC", diff --git a/2025/21xxx/CVE-2025-21616.json b/2025/21xxx/CVE-2025-21616.json index a8d4191af43..eb3f1688265 100644 --- a/2025/21xxx/CVE-2025-21616.json +++ b/2025/21xxx/CVE-2025-21616.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21616", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "makeplane", + "product": { + "product_data": [ + { + "product_name": "plane", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 0.23" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/makeplane/plane/security/advisories/GHSA-rcg8-g69v-x23j", + "refsource": "MISC", + "name": "https://github.com/makeplane/plane/security/advisories/GHSA-rcg8-g69v-x23j" + } + ] + }, + "source": { + "advisory": "GHSA-rcg8-g69v-x23j", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] }