diff --git a/2024/12xxx/CVE-2024-12043.json b/2024/12xxx/CVE-2024-12043.json new file mode 100644 index 00000000000..afe15f998f4 --- /dev/null +++ b/2024/12xxx/CVE-2024-12043.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12043", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12044.json b/2024/12xxx/CVE-2024-12044.json new file mode 100644 index 00000000000..35d4c2ef11a --- /dev/null +++ b/2024/12xxx/CVE-2024-12044.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12044", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12045.json b/2024/12xxx/CVE-2024-12045.json new file mode 100644 index 00000000000..e2280158168 --- /dev/null +++ b/2024/12xxx/CVE-2024-12045.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12045", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12046.json b/2024/12xxx/CVE-2024-12046.json new file mode 100644 index 00000000000..d5fd3b158d3 --- /dev/null +++ b/2024/12xxx/CVE-2024-12046.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12046", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12047.json b/2024/12xxx/CVE-2024-12047.json new file mode 100644 index 00000000000..f5f9998b5f2 --- /dev/null +++ b/2024/12xxx/CVE-2024-12047.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12047", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12048.json b/2024/12xxx/CVE-2024-12048.json new file mode 100644 index 00000000000..683322e6980 --- /dev/null +++ b/2024/12xxx/CVE-2024-12048.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12048", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/52xxx/CVE-2024-52724.json b/2024/52xxx/CVE-2024-52724.json index 614c4847835..c921925bb8d 100644 --- a/2024/52xxx/CVE-2024-52724.json +++ b/2024/52xxx/CVE-2024-52724.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-52724", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-52724", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/npubaishao/zzcms_sql_injection/blob/main/zzcms_sql_injection.md", + "url": "https://github.com/npubaishao/zzcms_sql_injection/blob/main/zzcms_sql_injection.md" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/npubaishao/768b638ab16b7da6478d028aeb25bbbc", + "url": "https://gist.github.com/npubaishao/768b638ab16b7da6478d028aeb25bbbc" } ] } diff --git a/2024/53xxx/CVE-2024-53484.json b/2024/53xxx/CVE-2024-53484.json index 9f19c9db886..28674c336de 100644 --- a/2024/53xxx/CVE-2024-53484.json +++ b/2024/53xxx/CVE-2024-53484.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53484", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53484", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ever-co/ever-traduora/issues/431,", + "refsource": "MISC", + "name": "https://github.com/ever-co/ever-traduora/issues/431," + }, + { + "url": "https://github.com/ever-co/ever-traduora/pull/432,", + "refsource": "MISC", + "name": "https://github.com/ever-co/ever-traduora/pull/432," + }, + { + "url": "https://youtu.be/8JL89syikLE", + "refsource": "MISC", + "name": "https://youtu.be/8JL89syikLE" + }, + { + "refsource": "MISC", + "name": "https://github.com/yamerooo123/CVE/blob/main/CVE-2024-53484/Description.md", + "url": "https://github.com/yamerooo123/CVE/blob/main/CVE-2024-53484/Description.md" } ] } diff --git a/2024/53xxx/CVE-2024-53617.json b/2024/53xxx/CVE-2024-53617.json index cf7dc4aed2a..4fc1e68703e 100644 --- a/2024/53xxx/CVE-2024-53617.json +++ b/2024/53xxx/CVE-2024-53617.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53617", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53617", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LibrePhotos/librephotos/pull/1476", + "refsource": "MISC", + "name": "https://github.com/LibrePhotos/librephotos/pull/1476" + }, + { + "url": "https://github.com/LibrePhotos/librephotos/commit/32237ddc0b6293a69b983a07b5ad462fcdd6c929", + "refsource": "MISC", + "name": "https://github.com/LibrePhotos/librephotos/commit/32237ddc0b6293a69b983a07b5ad462fcdd6c929" + }, + { + "refsource": "MISC", + "name": "https://github.com/ii5mai1/CVE-2024-53617", + "url": "https://github.com/ii5mai1/CVE-2024-53617" } ] } diff --git a/2024/5xxx/CVE-2024-5890.json b/2024/5xxx/CVE-2024-5890.json index c240d6c7e89..0e5b3de0c00 100644 --- a/2024/5xxx/CVE-2024-5890.json +++ b/2024/5xxx/CVE-2024-5890.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5890", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@servicenow.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website.\n\nServiceNow released updates\u00a0to customers that addressed this vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance(s) as soon as possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ServiceNow", + "product": { + "product_data": [ + { + "product_name": "Now Platform", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "Utah Patch 8 Hot Fix 1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1710511", + "refsource": "MISC", + "name": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1710511" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Alexandre Rodrigo Da Silva" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] }